Yousef

845 posts

Yousef banner
Yousef

Yousef

@yusufthebdev

Blockchain Security Researcher 👨🏾‍💻 Intern @KannAudits

Lagos, Nigeria Katılım Aralık 2025
231 Takip Edilen205 Takipçiler
Sabitlenmiş Tweet
Yousef
Yousef@yusufthebdev·
My name is officially part of a security review report. 🐞 Started this journey with curiosity. Still far from where I want to be. But moments like this remind me the work is compounding. Big thank you to @KannAudits for the opportunity to contribute and learn First of many.
Yousef tweet media
Kann Audits@KannAudits

New security audit report published for @hyperlendx 6 days audit of their Leverage Lending logic. Only 5 Low severity issues found, clean codebase. Read the report below 👇 github.com/Kann-Audits/Ka…

English
4
0
14
235
Yousef
Yousef@yusufthebdev·
My name is officially part of a security review report. 🐞 Started this journey with curiosity. Still far from where I want to be. But moments like this remind me the work is compounding. Big thank you to @KannAudits for the opportunity to contribute and learn First of many.
Yousef tweet media
Kann Audits@KannAudits

New security audit report published for @hyperlendx 6 days audit of their Leverage Lending logic. Only 5 Low severity issues found, clean codebase. Read the report below 👇 github.com/Kann-Audits/Ka…

English
4
0
14
235
0xaudron
0xaudron@0xaudron·
Wait, what happens if there are 3 founders with multi-sig access and 2 dies. And they haven't shared any access to their private key. And the protocol doesn't have option to change the multi-sig parties without 2 threshold. What happens next?
English
9
0
21
2.2K
Guido
Guido@Full_Metal_QR·
The most intelligent men regard a difficult task as a privilege. - Nietzsche
Guido tweet media
English
18
509
3.4K
59K
Yousef retweetledi
LonelySloth
LonelySloth@lonelysloth_sec·
One interesting thing about DeFi is that there are so many integrations that basically every protocol is a potential attack vector for every protocol. You choose protocol X as a target. Actual exploit is flashloan from protocol Y to manipulate an oracle in protocol Z, that will be forwared by protocol A to chain B, triggering an action in protocol C that finally calls protocol X and exploits that rounding issue nobody thought was important.
English
6
6
68
2.3K
Yousef
Yousef@yusufthebdev·
🎯 Day 73 of becoming a top Web3 security researcher ⏳ Hours worked: 3 hours 🔎 Focus: Learning 🔧 Practical work: - Studied post-mortem hacks - Read web3 security articles
English
0
0
14
150
Yousef retweetledi
Arsen
Arsen@arsen_bt·
🚨 A third-party contract just lost ~$3M from 86 Gnosis Safes. The module accepted a public constant string as its only auth, letting the attacker drain every trusting Safe and convert all proceeds to DAI.
Arsen tweet media
English
3
12
60
6K
Yousef
Yousef@yusufthebdev·
The plan doesn’t care about your mood. Consistency wins.
English
0
0
16
110
Yousef retweetledi
Carl Jung Archive
Carl Jung Archive@QuoteJung·
When Carl Jung said: “No matter how isolated you are and how lonely you feel, if you do your work truly and conscientiously, unknown allies will come and seek you.”
English
52
2K
13.2K
207.3K
Yousef
Yousef@yusufthebdev·
🎯 Day 72 of becoming a top Web3 security researcher ⏳ Hours worked: 4 hours 🔎 Focus: Auditing 🔧 Practical work: - Finished @0xapple_ sherlock shadow audit challenge with crestal protocol - Matched 6 of 7 findings (1H/5M) - Studied bug reports - Lessons learnt
English
1
0
16
284
Yousef
Yousef@yusufthebdev·
@jopantechh wishing you a speedy recovery man👊🏾
English
1
0
1
30
jopan
jopan@jopantechh·
day 197 i finally took a day off from auditing fully today due to my health condition didn't get any better. i took a step back and leave auditing today and bed rest the whole day. i still managed to read a few articles on recent web3 hacks postmortems, but not much today.
English
1
0
1
42
Pelz 🕵🏾‍♂️
Pelz 🕵🏾‍♂️@Pelz_Dev·
someone tell bro i’ve been searching too and we’re cooked😅
Pelz 🕵🏾‍♂️ tweet media
English
7
1
44
1.8K
Yousef retweetledi
Afriauditor
Afriauditor@Afriauditor·
I honestly hate playing blame games in times like this. But what the actual fuck is the point of a multisig with 1 of three threshold? The literal point of a multi sig is to have multiple signatures threshold FFS!!!
Blockaid@blockaid_

Suspected Root cause: Private key compromise of a minting multisig owner. The @StablREuro minting multisig had a 1-of-3 threshold - a single compromised key was enough for full control. The attacker: 1. Added themselves as owner 2. Replaced the other 2 legitimate owners 3. Minted 8.35M USDR + 4.5M EURR 4. Swapped ~$10.4M face value on DEXes, realizing 1,115 ETH ($2.8M) due to thin liquidity This is not a smart contract bug - it's a key management and governance failure. This is not a smart contract bug — it's a key management and governance failure.

English
2
1
7
1.2K
Yousef
Yousef@yusufthebdev·
🎯 Day 71 of becoming a top Web3 security researcher ⏳ Hours worked: 3hrs 40mins 🔎 Focus: Auditing 🔧 Practical work: - Continued @0xapple_ shadow audit challenge with crestal protocol - Listened to @bountyhunt3rz podcast
English
0
1
17
421
Yousef retweetledi
Superteam Earn
Superteam Earn@SuperteamEarn·
no one knows this, but i have challenged myself to do bounties until my crush texts first. proud to announce i’ve been doing bounties for 2 years now.
English
8
3
60
1.7K
Yousef
Yousef@yusufthebdev·
@Sir0xGhanem appreciate it man…wishing you the best!😁👊🏾
English
0
0
1
20
Mostafa Ghanem
Mostafa Ghanem@Sir0xGhanem·
🎯Day 1 of becoming a top Web3 security researcher ⏳ Hours worked: 8h 30m 🔎 Focus: Learning
English
1
0
1
42

Keşfet

@abrahamonchain @KannAudits @0xhimxa @WebdevAnas @hyperlendx @0xaudron @Full_Metal_QR @0xapple_