Ship safely and securely. If you're looking forward to audit your supply chain (Github CI/CD, dependencies, integrations). 📩Feel free to reach us out via DM, or via Telegram. Telegram :

3. What to do ? .Extension should be analyzed properly before installing, since the risk is your funds. As the saying goes: "Never trust, verify". This quote was actually meant. Verify the publisher, and specially typo squatting based stuff needs thorough review.

2. The Confusion Factor ?.Attackers publish lookalike extensions across these different ecosystems, betting on brand mimicry, fake downloads. So the real extension might exist on Microsoft Marketplace, but not on Open VSX. Example of recent case with Solidity extension.

1. Where Extensions Come From ? .> VS Code : > VS Codium, Cursor and other forks : So many forks (like VS Codium and Cursor) don't have access to Microsoft’s marketplace (due to licensing) and instead use Open VSX.

🚨Analysis of Extension Confusion Attack:. Recently there has been rise in "malicious extensions" which are draining crypto wallets. And how top extension names like Solidity and Hardhat came in leading to a known small heist of $500k ;). Let's analyze the core reason behind it.

gm gm, folks.

Valkyri is here to guide protocols through the journey of secure development. From first line of code to mainnet deploy/prod and beyond. Let’s raise the bar for Web3 security. Together. ~ Valkyri.

4. Our values: .- Mentorship: We’re committed to guiding new auditors and lifting up emerging security talent.- Open Collaboration: We’ll share tools, research, and writeups to strengthen the ecosystem.- Support for early stage protocols (cost effective).

3. Our edge? .We're researchers, engineers, and hackers with deep experience in both traditional systems and blockchain security. We know where protocols break because we’ve broken them.

2. We believe real decentralization demands secure infrastructure at every layer. That’s why we audit the entire stack: .- Infrastructure (Backend, API, Frontends, AD, Integrations, cloud).- DevOps.- Onchain code.- Mobile Apps.- Wallet. Security is not modular, it’s holistic!.

🔐Introducing Valkyri: Full Stack Web3 Security firm :🧵. 1. Security doesn't start onchain, it starts at the foundation. Valkyri is here with new approach on a mission to protect Web3 protocols from the ground up from Web2 infra to smart contracts!