Martin

OpSec Best Practices and Real Threats 🚩 If a single mistake can drain the entire treasury, the issue is not just technical - it’s operational. In 2026, the teams that survive are the teams that treat OpSec as product quality. 1/ Transaction Signing Attacks - Bybit (Feb 2025) 2/ Targeted Phishing of Key Operators 3/ Private Key and Seed Phrase Exposure 4/ Multisig Failures / Governance Execution Risk - Radiant Capital (Oct 2024) 5/ Supply Chain Attacks - widely-used npm packages (Sep 2025) 6/ Front-End and DNS Takeovers 7/ Cross-Chain and Bridge Risk 8/ Misconfiguration and Cloud Credential Leakage

The amount of code shipped lately seems to be skyrocketing, so many new great features are being built. This will ultimately result in increased security demand 🫡

You’re entering the most abundant, opportunity-filled phase of your life. Believe in something. Web3 security.

Many Web3 security researchers feel anxious about AI. Don’t. Do what you’ve always done—learn it, use it, make it work for you. AI is leverage, not competition. Real security talent will be needed more than ever 🫡

🚨 OpenClaw Security Flaws When you ship fast to catch the trend, you usually compromise on security 🤔 immersivelabs.com/resources/c7-b…

🚨KeomProtocol was exploited for $94k on Polygon ZKEVM A logic bug in KToken.redeemFresh() caps redeemTokens to the user’s cToken balance after calculating totalSupplyNew with the uncapped value, and never recalculates redeemAmount. This results in minting a tiny amount of cTokens and draining the market’s entire cash balance via redeemUnderlying(). This is a straightforward issue that an audit would catch. Stay safe. 🫡

Ethereum Upgrades in 2026 🔍 1. Glamsterdam - splits proposing vs building. Validators outsource block construction safely. More throughput, better scaling. - predeclare state access for the whole block. Enables parallel execution, faster sync, lower and more predictable gas for heavy apps. 2. Hegotá - introduction of Verkle Trees, a new data structure designed to replace the current Merkle Patricia trees. - reduced storage requirements, allowing nodes to run on cheaper, lower-spec hardware.

@sama similar to historical buildings, new software won't be as great as it was anymore

I have so much gratitude to people who wrote extremely complex software character-by-character. It already feels difficult to remember how much effort it really took. Thank you for getting us to this point.

Fuzzing for Security Researchers 🤠 Starting with basic and fuzz testing in Foundry, then moving to stateful fuzzing with Echidna, Alex shows how stateless and stateful fuzzing can uncover bugs that traditional imperative tests often miss youtu.be/3A7aa5B8aak

Solid teams are pushing way ahead of the present. Hope the crypto space will increase its pace soon 🙏

Phishing and wallet compromises are still the leading cause of crypto losses. Not complex code exploits. Stolen keys, malicious signatures, weak wallet hygiene. Using hardware wallets, separating operational and treasury wallets, and carefully verifying every transaction remain the simplest and most effective defences. 🫡

Everyone’s selling fancy “AI audits” for 4 figures Meanwhile, we’re building supplemental tooling that helps our customers during development and testing, preventing bugs before they ever appear.

@nelsonnets @VenusProtocol 🫡

@ShieldifyMartin @VenusProtocol Good luck with the fix. Imagine if 'working on a solution' meant formal proofs before mainnet. Wild concept, right?

🚨 Earlier today, Venus Protocol's Core Pool on BNB was targeted by a supply cap manipulation attack. @VenusProtocol is investigating suspicious activity involving the $THE pool, with $THE and $CAKE markets affected. On-chain data suggests a flash-loan exploit where an attacker accumulated 84% of the (14.5m $THE) cap over 9 months and used it as collateral to borrow CAKE, BTCB, and BNB, extracting $3.7M.

@aave bullish on Aave Shield

@nelsonnets @VenusProtocol Working on a solution for this

@ShieldifyMartin @VenusProtocol TVL: $1.7B. Security guarantees: *checks notes* ...hope? Without formal verification, you're betting attackers are less creative than your auditors.

Building AI testing solutions for web3 projects this Sunday. Security never sleeps. Neither do builders.

Everyone asks the wrong question 🤔 Not “How much does an audit cost?” Ask “How much will launching without audits cost?”