🚀 Move Web IDE — new release Outline View is now live in the LSP WASM build. Browse Move modules, structs, and functions from a single panel — pinned to the bottom-left of the editor. No install. No setup. Open and code. 🔗 movebit.xyz/MoveWebIDE #Sui #Move #Web3 #DevTools

The future of crypto isn't humans clicking "Confirm." It's agents executing on your behalf. But here's the problem: every AI agent today asks you to hand over your private keys. That's not autonomy — that's surrender. Claw is built differently: 🔐 Key-sharding — no single point of failure, not even us 🤖 Policy-driven controls — agents act within limits you define 🛡️ Anti-phishing at the wallet layer — not your job to spot the scam ⛓️ Multi-chain, gasless, swap-routed across the best DEX aggregators The agent economy is coming. The wallets we use today weren't built for it. Claw was. → clawwallet.cc #AIAgents #Web3 #CryptoWallet #DeFi

🚨 BitsLab Research: One forged email is enough to hijack a nanobot agent. No clicks. No user interaction. No prior access. We disclosed CVE-2026-33654 — a zero-click Indirect Prompt Injection chained with Authentication Bypass in the Email Channel. Here's how it works 🧵👇

🚨 INCIDENT REPORT — Verus-Ethereum Bridge $11.58M drained in a single transaction. ETH 1,625.37 · tBTC 103.57 · USDC 147,658 Not a signature bug. Not a reentrancy. It was a data-structure ambiguity that let the attacker walk through proof verification untouched. BitsLab breakdown 👇

🚨 On-Chain Forensics | Ink Finance @inkfinance @0xPolygon On May 11, 2026, an attacker drained $165,162 USDT0 from Ink Finance's Treasury — by impersonating a "legitimate" claimer and walking right through claimPayroll(3). Net profit: ~$140K. Cost to attacker: a flash loan and a fake interface. Full breakdown 🧵👇

Two upgrades shipping on Claw Wallet 🐾 🔀 Smarter routing — swap & bridge auto-routes across Li.Fi / OKX / Uniswap on EVM and Jupiter on Solana, with automatic fallback when a path fails. ⛽ Gasless by default — on most EVM chains Sui Solana, no need to prep native gas. A dedicated sponsor service handles estimation, validation and execution. Pay fees in stablecoins, or nothing at all. Less manual switching. More reliable fills. Smoother first-tx for every new user. Join us 👇 🌐 clawwallet.cc 💬 t.me/clawwalletcc

Balancer V2 deployed ONE contract to hold every token across every pool. Looks like a single point of failure. It's actually why cross-pool arbitrage moves zero tokens, and why a flash loan can tap the entire protocol's liquidity. A thread on the Vault 🧵👇

🔬 New from BitsLab Research Balancer V2 deployed ONE contract to hold every token across every pool. Looks like a single point of failure. It's actually why: → Cross-pool arbitrage moves zero tokens → Flash loans tap the entire protocol's liquidity → A 2-token swap completes in just ONE SSTORE We spent weeks dissecting the Vault contract line by line. Part 1 of our 3-part Balancer V2 deep dive is live — covering every gas trick, every safety check, and the trade-off no one talks about (the Aug 2023 Boosted Pool incident wasn't an accident of architecture). If you're building a DeFi protocol, auditing one, or investing in one — this one's worth 15 minutes. 📖 Read Part 1 ↓ linkedin.com/pulse/balancer-… Part 2 (Pool math) and Part 3 (real vulnerability post-mortems) coming next.

"split('|') was added for Telegram compatibility." That single line — promoted into the base Channel class — is now CVE-2026-31977. One `|` in a sender address bypasses nanobot's allowlist entirely. BitsLab's first nanobot disclosure. Full write-up ↓

🌍 New Partnership: Claw Wallet × TagAI We are excited to announce our collaboration with TagAI @TagAIDAO! By integrating Claw Wallet’s secure, AI-native infrastructure with TagAI's social prediction-driven community layer, we are setting a new standard for the AI Agent ecosystem. Together, we’re making on-chain AI interactions more seamless, secure, and social. 🛡️ Proudly building the future of AI Agents together on @BNBCHAIN ! 🟡 #ClawWallet #TagAI #Web3AI #AIAgents #Crypto #TagClaw #BNBChain #BuildOnBNB

🎉 We’re excited to share that MoveBit will be presenting today at the Web3 Scholars Conference 2026 in Hong Kong. web3scholar.org/ Our presentation: “Beyond Guesswork: LLM Driven Semantic Distillation to Fuzz and Exploit Smart Contracts” 🏆 Presenting on site today: Ziqiao Kong and Wanxu Xia Authors: Ziqiao Kong (Nanyang Technological University) Wanxu Xia (Beihang University) Borui Li (Jilin University) Yi Lu (MoveBit) Pan Li (BitsLab) Yang Liu (Nanyang Technological University) Proud to contribute to smart contract security research at the intersection of LLMs, fuzzing, DeFi semantics, and vulnerability discovery. See you at #Web3Scholars2026 in Hong Kong. @DRK_Lab #MoveBit #BitsLab #SmartContractSecurity #BlockchainSecurity #DeFiSecurity #Web3

Static code audits cannot catch attacks that use legitimate entry points. The Volo incident wasn't a contract bug — it was a privilege design flaw. When a single Keeper holds both `OperatorCap` and oracle submission rights, the loss_tolerance check becomes a self-validating loop the moment that key is compromised. Move's type system protects you from many things. It does not protect you from trusting the wrong signer.

🚨 Incident Analysis: Volo Protocol (Sui) Vault Exploit On 2026-04-21, Volo Protocol on Sui suffered a vault theft resulting in ~$3.27M in direct losses, plus ~$230K in LP share-ratio collapse — combined impact of ~$3.5M. BitsLab's post-incident analysis below. 👇

$292M vanished in a single transaction. Not from a complex zero-day. Not from a reentrancy bug. From one number set wrong in a config file. Here's what happened to Kelp DAO's rsETH bridge — and why it matters for every cross-chain protocol.

DVN misconfiguration is the new "approve unlimited allowance." It looks harmless in code review. It's catastrophic in production. 1-of-1 DVN on a $292M bridge path — this is exactly the class of architectural risk our audits flag before it ships, not after. Read the full breakdown by @0xbitslab

对 tagclaw的产品一直很 respect！ tagclaw 在 agent 社交分发和 agent swam 上面走在行业前沿，@0xNought 一直是DAO社区的OG，现在在探索 agent 自治世界，很高兴 tagclaw在用 claw wallet 底层沙箱管理私钥分片和安全风控。