Industry grade security audits for Blockchains and DeFi protocols | Rust, Go, Solidity and beyond | Helped secure @0xProbable, @RatehopperAI and more.
Joined August 2025
- Tweets 58
- Following 5
- Followers 324
- Likes 284
20 Photos and videos
Jun 8
🚨 April–May 2026 were tough months for DeFi — nearly $700M drained in just 60 days.
April alone was the worst month ever: 28–30 exploits, $635M lost. Kelp DAO ($292M) Drift ($285M) dominated the chaos.
Today we dropped a massive HackViz update:
We added 27 new hacks from April–May with:
- Overview Root cause
- Token flow visuals
- Timeline
- Safety measures & lessons
Check them all now → hackviz.shredsec.xyz
Time to study the attacks so we stop repeating them.
1
3
12
3,563
Jun 1
Shred Security🤝@RatehopperAI
Proud to announce the security partnership between Shred Security and @RatehopperAI — an innovative AI-powered platform that enables self-repaying loans by autonomously borrowing against your crypto assets, deploying capital into yield strategies, and repaying debt through intelligent rate optimization and refinancing.
This marks our third engagement with the Ratehopper team. As the protocol rapidly grows, security remains their top priority.🫡
2
2
16
1,032
May 31
Shred Security🤝@yieldarche
Proud to announce the security partnership between Shred Security and @yieldarche protocol — an innovative universal yield engine that automates passive yield generation across DeFi strategies, enabling autopilot earning with instant liquidity and full transparency.
3
9
613
May 15
1. Happy to share our latest product: hackviz.shredsec.xyz
HackViz is a powerful new interactive platform to understand major exploits, visual, educational, and built for security teams, auditors, builders. 🧵
4
5
17
1,562
May 15
7/ Quiz Mode
Interactive questions to test your understanding.
Great for teams, workshops, CTFs, or personal learning.
1
4
328
May 15
8/ HackViz turns complex exploits into clear, interactive learning experiences.
No more dense reports or confusing screen recordings.
Visual. Clickable. Educational.
Try it now → hackviz.shredsec.xyz
4
271
Apr 7
Most DeFi protocols don't have an incident response plan.
They have a group chat and a prayer.
We built the Incident Response Checklist, a production-grade IR standard for Web3 protocols, covering:
— Communication
— Post-Mortem
— Containment
— Forensics
— Recovery
The #1 rule we outlined: Containment BEFORE
detailed tweets, until losses are stopped.
It’s Free, open-source, and built for real incidents.
Star it. Fork it. Add it to your runbook. Your future self at 3am will thank you.
Link in the comments below👇
1
3
7
3,029
Mar 21
Security is non-negotiable.
Shred Security x @RatehopperAI
RateHopper has reappeared pursuing one more elite-grade security review! Super excited to have them back as we keep offering strong protection for their expanding setup — a clear sign of our great client retention and ongoing collaboration to build securely.
Their beta program is now live, learn more here: ratehopper.ai/
6
1,074
Mar 6
He saved your funds again, this time by hunting a Critical Cryptographic bug 🐛
I’m so proud of this one!
This bug was a complex cryptographic issue that could’ve let an attacker drain the entire TVL (billions).
The team fixed it immediately, and even though it wasn’t in-scope, they decided to pay a goodwill reward as a token of appreciation 🫠
11
1,405
Feb 19
The co-founder of Shred Security, just secured your funds! 🫠🔥
2
1
38
3,435
Feb 6
Challenge #4: Can you spot the bug in this code snippet?
2
2
7
1,208
Feb 14
Thanks @nooz0x for participating.
The issue here is: Using time(dot)Now().Unix() (local system time) in the permit precompile for deadline validation.
This is non-deterministic across validators — due to slight clock drift, network latency, and propagation delays, different nodes can get slightly different values from time(dot)Now() when processing the same transaction in the same block.
→ Different state transitions on different nodes → different state roots → possible consensus failure.
Recommendation / Fix: Replace time(dot)Now() with the deterministic block timestamp: block.Header.Time.Unix() (or equivalent chain context time).
2
249
Feb 4
Challenge #3: Can you spot the bug in this code snippet?
Hint: It’s a deployment script, so expect the unexpected!🧐
4
5
1,369
Feb 6
Shoutout to @Icarus_xB,@nooz0x and @0xkun4l
who have solved correctly.
The issue here is: Using same address of WETH for both Ethereum and Polygon chain.
You can find the next challenge here: x.com/ShredSecurity/status/2…
5
361