unsafe_call
@unsafe_call
Followers
2K
Following
5K
Media
140
Statuses
3K
Web3 security. @immunefi | views are my own
Joined January 2021
The attacker accidentally left their entire malicious extension playbook for @cursor_ai sitting in the same folder their extension was downloaded from 🤡
I've been in crypto for over 10 years and I’ve Never been hacked. Perfect OpSec record. Yesterday, my wallet was drained by a malicious @cursor_ai extension for the first time. If it can happen to me, it can happen to you. Here’s a full breakdown. 🧵👇
30
160
2K
The $200k USD @plumenetwork Attackathon has officially concluded, and 100% of the reward pool has been paid out! ⚡️ Top Winners: 🥇 @blobismdev — $32,894 🥈 @csanuragjain — $25,739 🥉 @HolyDevoti0n — $21,189 4️⃣ @KlosMitSossxyz — $18,442 5️⃣ @PaludoX0 — $12,744 Check out the full
3
5
40
Anyone who finds meaningful issues in v4 will gain the respect of many people, including myself If you want your work to be impactful, this is the contest to join
Ready to help secure one of the most trusted protocols in DeFi? The @aave V4 Contest starts Monday, December 1st, with rewards up to $300k. V4 introduces a Hub and Spoke architecture, bringing new design paradigms to Aave, each with its own set of benefits. Just audit Aave.
1
2
65
To succeed in web3 security, you need to know your "why". If it's for a quick buck, you will most probably fail - it's hard and requires a lot of hard work and consistency. If you want to genuinely help the space and provide real value, you'll probably be successful.
7
7
113
~ Bugs are everywhere. Zoom out! ~ > This is a very long post. The more software we develop, the more certain we are that it is infinitely easier to discover bugs than to write bug-free code. On top of that, private audits and contests are doomed to miss critical
0
23
138
Apparently, we've reached a point of no return where AI audit quality is indistinguishable from a human-made one. If you are using Solarity library, please update to v3.3.0 asap.
8
4
116
We now auto-detect the type of contracts Hopefully it will make the life of SRs easier
2
3
15
Now that Safe Harbor has proven itself by saving millions of USD in the Balancer hack, it's worth reminding everyone why it's important in the first place. Safe Harbor is a critical tool when all else fails. And we should all be using it.
1
4
20
Proud to be taking up the torch 🫡
It was great to be part of the 2024/2025 Arbitrum Security Council. Immunefi will still be part of it, represented by the great @unsafe_call
0
0
8
It was great to be part of the 2024/2025 Arbitrum Security Council. Immunefi will still be part of it, represented by the great @unsafe_call
The September 2025 Security Council Election process is finally complete! The Grace Period has ended, which means the election results from Nov 3rd have been effectuated. https://t.co/7CC47FIUjA
5
3
19
Check it out! I built a thing!
🧘 Yoga Yoga is a multi-range UniV4 position manager letting LPs manage complex liquidity distributions in a single NFT through simple liquidity delta based modifications. Built by @mackcee, @duncancmt, @TILuigi, @vhawk19
https://t.co/gB4hQdukdP
3
3
14
literally, a room full of the smartest people
Thank you to @summit_defi for the invite to speak and for being able to gather a room full of the smartest people who are genuinely pushing security forward!
0
2
17
Thank you to @summit_defi for the invite to speak and for being able to gather a room full of the smartest people who are genuinely pushing security forward!
Don’t blink or you’ll miss it, come by @summit_defi for my lightning talk at 2:55pm on LLM usage in bug reports!
2
1
11
Don’t blink or you’ll miss it, come by @summit_defi for my lightning talk at 2:55pm on LLM usage in bug reports!
AI is changing how bug reports are written, but not always for the better. @unsafe_call, Security Researcher & Triage Lead at @immunefi, will speak at DSS on “AI in Bug Reports: When to Use LLMs and When Not To”, sharing field-tested lessons on using AI responsibly in security.
0
0
7
Shout out to @RareSkills_io for hosting the esports of web3 CTFs, so hype! LET’S GO AMERICAS 🌎
0
2
9
Despite significant progress in Web3 security, smart contract vulnerabilities remain extremely challenging for both humans and machines to detect. Today at @AgenticZero, @SagivMooly and @johnadtoman introduced Composer: a Spec-Driven Smart Contract Development Technology.
2
4
37
Today marks 10 years of the VSCode Solidity extension — and 10 years since @code added extension support. I rushed the first release at 5am before work after seeing the blog post announcing the extension marketplace was available now. My first hope was to promote and bring
15
3
67
🔐 Limited edition OpenZeppelin-branded Ledger Nano S Plus 💼 Fast-track interview with @holajotola, our Head of Security Research (Top 5 only) Prove your skills. Show us what you've got. https://t.co/aKq7lbSyd2
ethernaut.openzeppelin.com
Web3/Solidity based wargame played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'.
3
4
22