es
Feedback
Defendor — DeFi Security

Defendor — DeFi Security

Ir al canal en Telegram
2 302
Suscriptores
+1124 horas
+107 días
+16630 días

Carga de datos en curso...

Canales Similares
Sin datos
¿Algún problema? Por favor, actualice la página o contacte a nuestro gerente de soporte.
Menciones Entrantes y Salientes
---
---
---
---
---
---
Atraer Suscriptores
julio '26
julio '26
+15
en 0 canales
junio '26
+188
en 0 canales
Get PRO
mayo '26
+170
en 0 canales
Get PRO
abril '26
+164
en 4 canales
Get PRO
marzo '26
+69
en 1 canales
Get PRO
febrero '26
+71
en 0 canales
Get PRO
enero '26
+150
en 1 canales
Get PRO
diciembre '25
+302
en 0 canales
Get PRO
noviembre '25
+402
en 4 canales
Get PRO
octubre '25
+123
en 3 canales
Get PRO
septiembre '25
+239
en 0 canales
Get PRO
agosto '25
+125
en 0 canales
Get PRO
julio '25
+565
en 3 canales
Fecha
Crecimiento de Suscriptores
Menciones
Canales
02 julio+4
01 julio+11
Publicaciones del Canal
🚨 AFI Protocol afiUSD Vault Exploit The ~$484K afiUSD vault exploit stemmed from a trojanized Foundry proof-of-concept, not
🚨 AFI Protocol afiUSD Vault Exploit The ~$484K afiUSD vault exploit stemmed from a trojanized Foundry proof-of-concept, not a smart contract flaw. The malicious PoC enabled FFI, executed hidden system commands, compromised a developer's machine, and gave the attacker remote access to drain the vault. 🔗 Details

2
🛡️ CertiK Launches Invite-Only Security Platform CertiK introduced CertiK Hunt, an invite-only platform that brings together
🛡️ CertiK Launches Invite-Only Security Platform CertiK introduced CertiK Hunt, an invite-only platform that brings together bug bounty programs, audit competitions, and AI security challenges, with researchers and projects selected through a review process to improve report quality. The platform launched with GoldfishFi as its first program and will gradually onboard more participants. CertiK also announced the retirement of SkyShield, with existing reports continuing through the normal review and payout process. 🔗 Details
243
3
🗓️ Weekly Web3 Security Roundup: $4.1M Lost Two notable incidents combined for roughly $4.1M in losses across the Web3 ecosy
🗓️ Weekly Web3 Security Roundup: $4.1M Lost Two notable incidents combined for roughly $4.1M in losses across the Web3 ecosystem this week, June 22-28. A full vulnerability breakdown and in-depth analysis of each case is available in the linked report. 🔗 Details
259
4
☠️ 30 Malicious npm Packages Target DeFi Developers SlowMist flagged a coordinated supply-chain campaign using fake trading-b
☠️ 30 Malicious npm Packages Target DeFi Developers SlowMist flagged a coordinated supply-chain campaign using fake trading-bot repos and DeFi-themed npm packages to steal wallet vaults, private keys, and developer credentials. The campaign spans 30 malicious packages, with one locked dependency linked to a repo boasting ~2.3K likely batch-generated forks. 🔗 Details
282
5
🔮 Edel Finance Drained for $403K via Oracle Manipulation Edel Finance, an Aave-fork on Ethereum, lost ~$403K after an attack
🔮 Edel Finance Drained for $403K via Oracle Manipulation Edel Finance, an Aave-fork on Ethereum, lost ~$403K after an attacker flash-loaned 180K USDC and ran a 41x supply/borrow loop to skew the ERC-4626 share ratio of wGOOGLx, inflating its reported price from ~$180 to ~$28K. With massively overvalued collateral, the attacker borrowed out 204K USDC plus tokenized stocks wSPYx, wQQQx, wMSTRx, wNVDAx, and wTSLAx, draining most of the pool's ~$602K TVL. 🔗 Details
501
6
🛡️ EtherFi Outlines Its Multi-Layer Security Approach EtherFi has detailed its security investments, including hardened cros
🛡️ EtherFi Outlines Its Multi-Layer Security Approach EtherFi has detailed its security investments, including hardened cross-chain infrastructure, deprecated chains that fell below security standards, and real-time monitoring with emergency response controls. On the risk side, roughly 50% of assets sit in non-restaked positions with zero allocations to slashable restaking protocols, guided by a principle of being non-custodial and actively defended. 🔗 Details
305
7
📊 June 2026: $81.7M Lost Across 67 Incidents June 2026 saw roughly $81.7M lost to exploits, with $12.7M of that tied to phis
📊 June 2026: $81.7M Lost Across 67 Incidents June 2026 saw roughly $81.7M lost to exploits, with $12.7M of that tied to phishing, marking the highest number of recorded incidents (67) since the start of 2026. 🔗 Details
333
8
🕵️ $250K Atomic Stealer Theft Traced to KuCoin Mule Accounts A community report says a victim of a $250K Atomic stealer thef
🕵️ $250K Atomic Stealer Theft Traced to KuCoin Mule Accounts A community report says a victim of a $250K Atomic stealer theft from August 2025 traced the stolen funds to multiple KuCoin deposit addresses, allegedly tied to accounts opened using purchased mule KYC. The victim later received a legal warning after raising concerns publicly, adding to broader reports of blocked access and alleged illicit fund flows tied to KuCoin. 🔗 Details
321
9
🏛️ Aave Governance Funds Concord Formal Verification Framework Aave governance has approved funding for Concord, an open-sou
🏛️ Aave Governance Funds Concord Formal Verification Framework Aave governance has approved funding for Concord, an open-source framework for formally verifying that smart contract upgrades preserve protocol behavior. 🔗 Details
331
10
🤖 Cantina's AI Auditor Matches Human Audits 100% on Critical Bugs Cantina analyzed 1,610 production runs of Apex, its AI bug
🤖 Cantina's AI Auditor Matches Human Audits 100% on Critical Bugs Cantina analyzed 1,610 production runs of Apex, its AI bug hunter, finding that across 8 codebases with a comparable human audit, Apex matched every critical and high-severity finding, 9/9 and 32/32. Findings scale sub-linearly with compute (doubling adds ~40% more bugs), and on every audit checked, the AI compute needed to match a human audit's crit+high set was orders of magnitude cheaper than the audit's actual cost. 🔗 Details
344
11
🏦 Vault4626 Exploit Drains ~$53K via Double-Pay Bug A custom ERC-4626 Uniswap V3 LP yield vault on Base and Arbitrum lost ~3
🏦 Vault4626 Exploit Drains ~$53K via Double-Pay Bug A custom ERC-4626 Uniswap V3 LP yield vault on Base and Arbitrum lost ~34 WETH (~$53K) after a redeem function double-paid the WETH side of the position, both valuing it via TWAP and transferring the actual WETH. The attacker flash-loaned 1.755M USDC and 12.92 WETH to seize nearly all shares of a small vault, donated WETH to inflate the double-paid balance, then redeemed to drain the position across 3 vaults. 🔗 Details
354
12
🔬 How Formal Verification Caught a Future Risk in Kamino Lending Certora's formal verification flagged a precision loss bug
🔬 How Formal Verification Caught a Future Risk in Kamino Lending Certora's formal verification flagged a precision loss bug in Kamino Lending's exchange rate calculation, where rounding down during division could let a user redeem slightly more liquidity than they deposited. The bug needed a token supply above 2^59 to trigger and wasn't exploitable on Solana at the time, but Kamino patched it anyway using a Mul-Div pattern to round down and prevent future risk. 🔗 Details
346
13
🔥 AIDC Token Exploit Drains $120K via Flawed Burn Logic AIDC on BSC lost 220.12 WBNB (~$120,929) after a flawed burn mechani
🔥 AIDC Token Exploit Drains $120K via Flawed Burn Logic AIDC on BSC lost 220.12 WBNB (~$120,929) after a flawed burn mechanism let the attacker repeatedly burn tokens from the PancakeSwap pair instead of the seller. This artificially deflated the pool's reserves on sync(), letting the attacker drain nearly all WBNB from the AIDC/WBNB pair in a final swap. 🔗 Details
351
14
⚡️ Cantina's AI Catches Chain-Halting Bug in Provenance Cantina's AI Code Analyzer flagged a high-severity liveness bug in Pr
⚡️ Cantina's AI Catches Chain-Halting Bug in Provenance Cantina's AI Code Analyzer flagged a high-severity liveness bug in Provenance's trigger module, where a user could name a transaction trigger block-height or block-time to collide with reserved keys and crash every validator in EndBlocker. Provenance confirmed the issue and shipped a fix in v1.27.1, swapping unsafe type assertions for checked conversions on the consensus path. 🔗 Details
348
15
⚠️ How Input Validation Flaws Caused a $13.4M Hack January's $13.4M exploit of SwapNet worked because its low-level call func
⚠️ How Input Validation Flaws Caused a $13.4M Hack January's $13.4M exploit of SwapNet worked because its low-level call function validated approvals but never checked what the actual call did, letting an attacker swap a router address for USDC and pass transferFrom as the calldata to drain wallets with infinite allowances. Aperture Finance was hit by the same pattern hours later for $3.67M, pushing combined losses past $17M across four chains before SwapNet paused on Base. 🔗 Details
348
16
🌪️ DLMC Exploiter Launders $222.5K via Tornado Cash The DLMC attacker exploited the protocol for ~$222.5K on BNB Chain throu
🌪️ DLMC Exploiter Launders $222.5K via Tornado Cash The DLMC attacker exploited the protocol for ~$222.5K on BNB Chain through price/oracle manipulation, then bridged the funds to Ethereum via Li.Fi and Mayan Swift. The proceeds were swapped and split into 37 ETH worth of Tornado Cash deposits, broken into 10 ETH and 1 ETH notes. 🔗 Details
357
17
🚨 SecondFi Update: 374 Wallets Hit, $2.4M Confirmed Lost EMURGO confirms 374 wallet addresses were affected across 3 attack
🚨 SecondFi Update: 374 Wallets Hit, $2.4M Confirmed Lost EMURGO confirms 374 wallet addresses were affected across 3 attack events on SecondFi, totaling roughly 16 million ADA (about $2.4M) compromised, while ~129 million ADA has already been secured through rescue efforts. Compromised wallets are considered permanently unsafe at the address and key level, so affected users are warned not to restore seed phrases elsewhere, with an official recovery process coming soon. 🔗 Details
363
18
🛡️ Oak Security Launches Free OpSec Academy Oak Security has launched the OpSec Academy, 18 free operational security guides
🛡️ Oak Security Launches Free OpSec Academy Oak Security has launched the OpSec Academy, 18 free operational security guides covering device hardening, key management, multisig operations, CI/CD security, and incident response. The launch also includes an AI-powered OpSec Agent trained on Oak's knowledgebase, built on the idea that the next exploit may target operations, not code. 🔗 Details
369
19
🎯 Sherlock: Why Penetration Testing Is Now Core to Web3 Security Sherlock says protocol risk has moved beyond the contract i
🎯 Sherlock: Why Penetration Testing Is Now Core to Web3 Security Sherlock says protocol risk has moved beyond the contract into wallets, frontends, signing flows, and infrastructure, making penetration testing an increasingly routine part of full security reviews. Their breakdown covers real bugs outside the contract, like malicious dApps smuggling hidden fields into signed messages, and injected wallet providers forging events from the page itself. 🔗 Details
415
20
🔗 Humanity Protocol & Kelp DAO Exploit Funds Linked Funds from the Humanity Protocol exploit and the Kelp DAO exploit report
🔗 Humanity Protocol & Kelp DAO Exploit Funds Linked Funds from the Humanity Protocol exploit and the Kelp DAO exploit reportedly commingled on-chain, suggesting overlap between attackers behind both incidents, according to researcher Zach with help from Specter. Kelp DAO lost ~$292M via its LayerZero bridge on April 18 (allegedly Lazarus Group), while Humanity Protocol lost ~$32M on June 9 after a developer's device was compromised, with the new evidence pointing away from insider involvement. 🔗 Details
378