0xaudron
@0xaudron
Followers
3K
Following
12K
Media
190
Statuses
3K
Fullstack Web3 Audits @ValkyriSecurity
IPFS
Joined July 2018
🚨NPM packages are compromised with malware Your dependencies could be infected right now without you knowing it. Check and scan your repo against 8200+ vulnerable dependencies containing malware from the recent and prior hacks. Scan your project repo in ~3 seconds :
8
93
400
🚨Just dropped the security guide on learning attack vectors leading to Private key leakage : https://t.co/03ZKlVCni7
blog.valkyrisec.com
Private keys represent the ultimate authority in decentralized systems. They control assets, sign transactions, authenticate identities, and anchor an individual’s entire on-chain reputation. Once a...
🔐ALPHA DROP : Your Code Is Audited, Your Keys Aren’t: Why Drains Keep Happening to Web3 Builders and Users https://t.co/7utC6Qeiex
0
3
22
The only reason I don't feel like reporting is because they don't host any bounty program, and even in emails, they don't respond well with respect. Their attitude is more like "They are doing a favor by listening." With such an attitude, no hacker would come forward to help
🧙♂️Random IRL Security Story: I came to somewhere in India, and I was searching for hotels/hostels and there are 2 famous providers who has listings and bookings. So as a hacker, my first instinct is to monitor network requests and tamper price request. However I didn't had luck
0
0
11
🧙♂️Random IRL Security Story: I came to somewhere in India, and I was searching for hotels/hostels and there are 2 famous providers who has listings and bookings. So as a hacker, my first instinct is to monitor network requests and tamper price request. However I didn't had luck
2
0
11
2025 was just of trailer of AI. Excited to see, what it can actually bring in 2026 (especially in web3 space)
1
0
14
This is the wallet checklist. We're auditing implementations. DM me directly or @ValkyriSecurity for audits.
0
0
4
12/ AI/BCI Future - Natural language "swap ETH quietly" - AI plans on/offchain bundle + adversarial threat detection. - Eye-tracking/Neuralink intent reading. Open AI ecosystem.
1
0
4
11/ Dapp Security - ENS → IPFS UIs (DAO-updated) - Chain security scores (stage 1+, audit count) - Paranoid mode: Approve HTTP requests too - Crypto bonds slashed by DAO if hacked/shady
1
0
2
10/ Keystore Upgrades Cross-chain config changes: - Replay messages everywhere you have assets - L1 keystore (L2 reads via L1SLOAD) - L2 keystore (SNARK reads) + recoverable privacy: L=\hash(\sload(s),1)L
1
0
3
9/ Secure Chain Access RPCs lie (fake prices) or dox (activity tracking). > Fix: Universal L1/L2 light clients (Helios + ERC-3668 config contracts). > Privacy: PIR (encrypted queries, Merkle-verified) or mixnets.
1
0
3
8/ Data Wallets Privacy needs offchain storage (Tornado notes, EAS proofs). Use same N guardians + M-of-N secret sharing for data. No single key leak = everything exposed. Quantum-resistant.
1
0
3
7/ Native Privacy - Private balance in privacy pools (Privacy Pools, Railway) - Auto-withdraw from pool on sends - Stealth addresses on receives - Per-dapp addresses (DeFi is not equal to Gitcoin grants) Wallet holds global view of attestations (EAS, Zupass)
1
0
3
6/ In-App Wallet Linking Apps embed wallets (inevitable). Link them hierarchically: primary wallet becomes guardian of all app wallets. Example: Warpcast already does this for Farcaster accounts. One "access control thing" total
1
0
3
5/ Noob Onboarding Don't force 5 guardians at signup. Start 2-of-3: - zk-email (your inbox) - Device passkey - Provider backup - Prompt to add more as assets grow.
1
0
3
4/ Guardian Options - Crypto natives: Friends/family fresh addresses (anonymous, collusion-resistant) - Institutions: Confirmation firms (codes/video calls) - Devices: Phone + desktop + hardware - Passkeys: Device/cloud hybrid - ZK IDs: zk-email, Anon Aadhaar -> prove
1
0
3
3/ Social Recovery Default Primary key: low-value/non-financial ops. N guardians (ex: 5) required for: high-value sends OR changing keys/guardians. Timelocks optional. Session keys + ERC-7715 for app-specific permissions
1
0
3
2/ Gas UX Fixed No ETH on target L2? Wallet uses RIP-7755 to pay gas from any chain you do have ETH. Predicts future activity -> DEX swaps ~2M gas worth ahead of time (cheaper long-term). No manual pre-funding.
1
0
3