1/ Allow us to introduce ourselves with our new name: Areta - where the pursuit of excellence ('Arete') meets mastery of efficiency ('Eta'). As a leading crypto investment bank firm, we’re driven by the mission to support leaders of the open economy. Here’s who we are 🧵🧵

One of the most recurring themes in our research: teams are overindexing on audits. This pattern risks turning audits into the first real test, rather than one of many lines of defense. As @Olympix_ai CEO @ChanniGreenwall highlighted in our report, audits should be a final

Smart contract audits, unlocked for @soneium builders.

6/ In short, crypto security demands more than perfect code. It calls for a cultural shift toward always-on, layered defense as protocols become more complex and interconnected. If your entire security strategy is a one-off audit report, you’re not actually protected, just hoping.

5/ We discovered that the industry needs to rethink “secure by design.” It’s not a box to tick but a continuous commitment, covering key management, access control, infrastructure, and even user behavior to guard against evolving threats.

4/ Many projects depend too much on audits done at one moment in time. But our analysis shows that security threats evolve constantly. An audit done once doesn’t equal secure forever, it’s like locking your front door but leaving the windows open tomorrow.

3/ Private key compromises are on the rise, too. They made up 43.8% of stolen value in 2024, up from 33% in 2023. This is critical because typical code audits don’t cover key management risk, which means a huge security blind spot remains.

2/ Non-code exploits, like broken access controls and infrastructure weak spots, now account for 91.5% of stolen funds in 2024, up sharply from 71.7% the year before. Attackers are moving faster than many security protocols can adapt. Security teams, beware.

1/ The State of Crypto Security 2025 uncovers a big shift in crypto hacks: in 2024, only 8.5% of value stolen came from code exploits, down from 28.3% in 2023. This means attackers aren't just exploiting code flaws anymore, they're finding other ways in.

@GalSagie @HypernativeLabs Read the full report here :

One of the most overlooked gaps in Web3 security today: teams focus heavily on getting to launch, but treat what comes after as an afterthought. Yet, history shows us that the majority of exploits happen post-deployment, not before. As @GalSagie, CEO of @HypernativeLabs, puts

Important info:. -> Apply before July 7, 23:59 UTC : -> Find more information here: -> Builders TG Group:

4/ Reminder:. → Submit your application now to make sure you're in. → Only complete applications will be reviewed. → No deadline extensions.

3/ What you get:. → Up to 100% of audit costs covered.→ Curated list of high-quality audit providers.→ Competitive quotes through Areta’s marketplace.→ Hands-on guidance throughout the process. All with zero platform or sourcing fees.

2/ The Uniswap Foundation Security Fund (UFSF) supports top builders with essential security coverage. All projects building with the Uniswap v4 Hooks, deploying on the Unichain, or building in the Uniswap ecosystem are eligible for high-quality audit support with up to 100% of.

1/ The UFSF July Cohort is currently accepting applications - apply today to receive up to 100% coverage for your smart contract audit. If you’re building in the Uniswap ecosystem, you may be eligible for up to 100% subsidy on your next smart contract audit. → Deadline: July 7,

5/ Ultimately, the report calls for a mindset shift: move from “audit complete equals secure” to continuous, layered security that matches operational realities, and innovate not just technically but also in how security is procured and scaled. Read the full report here :.

4/ A proper full-stack security approach needs fuzzing, bug bounties, real-time monitoring, and strong operational security (OpSec). These elements are commonly missing from standard engagements, creating dangerous blind spots. Without accessible full-stack security, smaller.

3/ The way teams procure security services is inefficient. Pricing is opaque, quality varies wildly, and vendors are fragmented. This friction often leaves projects struggling to secure their stacks properly.

2/ Security isn’t a box to check once; it demands commitment throughout a project’s lifecycle. We discovered that effective coverage must span every phase, development, launch, and ongoing operations; not just a pre-launch audit snapshot.

1/ Code audits remain essential but insufficient on their own. The State of Crypto Security 2025 report uncovered that crypto projects face an expanding range of threats well beyond code flaws, like social engineering, runtime vulnerabilities, and post-deployment exploits that