RT @BuildwithSei: ExVul has secured $2.3B+ in assets and detected 10,000+ onchain incidents. Now, they are supporting builders on Sei, who….

We’re proud to support @SeiNetwork, the fastest layer 1 blockchain with rails purpose-built for high performance digital asset markets. ⚡️. As a global leader in blockchain security, ExVul has secured $2.3B+ in assets and detected 10,000+ on-chain incidents, trusted by top

It’s our great pleasure to work with @AimonicaBrands team!. Security is always a dark forest, but luckily we got partners to walk it through 🫡🫡.

RT @u2u_xyz: That’s a wrap on @gmvn_official – and U2U Network showed UP. U2U Network came in HOT as Platinum Sponsor – and the numbers do….

New smart contract audit report is out, this time for @MangoOS_Network 🥭. Mango is a blazing-fast, multi-VM Layer 1 integrating +MoveVM, +EVM, and +SVM — aiming to solve liquidity fragmentation at the root with an architecture built on Move, OPStack & ZK Rollups 🔁🧠. We found 1

our great pleasure to support @u2u_xyz chain! . The one and the only layer 1 backed by The Vietnam government. Come join us at 8.2 in Hanoi for the GM Vietnam after party!.

congrats folks being successfully live on mainnet!. our pleasure to secure the first botanix-native prep dex!.Let's have fun!.

RT @u2u_xyz: Security check ✅. U2U Network passed the test with THREE elite Web3 security squads: @exvulsec, @Hashlock_ & @SlowMist_Team. →….

🚀 @MangoOS_Network × ExVul. Securing the next-gen omnichain Layer 1 infrastructure 🛡️. We’re proud to announce our smart contract audit partnership with Mango Network — a high-performance, multi-VM Layer 1 integrating MoveVM, EVM, and SVM. With groundbreaking architecture that

Big congrats on our partner @DelphinusLab being listed on the Binance alpha! 🏆🏆. We have partnered for a long run and it's our honor to see more and more of our clients get to known by the world. Once again, congrats guys! From here only upward!

🚨 ALERT: @ArcadiaFi Exploited on Base for ~$2.5 Million 🚨. @ArcadiaFi has been exploited on the Base network, resulting in a loss of approximately $2.5 million. The attacker swapped the stolen tokens for ETH and subsequently bridged them from Base to the Ethereum . All of the

At ExVul we treat recruiting 🪧like vulnerability hunting: the real prizes🏆 are rarely sitting in plain sight. We scour hackathons, contest leaderboards, and obscure Git commits for sharp minds—and they often track us down first. The result? A crew built on curiosity, not.

ExVul IOP Victory Lap🏆. Back-to-back @immunefi IOP wins! . ExVul ranked Top 2 in both the Paradex @tradeparadex and Term Structure Institutional (TSI) @TermMaxFi IOPs, proving our researchers can duel it out with the best. Scoreboard. • Paradex: 1 Critical.• TSI: 2.

The moral. Design can fail louder than code. A single misplaced .call plus a generous accounting rule turned GMX’s vault into an ATM. If your protocol mints or redeems against “book value,” remember: attackers can rewrite the books faster than you can say commit. Stay safe.

Anatomy of the failure. • External .call with no guard.• Leverage flag flipped after the call—state not atomic.• AUM formula vulnerable to instant, unpriced P/L swings.

Finish line at 12 : 42 UTC. Final haul: ≈ 11 700 ETH routed to fresh wallets. Vault short $40–42 M. Runtime? About a coffee break.

Eight spins of the wheel. The contract loops this dance eight times, cycling tokens to dodge slippage limits. Every round mints GLP, spikes AUM, redeems, repays the flash-loan, pockets the surplus.

Why the math prints money. In GMX, unrealised losses from global shorts are counted as vault assets. Open a huge short → AUM spikes → each GLP now redeems for a fatter slice. The attacker simply cashes the delta.

A flash-loan symphony. Within that callback the attacker:. 1️⃣ Borrows USDC via Uniswap V3 flash-loan. 2️⃣ mintAndStakeGlp()—adds fresh GLP. 3️⃣ increasePosition()—opens a massive short, instantly inflating the vault’s AUM. 4️⃣ unstakeAndRedeemGlp()—asks for WBTC (or