Karlo Hubak 🏖️ 💻

@v4rvl @AMLBotHQ @aztecnetwork hopefully.

@khubak @AMLBotHQ @aztecnetwork Whitehat supposedly, they will be returning the funds?

It seems that old @aztecnetwork were exploited for $2.1M. An address funded by Tornado Cash has created several contracts and extracted different tokens and ETH.

@v4rvl @AMLBotHQ @aztecnetwork same guys that have drained raydium recently, most probably

@AMLBotHQ @aztecnetwork rip. and they have a bounty on cantina bombardina.

@tekbog truer words havent been spoken.

quit ur 9 to 5 job so u can work in startups 9 to 9 and then quit ur startup job so u can work 24h/7d on ur own startup follow me for more life ruining tips

happens to the best of us

@lonelysloth_sec @asen_sec @immunefi Kind of answer only a top rank could give, brother covered subquestions I haven't even written. 💜 One more, if it is not too much trouble.. What would be the top learning resources for Blockchain/DLT layer for the newcomers, kind of what Solodit is for Smart Contract layer?

Very little automation. I use LLMs mainly for math, as a proxy for docs, and as google. But I dont trust it much and Im not sure its actually helping. Theres always been people brilliant with automated tools — and the automated tools got better. I’ve always been more a “stare at code” hunter. I don’t see it changing fundamentally for me. Doesn’t mean I dont experiment and try. But can’t say I got very good results with it. Keep in mind Im very focused on the highest paying bugs. Lower paying bugs are a different thing. And web2 is a whole other game. Automation has been much more central in web2 even before LLMs.

This Security Researcher has earned $3,612,409 hunting bugs on Immunefi. 32+ live critical vulnerabilities found, saving hundreds of millions of dollars from hacks. Meet @lonelysloth_sec, ranked Top 5 all-time on @Immunefi. We asked him how he does it. One practical bug bounty strategy that has helped him find better bugs: "Protocols share a lot of code. When you find a bug that isn't exploitable, take some times to check if the same bug doesn't show up in other protocols where it might be. Study families of protocols, compare their code. Things are getting more and more interconnected." The habit, routine, or mindset that has made him more consistent as a researcher: "Curiosity. I don't rest until I understand every part of the system. Even if I end up not finding a bug, I want to understand it." A memorable bug or win, and what helped him find it: "I have quite a few public disclosures, but for one project between '24 to '25 I got paid for 9 critical bugs. I spent months getting to know every last detail of their (very large) code base. More than a breakthrough it was about persistence in one target, learning everything about it, and using everything I knew on it. They weren't the highest paying bugs I found, but I'm very proud of that achievement. I still find bugs in that project." His advice to a researcher trying to level up or land their first bounty: "Find motivation in the journey, because it's a long one. Enjoy understanding something that previously was mysterious to you, the feeling of knowledge accumulating. It compounds and will eventually lead to your bounties. Keep trying -- you need to give luck a chance to find you."

@lonelysloth_sec @asen_sec @immunefi How much of your workflow is AI-assisted and/or automated today? For the newcomers coming in, should they spend more time building the automated tooling or do things the old fashioned way, by your estimate? Thanks for the reply 💜

@asen_sec @immunefi Still finding bugs

@immunefi Make me eligible for Immunefi Studio, thank you 💜

Read the full breakdown: immunefisupport.zendesk.com/hc/en-us/artic…

You're going to waste the summer. Not because you're lazy. Because summer makes losing momentum feel harmless. And by the time September shows up, "I'll lock in soon" has already cost you 3 months of your life. This summer, use it. Today, we're launching SR Summer 🏖️💻 A challenge for security researchers who want to spend this summer turning their skills into actual money. The goal is not just to tell you to "hunt harder." It's to help you get better at the parts of security research that actually affect your results. Which programs should you spend time on? How do you choose targets with a higher chance of meaningful findings? How do you structure your research process? How can AI help you move faster? How do you write reports that are easier to review, and more likely to communicate impact clearly? That is what SR Summer is about. The full breakdown is below. Don't read it in September.

not switching models effectively depending on the task is -EV.

@pashov btw, how big was the codebase in total?

@khubak It's a single run nSLOC? 1500-2000

pashov/skills v3 with the results on a security contest from a year ago. Most AI Skills will never reach recall as high as this. People will see this and still won't use the free skills, then get hacked with an insanely stupid vulnerability. You can't save them all I guess...

@pashov pretty impressive, congratz to you, @0xFireFist and the rest of the crew!

@matija_sol open to games also.

@matija_sol my DMs are open if anybody (at least thinks) he/she found an edge on the market and is looking for a co-founder.

Pivot into private AI perp-diction markets Go into debt if you have to

@AndreaKovacic @JupiterExchange @JupiterExchange 100x is coded with this one!

🚨Mayday Houston, we have a visibility problem. I'm trying to reach @JupiterExchange and land in the Product Marketing region, but I'm getting low on visibility fuel and not much food left either. On board: a technical soul with 7+ years of Crypto Marketing experience (wtih BD & research hats), a finance background, a developing degen streak, a track record of successful product launches, and 2 baby startups. Help Andrea and his precious cargo reach the destination safely by sharing and tagging someone from Jupiter. 👨‍🚀🫡

@Omisanin0 @immunefi congratz!

Thanks @immunefi. Full writeup on the finding coming soon.

@ridark_eth yeah, agents were totally a thing 5 years ago.

A 30-year-old solo developer decided to stop chasing trends and made $77,000 in a single month He built 35 different micro-SaaS startups while working completely on his own He didn't build complex AI agent teams He just paired a basic code editor with a single AI chat window Every single day, he follows a military-like routine: wakes up at 6 AM, hits the gym, and locks in For 4 to 6 hours straight, his phone is completely off. Zero social media, zero emails. Just pure deep work He doesn't even check bug reports or customer support in the morning to keep his focus clean Out of 35 startups he launched, 30 completely failed and made $0 But one single project (Trustm) now generates over $35,000/month alone His main secret? He ships features immediately instead of polishing them for months I recommend reading the article below

@matija_sol Acknowledged on the PoC — valid finding, but it sits outside the protocol's threat model as scoped. No action item on our side. 🍉

After a 14h grind they told me my idea for new accounting software that saves the city six figs a year is “not an idea, but a project” so I was out of the running Then had to watch first-prompt Claude ideas pitch for two hours after which the guy they knew from before won This is why we created @SuperteamBLKN

@MarioNawfal dafaq

🇨🇳 China accidentally invented a closed-loop economy: young men default to delivery, young women turn to livestreaming. Streamers spend on food and makeup, delivery guys spend their salaries on stream gifts, and somehow the whole thing sustains itself.

@v4rvl just need claude to not let me down in the next 24h 😅

Codex has been dying on me since yesterday. Stuck on closing the agents, reopening them and seems more slow than usual x)

@0xcastle_chain testnet contract attacks?

3 weeks of Solana Audit Arena. zero prizes. let me show you what happened 3 real protocols put under the lens 5 researchers ranked on a leaderboard that started at zero findings that would've drained live treasuries if they'd hit mainnet a community that showed up because the work was the reward all of it free. all of it open. in the next week, we will have real prizes. and one technical shift nobody on this timeline is expecting. first researcher to guess what the shift is gets a guaranteed slot in monday's reward pool drop your guess in the replies hint: it's what every serious solana team is migrating to in 2026🧠