Seeyuh Security

On chain security has never been so important. #Seeyuh

Seeyuh

Sweat Economy (@SweatEconomy) Security Incident Report Report Date: April 30, 2026 Severity: High (Contract Vulnerability Exploitation – Mitigated) 1. Executive Summary On April 29, 2026, at approximately 13:36 UTC, the SWEAT token contract of Sweat Economy (a Move-to-Earn project on @NEARProtocol) was exploited. The attacker drained approximately 13.71 billion SWEAT (roughly 65% of total supply, valued at approximately $2.5M–$3.5M at the time of the incident) from the project’s Foundation wallet and top holder addresses within 30 seconds. Blockaid provided real-time detection and alerts. The team responded swiftly: the token contract was paused, external user balances were fully restored, and operations have since returned to normal. No permanent loss was incurred by external users. 2. Impact - Direct Loss: ~13.71 billion SWEAT (65% of total supply). - User Impact: Zero permanent loss — all external user balances were fully restored. - Project Impact: Temporary contract pause and Foundation wallet depletion; short-term reputational and market sentiment effects, though $SWEAT price remained relatively stable. - Broader Context: This incident is part of the ongoing 2026 DeFi security wave, which has seen total losses exceed $800M. 3. Project Response and Recovery - Immediate contract pause to prevent further drainage. - Coordination with exchanges and liquidity providers to freeze attacker funds. - Rapid deployment of a patched contract and full restoration of user balances. - Ongoing actions include formal incident reporting to law enforcement, comprehensive forensic analysis, and a full post-mortem audit. 4. Root Cause Analysis (Preliminary) The vulnerability stemmed from the April 27 contract redeployment, which introduced the refund_first and refund_second functions without sufficient security review. This represents a classic case of zero-day vulnerability introduced during contract upgrade combined with centralized control of the Foundation wallet. 5. How Seeyuh Can Prevent Incidents Like Sweat Economy Seeyuh is the production evolution of the OpenAI Hackathon Champion project SEEYUH, an Agentic Zero-Day Vulnerability Guardian powered by the OpenAI Agents SDK. Unlike traditional static analyzers, Seeyuh functions as an AI-powered Red Team that thinks and simulates attacks like a real adversary. In the context of the Sweat Economy incident, Seeyuh delivers proactive defense through: - Pre-deployment Scanning: Before any contract redeployment (such as the April 27 update), Seeyuh’s agents automatically analyze new functions (refund_first/refund_second), simulate drain/refund attack paths, and surface zero-day risks with executable PoC. - Attack Chain Simulation: One-click reproduction of the full exploit sequence — “malicious refund call → mass drainage → exchange laundering” — enabling teams to identify and fix issues prior to mainnet deployment. - Real-time Monitoring: Post-deployment surveillance of Foundation wallets and token contract calls, with instant alerts on anomalous patterns. - Rapid Forensic Analysis: Input a transaction hash to automatically reconstruct the attack path, identify the root cause, and generate remediation recommendations. Seeyuh’s Core Positioning: We transform DeFi security from reactive firefighting to proactive defense. By leveraging agentic intelligence, Seeyuh helps projects like Sweat Economy eliminate zero-day vulnerabilities — such as those arising from contract upgrades — before they result in multi-million-dollar incidents. Ready to safeguard your protocol? Scan your contracts for free today at Seeyuh.com Seeyuh — Turning passive audits into active, intelligent protection.

@OpenAIDevs we are so back.

We’re so back.

@OpenAI We are building on-chain security infra at Seeyuh. seeyuh.com #OpenAIDevDay2026 x.com/versatilitylab…

Want to secure an early ticket to OpenAI DevDay? Build something with GPT-5.5 and Image Gen. Each week, we’ll select 2–3 favorites to win free tickets to OpenAI DevDay 2026. Codex will help us find the best submissions and our team will select the winners. Reply with #OpenAIDevDay2026, a playable link, and a quick note on how you built it.

OpenAI DevDay is back. San Francisco September 29

this is so good: paulgraham.com/kids.html

After discussions with several stakeholders, Aave service providers, @Ether_fi, @KelpDAO, @LayerZero_Core, @compound_xyz, and others have submitted a governance proposal to the @arbitrum DAO requesting the release of ETH frozen by the Arbitrum Security Council following the April 18 rsETH incident. If released, the funds will be directed into DeFi United, a coordinated cross-protocol recovery effort aimed at restoring rsETH backing and remediating impairment of rsETH for users. This contribution would meaningfully advance the path to resolution as others confirm their commitments. The proposal is open for review, and we welcome feedback from the Arbitrum community. forum.arbitrum.foundation/t/constitution…

🛡️🦸🏼

@AlexAuroraDev @litecoin A clear reminder that lower-hashrate chains remain vulnerable to deep reorgs, especially when cross-chain protocols assume fast finality.

10h ago @litecoin experienced a coordinated attack on the chain that resulted in 13 blocks reorg that took more than 3h to generate. During this time attackers were performing double spend attacks on multiple cross-chain swapping protocols. We are investigating the situation.

This zero-day + invalid MWEB peg-out incident is exactly why we built Seeyuh. Our agentic system proactively scans for and simulates these kinds of edge-case exploits in bridges, peg mechanisms, and consensus code — before they hit production. Kelp/Aave-style collateral exploits and now Litecoin’s MWEB zero-day show how fast these attacks move. Real-time agentic red-teaming is no longer optional. Glad Litecoin recovered cleanly. Respect for the transparency.

Sorry to see the $113k drain @esotericpigeon — private key leaks from "trusted" connected tools like Axiom and J7Tracker are brutal because they often happen silently without a classic malicious signature. This is exactly the kind of sophisticated, permission-based exposure that Seeyuh was built to catch early. Our agentic system proactively scans and simulates attack paths across the dApps and protocols you connect to, surfacing zero-day risks before funds walk. Hot wallet opsec in the trenches is getting harder every month. Tools that actively red-team your connections (instead of just reacting) are quickly becoming table stakes. Wishing you a fast bounce-back and stronger security setup going forward.

True resilience requires cryptographic guarantees: immutable onchain provenance for model weights, and ZK-verifiable safety audits to avoid single points of failure.

@sama Using frontier models to harden critical open-source software and infrastructure is the right direction.

Our Principles: Democratization, Empowerment, Universal Prosperity, Resilience, and Adaptability openai.com/index/our-prin…

"post-AGI, no one is going to work and the economy is going to collapse" "i am switching to polyphasic sleep because GPT-5.5 in codex is so good that i can't afford to be sleeping for such long stretches and miss out on working"

GPT-5.5 is now available in Cursor! It's currently the top model on CursorBench at 72.8%. We've partnered with OpenAI to offer it for 50% off through May 2.