Blessed to have earned my second certification from @CyfrinUpdraft! Now, I’m officially a QWS (Qualified Web3 Signer) certified along with SSCD . A huge thank you to the @cyfrin team and @PatrickAlphaC for creating such amazing tools like Safe Hash and Wise Signer.

The `private` keyword in Solidity doesn't mean what you think it means. Marking a variable as `private` only restricts other contracts from reading it. Anyone can still read it directly from the blockchain. This misunderstanding has led to real security vulnerabilities. 🧵

Only 2.5% of crypto holders use a hardware wallet🫨 The rest are trusting exchanges, soft-wallets or "I'll do it later". Please use a hardware wallet. For BTC & ETH, I'd recommend @Keycard_ but honestly, any reputable hardware wallet is better than none.

The seed phrase was already in the box. Had so much fun scratching it off! Amazing customer service. Very time efficient. ⏸ Except this is exactly how people lose everything. 10/10 scam experience.

Make your favorite protocol get SEAL Certificates, so you can rest easy knowing your funds are in good hands.

It's finally happening! SEAL Certifications are now open for business. 🎉

Really wild for audit firms to target their private audit clients with bug bounties. At @cyfrin outside of private audit engagements we disclose bugs directly to our private audit clients for free with no expectation of bounty. Always doing our best to protect our clients 🤝

Certora is hiring! We're looking for a Blockchain Validator Infrastructure Engineer to own, operate, and expand our validator infrastructure. ✅ Hands-on experience with @solana or @SuiNetwork validators is a strong plus. Apply ⬇️

You would hope that after we wrote up our findings for multiple live criticals on the Zodiac modules at @therealgregoAI months ago, that PERHAPS if one's company used these modules in a live, deployed, project the CISO would want to have another audit done (last one was 6 years ago with many changes since then) Instead what happened is Gnosis has split into multiple different entities and neither one of them wants to own something that is widely used and directly affects their core product and brand If a hacker reported this bug he would have received no bounty Unfortunately, again, it looks like DeFi will only improve through pain

Support the battle if you can. Free Roman Storm (.) com

May not seem like it now, but glory days for DeFi & smart contract security are coming. Teams rapidly embracing emerging tech will build safer, more defensive & hardened protocols than previously possible with lower total spend. It's always darkest before dawn.

100% I would love to see Mythos in the hands of @SEAL_911

Another day another hack... As a @thedaofund Fund badge holder, I’m wondering whether we’ve had any conversations with @AnthropicAI Project Glasswing / Mythos teams around @ethereum security. anthropic.com/glasswing If frontier AI systems are now capable of identifying vulnerabilities across critical software infrastructure, should Ethereum be proactively applying similar approaches to core libraries, clients, ERCs, wallets, bridges, staking infra, and major DeFi contracts? Ethereum secures ~$250B in value. It feels like this should at least be part of the conversation around long-term security strategy. cc @VitalikButerin @drakefjustin @dannyryan

edgecase: tvl == 0 && s_totalShares > 0 solution: emergency donation function but its permissionless and can be used even if there's no emergency

wise signer by @cyfrin is the most underrated tool in all of web3. everyone, i repeat, everyone new to web3 should train their wallet skills here before they start interacting onchain.

normalising putting money in browser extensions and keys in plaintext is the greatest sin of web3. and this has to change.

yeah wtf, there is no point using a safe multisig if the keys are stored in a software wallet. and i would argue, there is no point even using a hardware wallet for signers if you don't understand the threat vectors correctly (bybit hack). please for the love of God, learn how to securely manage money onchain or at least consult someone who knows before you put your money at risk.

Don’t leave sensitive data in plaintext

Introducing Chainlink Developer Agent Skills Chainlink Agent Skills are AI tools for building with Chainlink. Each skill teaches your AI agent how to code with a specific Chainlink product. One command to install Skills. Start prompting right away. Go build something awesome!

ERC-8213 is probably one of my top favorite ERCs up to date Please Im looking forward to wallets supporting this!!