Andy Koo

151 posts

Andy Koo

Andy Koo

@_nd_koo

Senior Security Researcher @hexensio :)

เข้าร่วม Aralık 2019
2.1K กำลังติดตาม444 ผู้ติดตาม
Andy Koo รีทวีตแล้ว
hexens
hexens@hexensio·
Audit Completed: @crosscurvefi Happy to be @crosscurvefi's security parter. Looking forward to working together again in the future.
CrossCurve@crosscurvefi

🛡️ CrossCurve Successfully Completes Second OFT Bridge Audit by @Hexensio As part of its ongoing security efforts, CrossCurve has completed a second audit of its OFT-enabled Token Bridge module, with a focus on further validating system architecture and resilience. 🔍 Audit Results 👇🏻

English
1
1
7
667
Andy Koo รีทวีตแล้ว
hexens
hexens@hexensio·
Cross-chain bridges remain critical infrastructure, proof verification is the core of their security model. New disclosure on our research page: a vulnerability in the Polygon Plasma bridge that allowed transaction proofs to be forged. At the time of discovery, $800M in POL was at risk, exploitable in a single transaction with no prerequisites. The research covers how the proof verification breaks, how the exploit was built, and what it means for bridge security. Full technical deep-dive: hexens.io/research/polyg…
English
7
16
76
10.7K
Andy Koo รีทวีตแล้ว
hexens
hexens@hexensio·
Audits Completed: @roycoprotocol Two consecutive security reviews of Royco - a perpetual risk-tranching protocol dividing yield opportunities into senior and junior tranches. Our assessments covered the core protocol contracts, tranche and kernel mechanics, liquidation bonus mechanisms, and RWA integration alignment. We're glad to support @roycoprotocol 's ecosystem and look forward to working together again in the future. Full reports below:
English
3
3
18
2.3K
Andy Koo รีทวีตแล้ว
hexens
hexens@hexensio·
Audit Completed: @Zharta Security review of Zharta's structured credit order book protocol for ERC20 tokens. Our assessment focused on updated lending contract logic, asset handling, and overall fund safety. We're glad to support Zharta's ecosystem and look forward to working together again in the future. Full report below:
English
1
3
15
9K
Andy Koo รีทวีตแล้ว
hexens
hexens@hexensio·
Breaking Down the TSTORE Poison Bug | LIVE x.com/i/broadcasts/1…
English
0
4
21
2.1K
Andy Koo รีทวีตแล้ว
hexens
hexens@hexensio·
Live Session | Breaking Down the TSTORE Poison Bug The highest grade severity bug in Solidity compiler found by Hexens. Join us as we break down: • What the bug is & how it works • How we found it • How YOU could find it with Glider Going live Thursday, March 12 at 14:00 GMT right here on the Hexens X account.
English
1
7
17
2.4K
Andy Koo
Andy Koo@_nd_koo·
Our team isn’t just strong in Web3. We’ve also got some incredible Web2 experts on board
hexens@hexensio

We recently completed an Advanced Persistent Threat (APT) assessment with @ChainSafeth. They commissioned us to simulate a real attack against their organization, not a standard security audit, but a covert operation run the way advanced threat actors actually work. Using novel technical tradecraft alongside targeted social engineering, we achieved the objective and bypassed multiple layers of defense, including controls that are widely trusted across the industry. Hats off to the @ChainSafeth team, who's significant defences certainly made our team sweat. They've since used the engagement findings to further harden their security posture. The engagement is a clear reminder that organizations need to be ready for adversaries who don't stop at the first layer of defense but work through them methodically until something gives. That's the threat organizations need to be prepared for.

English
0
0
16
1.1K
Andy Koo รีทวีตแล้ว
hexens
hexens@hexensio·
10 years of silence on major SOLC bug front is over TSTORE Poison: a silent tstore/sstore storage corruption bug Full explanation: hexens.io/research/solid… — This is the opening article of our new Research page. There is more come, so stay tuned. — TL;DR: delete ; ~~☠️ — Blast Radius discovery is cornerstone of these kind of incident reports, we have used Glider to scan through all the integrated chains additionally we want to thank everyone for help during the IR: @_SEAL_Org @etherscan @dedaub @danielvf And of course @solidity_lang team for handling the report professionally.
Solidity@solidity_lang

Full bug explainer: soliditylang.org/blog/2026/02/1… Thanks to @hexensio for the discovery and thorough report, @_SEAL_Org and @dedaub for their swift response and help in identifying affected contracts.

English
23
30
158
19K
Andy Koo รีทวีตแล้ว
hexens
hexens@hexensio·
Audit Completed: @KyberNetwork We reviewed Kyber’s Smart Intent protocol, enabling highly customizable automation and delegated actions across DeFi. Our engagement included a review of the protocol’s smart contracts, focusing on intent execution, delegation logic, and overall robustness. Check out the full report below:
English
2
3
13
2.4K
Andy Koo รีทวีตแล้ว
hexens
hexens@hexensio·
Audit Completed: @Zharta Zharta is a permissionless P2P lending protocol for ERC20 tokens with highly configurable loan terms. Hexenes completed two independent security audits of the smart contracts, with a strong focus on core lending logic and overall robustness. Happy to be @Zharta's security partner. 📄 Full reports:
English
2
2
14
1K
Andy Koo รีทวีตแล้ว
hexens
hexens@hexensio·
Audit Completed: @EverclearOrg Everclear is a cross-chain intent protocol enabling permissionless, near-instant swaps across blockchains. Our engagement focused on a full review of the Solana smart contracts, covering core swap logic and security-critical components. Proud to support @EverclearOrg's security as they scale cross-chain liquidity. 📄 Full report:
English
1
2
10
2.4K
Andy Koo รีทวีตแล้ว
Remedy
Remedy@xyz_remedy·
Great news! We’re excited to launch Phase 2 of Glider contest starting from Jan 1st 2026. Best part? It has no end date, more time, more impact. Updated payout amounts: - Legendary $5,000 per query - Epic $2,000 per query - Rare $400 per query with a limited pool of $5K - Uncommon not eligible for rewards, but still triaged All submissions made before 1 January will be triaged and paid out according to the rules of Phase 1 (6 Nov - 31 Dec 2025).
English
10
5
40
10.6K
Andy Koo รีทวีตแล้ว
hexens
hexens@hexensio·
Over the course of the year, we worked across a wide range of security cases spanning diverse systems and architectures. This accumulated experience continues to shape and refine our approach to security. Since our founding, we’ve maintained a record of zero exploited audited projects.
English
2
3
19
8.7K
Andy Koo รีทวีตแล้ว
c1pher ⟠
c1pher ⟠@notsosus_00·
One of the contracts of the @retikfinance is vulnerable to oracle manipulation, Where if a token shows stale price by chain link this contract may get manipulated in very rare cases, this was possible to find due to @xyz_remedy 's glider.
English
0
4
9
1.4K
Andy Koo รีทวีตแล้ว
Hayk Kosyan
Hayk Kosyan@HaykKosyan·
My article “Introduction to cybersecurity in digital assets and cryptocurrencies” is now published by Oxford University Press (Oxford Law Pro). Web3 cybersec is fundamentally different from traditional IT security & that difference matters legally. #Cybersecurity #CryptoLaw 🧵
English
1
5
12
611
Andy Koo รีทวีตแล้ว
hexens
hexens@hexensio·
Hexens completed two audits for @glifio for their upcoming launch of GLIF+ GLIF+ is a novel DeFi mechanism that introduces a Loyalty Rewards program for GLIF users, both Liquidity Providers and Storage Providers. Proud to support @glifio's continued commitment to security. View reports below:
GLIF@glifio

Introducing: GLIF+ 🚀 A loyalty rewards program built on top of the $GLF token, launching first for our @Filecoin users. Read on to learn more 👇👇👇

English
1
7
16
1.7K

ค้นพบ

@areta_io @ethereumfndn @chainlinklabs @NethermindSec @crosscurvefi @Wonderland @push0ebp @snwo_kr