I've been teaching web3 security for several years now, both here on 𝕏 and non discord with @BoringSecDAO. Every day it becomes more clear that while education is important, the only way towards mass adoption is to abstract away as much of this stuff as possible. 1/🧵

🗓️ SEPTEMBER CALENDAR IS HERE! 👇 Let's all have a #SafuSeptember and set a few hours of our month to get educated with #BoringSecDAO's FREE Security Classes! 🫡 Find a Class that suits your schedule, and hop in our Discord (link in bio) to sign-up. See you in class!

🚨Compound Labs Discord appears to be hacked 🚨 Do not interact with any rewards/airdrop links being posted in their discord

DEADLINE EXTENDED for our Adventures of Boredo Art Contest! Submit your artworks before Sept 25, 12PM UTC. Full details on the #artwork channel in our Discord (link in bio). 🫡

BAYCKADA x BORING SECURITY🫡 We're looking forward to welcoming more Filipino Apes into the #BoringSecurity safu squad in our @BAYCKada Web3 Security 101 Partner Class tomorrow. 🇵🇭 See you there, Apes!

How do honeypot tokens on the trending list bypass detections? 🐝🔍 By leaving a backdoor in permit signature verification, they can get any address's approval and transfer assets. 💼🔓

🚨 4 hours ago, someone lost $350k worth of PT-ENA after signing a "approve" phishing transaction.💸

🔒 Get our extension to enhance your security! 🛡️✨ https://t.co/in0eXyJN1g

📝 Phishing ads use dynamic redirects to disguise as official domains.👇

🚨 Phishing Alert: @Polymarket users targeted on Google search! 🔍 Protect your assets—avoid simple mistakes. Get our security extension now! 🛡️✨ Stay safe and alert! ⚠️

It seems today's victim @OnyxDAO (w/ >$3.8m loss) falls prey to a known precision issue in forked CompoundV2 code base. The drained funds include 4.1m VUSD, 7.35m XCN, 5k DAI, 0.23 WBTC, 50k USDT. The bug is exploited to leverage a nearly empty market to manipulate the exchange

🚨 1 hour ago, another victim lost $251k worth of Aave USDC and Aave wstETH by signing multiple "permit" phishing signatures.💸

Address poisoning is on BTC now. The following is one concrete case. The phishing address (address 1) is disguising address 2 to send a small amount of BTC to address 3. Since addresses 2 and 3 have historic transactions, the attacker hopes to trick the owner into copying the

The upgrade issue arises from performing the upgrade by directly invoking initializeV4 without first calling initializeV3. Consequently, _totalOperatorWeight remains uninitialized, allowing the signature check to be bypassed. The upgrade tx: https://t.co/Wa2CAJSVai

A few hours ago, Penpie @Penpiexyz_io , a farming protocol built on the Pendle Protocol, suffered a reentrancy attack resulting in a loss of ~$27M. Since Penpie has been paused, we are now providing a detailed root cause analysis. This is a typical issue due to the lack of

(3/) Clear visualization of fund flow and balance changes

ALERT! Our system has detected hundreds of suspicious transactions targeting @InfernoBullWin since 09/11/2024. This appears to be a typical case of forced investment. While the average loss per transaction is only $1.5K, the total loss has reached ~$440K. As there is no direct

.@OnyxDAO was attacked, resulting in a loss of nearly $4M. The root cause was unverified user input during the liquidation process. Specifically, key parameters of the liquidateWithSingleRepay function in the NFTLiquidation contract were controllable by the attacker, allowing

The Knights are ready to ape ⚔️🍌