I did it. I found first "real critical issue" on @HackenProof . I am looking forward to presenting story behind it on @ETHWarsaw 😄 By the way, you can meet me today (30.06) in Cannes on https://t.co/Q5ClJA8l9g event and later on EthCC

Most posts/videos about AI are out of touch. Today I found an exception to that: a video about "The AI Scaling Problem" - https://t.co/5CUPvzC4oM I highly recommend watching it if you prefer to have a more realistic view of AI instead of following "hype". Props to @ejmejm1

On August 11, we reported a Critical vulnerability (C-2) to Nemo regarding unauthorized manipulation of py_index_stored, an index variable which affects all interest, yield, and conversion calculations. We warned of potential "incorrect payouts, market disruption, and loss of

I'm looking for a person experienced with using LLMs and creating prompts. If you can do it better and faster than me then I won't have a problem to pay you $100/h. I created recruitment task with an example problem I'm dealing with, if you know how to deal with those problem

Nemo experienced a security incident occurred last night, impacting the Market pool. We are investigating the matter and have suspended all smart contract activity for the time being. We plan to share when more information becomes available. All Vault assets remain untouched.

See you tomorrow at EthWarsaw! Just one thing, there was a change in plan because I was not yet allowed to publish story about my biggest issue which was allowing to steal $6M+. So I'll be doing presentation about "AI Audits - case study & more - 2,800 AI-Generated Tests, 22

My personal review of executing a hard, real-world programming task with different models. TL;DR: only gemini 2.5 pro with deep thinking is somehow useful. I’m working on a few AI projects that use Prefect, Laminar, and multiple LLMs. To simplify development, I recently merged

At 15:00 CET / 13:00 UTC I'm hosting a webinar about "Top 10 Attack Paths Your Devs Are Blind To". This webinar will be about places where I search for issues in the first place when I'm doing audits or bug bounties. I found over 70 critical issues during last 3 years while doing

Hackers know your code better than you do 🕵️‍♂️ In 2 days, our security pro @bbarwik will reveal your blind spots. 15+ years in ethical hacking, 70+ critical Web3 bugs found – Bartosz is here to outsmart the blackhats. Sign up 👉 https://t.co/PEKAuMakzl

I’ve built a tool that will critique and challenge your project to help you uncover hidden threats. Made for investors, VCs and startup founders. From my experience, it’s very hard to get constructive criticism when you’re deep in a project. It’s much easier to hear that what

Next week, our L1 Researcher & Auditor @bbarwik breaks down a $1.1M bug that almost slipped by. Don’t miss the key lessons and expert tips to safeguard your own project. Save your spot 👉 https://t.co/Hr0ocBlvn9

Today @HackenProof finally updated leaderboard so it includes my bugs from February. Top 3 secured 🥉. The goal is the same - #1 place, so lets wait for issues from March and April to be finally resolved 📷 I'll be posting about them soon, two criticals are waiting. Stay tuned!

I was recommending to do it during SuiSummit in Denver, I am glad they finally did it! I hope that other protocol will do the same.

While our bug bounty today focuses on Sui core infrastructure and does not cover protocols, applications, or smart contracts built on it, we’re expanding it over the next six months to pay additional bounties for any protocol with more than $50M TVL, helping incentivize bounty

On Feb 17 2025 I reported a critical vulnerability to @Scroll_ZKP. $100m+ in TVL was at risk for more than 2 months. Anyone could force Scroll L2 into an indefinite re-org, halting the chain so that no user transactions would be included in blocks and the chain would not move

I've found another issue on @HackenProof! I'm getting closer to be in top 3 hackers on HackenProof 😁 One day I'll write what was the issue and how I found it, stay tuned!

Got another bug bounty on @HackenProof! My bug bounty journey continues 😁 My goal for this year is to be no. 1 hacker on HackenProof leaderboard

🔥 This week at #ETHDenver, our @bbarwik took the stage to break down The Unseen Threat: Why Attackers See What Developers Miss. A deep dive into why vulnerabilities slip past devs but are crystal clear to hackers. Let’s recap some key insights! 🧵👇