EthSecurity

- Coinbase thinks vibe-coding 50% of its platform is a good idea. - link - Paradigm’s Reth Client Bug Briefly Freezes Ethereum Mainnet Nodes. - link - Phished Founder, Liquidated Thief by Rekt. A rollercoaster of a $13M theft and recovery through a swift governance action by Venus Protocol. - link @EthSecurity1

- A Developer’s Guide to Building Safe Noir Circuits - link - How to Recover Your Browser Wallet Extension from a Sudden Failure? - link @EthSecurity1

https://www.youtube.com/watch?v=_T4OyfUoJ1I @EthSecurity1

https://www.reddit.com/r/Monero/comments/1u1tt1p/psa_critical_p2pool_security_update @EthSecurity1

- A theory of Lending Protocols in DeFi - link - LLM-Augmented Explanations for Graph-Based Crypto Anomaly Detection -link - Unexpected security footguns in Go's parsers - link @EthSecurity1

OpenMonero hacked again! 200 XMR stolen @EthSecurity1

How a hacker stole $1.34M from Raydium: - finds a bug inside Raydium's old 2021 code - targets 5 forgotten liquidity pools that were no longer being used. - generates fake ownership receipts to trick the system. - convinces the old program/code that he has liquidity that he never deposited. - withdraws real funds from the pools walks away with: > 150,177 $RAY > 5,603 $SOL > 893,700 $USDC @EthSecurity1

Raydium’s Legacy AMM V3 Exploited for $1.34 Million via LP Mint Validation Flaw @EthSecurity1

flash-loan exploit on mainnet for ~0.3225 ETH from the $SHIP Rootcause: $SHIP (Shina Printer) is an auto-reward token: it accrues an ETH "tax" and pays holders dividends in $SHI. To fund payouts, its distributor (0xa4EcC3c0…) market-buys $SHI on a Uniswap pool , with ZERO slippage protection. Attack TX: https://etherscan.io/tx/0x9868536a8c5b0414a5b6ef8fc534cb9cb8d7b6aa748d6a038f03228c529e8b2f @EthSecurity1

$TOP hacked for $1.59M Rootcuases: The attacker acquired more than 50% of TOP voting power, due to the token’s low market value, execute a governance proposal that minted a large amount of TOP to themselves @EthSecurity1

- What Are BLS Signatures and How Do They Work? - link - Pairing-Based Cryptography Demystified: A Deep Dive into Elliptic Curves - link @EthSecurity1

Syscoin hacked FOR 5B SYSCOIN An attacker exploited a validation issue in the bridge flow that resulted in an unauthorized SYS output being created on the UTXO side. The affected funds were moved and split after reaching the UTXO chain. We are actively tracing those funds and coordinating with exchanges and ecosystem partners to prevent the tainted outputs from being deposited, traded, or further distributed. @EthSecurity1

seems fixedfloat lock assets and never take back to users. do you verify it? @EthSecurity1

Why ZKTLS to TEE-TLS? - link - zcash exploit breakdown @EthSecurity1

Gravity Bridge did not offer a white-hat bounty. It did not send an on-chain message to the attacker. Hacker have money without legal problems @EthSecurity1

- ZK Math 101: Rings and Fields - link - Introducing sol-azy: A CLI Toolkit for Solana Program Static Analysis & Reverse Engineering - link - Move Bytecode Symbolic Execution Engine. -link @EthSecurity1

seems ZEC exploited to Mint unlimited supply and some influencers try pump to offload tokens @EthSecurity1

ATM token hacked for ~$243K Rootcause: transferFrom() includes logic to swap 20% transfer amount of ATM for BSC-USD, so the attacker can repeatedly swap out extra after transfer. @EthSecurity1

- Permanent Chain Split in Movement Full Node: Anatomy of a $6,710 Critical Vulnerability That Required a Hard Fork - link - The first two known exploits against live ZK circuits happened - link @EthSecurity1

HackerOne already stole all the researchers’ reports to build their AI agent, while they keep lying to us. they’re openly bragging about using 12+ years of real-world vulnerability data + your prior H1 Bounty findings to train their Hai agentic AI system. They built specialized recon, scanning, and exploit agents that follow the exact same workflow real researchers use at machine scale. All that knowledge researchers poured into the platform for years? Now it’s powering their proprietary AI product. And they still act like they’re the good guys protecting the hacker community. Fuck HackerOne. Stop feeding the machine that’s going to replace you. https://www.hackerone.com/product/h1-continuous-testing @EthSecurity1