There are moments in a project's life that change everything. Not a feature update. Not a new partnership. The moment someone with real weight looks at what you built and says : I want to be part of where this is going. @KachingVIP just had that moment. @KachingVIP is now officially incubated by @KGeN_IO. For those who don't know KGeN they're not a typical Web3 fund. They build gaming and community infrastructure at scale. Real users. Real engagement. Real ecosystem. And they just chose Kaching. The fairest lottery ever built. Verifiable draws. Real USDC. On-chain proof. Audited by MoveBit. KGeN didn't back a lottery. They backed a new standard for trust in Web3. x.com/KachingVIP/status/2059… I've been an ambassador for Kaching since the beginning. I've watched the community grow quietly. I've watched the product get sharper every week. I've watched people discover for the first time that luck can actually be honest. But I'll be real with you this is the moment I've been waiting for. Because the foundation was always right. What was missing was the infrastructure to scale it. KGeN just provided that. From lucky moments to bigger visions. That's not just a tagline. That's the actual trajectory of this project. Early community. Audited protocol. On @solana . Now incubated by one of Web3's most serious builders. The window before scale is always the most interesting one. You're still in it. kaching.vip #Kaching #KGeN #Web3

I checked out DipCoin’s Perpetual, Pools, Swapping and nd Vaults features built on the @SuiNetwork ecosystem ngl… this feels like one of those projects trying to make on-chain trading feel as smooth as a CEX. Here’s a breakdown of how DipCoin’s trading system actually works. • Audited by Movebit • Ongoing third-party reviews • Active bug bounty program Everything is built around making trading on Sui feel fast and simple. The platform combines: • Swaps • Perpetual trading • Vault strategies • Pool/Liquidity systems inside one dashboard. What stood out to me most is how beginner-friendly the interface looks despite being a Perp DEX. So, here is the trading website link ( dipcoin.io) First thing i notice when entering the website: → clean trading interface → TradingView-style chart → order book → positions tab → wallet integration → vault access → swap perp in one ecosystem

A whopping $2.1 billion from crypto wallets and DeFi protocols lost in 2025 to hackers, not from news or government decision but were stolen @CerbAgent. Bybit in February lost $1.4 billion in a supply chain attack on the project's signing infrastructure, attackers tricked signers to approve dubious transactions that transferred wallet ownership and enabled them to liquidate the exchange funds. A large DeFi hack, it was pure human manipulation to sign something wrong Cetus Protocol in May, a subtle arithmetic overflow bug allowed an attacker to drain $223 million when depositing just 1 token and receiving liquidity worth millions in return due to a broken calculation in the protocol's math library. Auditors like MoveBit, OtterSec and Zellic couldn't detect the critical threat despite reviewing the code. In November, $128 million drained across Ethereum, Arbitrum, Base, Berachain, Sonic, Optimism and Polygon through a flaw in the smart contract's access control code that allowed the attackers to disguise as the account owners Here comes the lapses,users were told to manually reject approvals within 10 minutes or risk losing everything, how can they cope Bybit users are too slow to catch manipulation before signing Cetus has no tool watching contracts behavior before interaction Balancer users couldn't revoke fast enough across seven chains simultaneously It's reaction time matters, it's the safety, they could have got an autonomous protection for fast safety Only about 19% of hacked protocols used multi sig wallets and just 2.4% employed cold storage and even the ones that did like Bybit still got hit because the attack targeted the users. Hackers are upgrading but most security setups are behind This should make us more conscious of wallet security Sentinel monitors contract behavior continuously so threats get caught before they become drains Shield pre-screens interactions and revokes suspicious approvals before it gets to us Recovery races attackers with Flashbots when a drain still starts across Ethereum, Base, Arbitrum, Polygon, Solana and BSC 24/7 and very fast. $CERB is what the $2.1B conversation needs to know more #CERB #DeFiSecurity #Web3Security #CryptoSecurity

On May 22 2025, Cetus Protocol the biggest DEX on Sui lost a whopping $223 million in 15 minutes from an error in the contract code that skipped all audits @CerbAgent Cetus uses a concentrated liquidity model like Uniswap v3, to add liquidity you state a price range and deposit tokens It calculated the required deposit based on liquidity request, it's easy but there was a green snake hiding under the green 💚 grass It's weakness was in a function called checked_shlw, used to determine if an overflow would occur when a value is shifted left by one 64-bit word. The function was supposed to catch dangerous values and abort However it used an over wide mask and an incorrect comparison operator, meaning some values that should have triggered an abort were treated as safe. One wrong character in the code, $223 million gone in a giffy Here's how the attacker applied it They opened a position within a tightly defined price range adding just 1 unit of token A, but because of the overflow bug the protocol calculated the required deposit as 1 token while recording a massive liquidity credit Deposit 1 token, receive liquidity worth millions, withdraw real funds from the pools, repeat, the entire protocol was liquidated in approximately 15 minutes Why every DeFi user should care, users who interacted with the protocol had no way of knowing the liquidity calculations were broken, the bug was deep in the codebase, not visible through a wallet interface or blockchain explorer You might have done everything right checked the audit, used a hardware wallet, and still lost everything because the math underneath was broken This is where @CerbAgent changes things Shield pre-screens contract code before you interact it doesn't just check if a contract looks legit on the surface, it flags known vulnerability patterns in the underlying logic An arithmetic overflow check that uses the wrong comparison operator is exactly the kind of pattern Shield is built to catch Before your first transaction, the attacker even attempted an earlier version of the exploit which failed, meaning the vulnerability was active and testable before the main attack. Shield would have been flagging during that window If somehow a user was already inside the protocol when the drain started Sentinel is watching chain activity around your wallet continuously The moment anomalous withdrawals begin, unusual liquidity movements, contracts behaving outside normal parameters, Sentinel detects it Recovery then races the drainer using Flashbots The attacker bridged roughly $60M to Ethereum before validators could freeze the rest That $60M moved fast. Recovery is built to move faster. Rhe Cetus hack is a perfect case study for why audits alone aren't enough Cetus underwent audits from MoveBit, OtterSec and Zellic, the most recent completed just one month before the hack and none of them identified the critical vulnerability. Three separate audits, a month gap, $223 million. You cannot audit your way to safety if the tools checking the code miss edge cases, you need something running at the moment of interaction that's $CERB #CERB #DeFiSecurity #AIAgents #Web3Security #CryptoSecurity

Firstly, the Team handled the issue very very professionally. No pressure, focused on Recovering Funds that were Drained. Now hers's what we could see from the incident. - An exploit hit a side contract related to Scallop's sSUI spool rewards pool, resulting in a loss of approximately 150K sui native. - The team froze the affected contract within minutes and pledged full reimbursement from its treasury. Core operations resumed in under two hours withdrawals and deposits resumed at 14:42 UTC. The protocol has committed to covering 100% of the losses. - The team will check how the flaw passed prior audits by firms such as OtterSec and MoveBit. The key lesson is that on Sui's immutable architecture, deprecated contracts remain live attack surfaces old code doesn't disappear, it just gets forgotten. Thanks to the @Scallop_io Team for pure Transparency on this matter! Scallop protocol has resumed services and let's get to earning those Incentives. With: - $HAEDAL on a 29-117% Apr. - $haWAL on a 30-123% Apr. - $wWAL on a 24-99% Apr. And with over $20,000 in Rewards for the week! Are you joining or looking from the sidelines?

Mediatrix of All Graces propers: [Ant. on Ben.] Absque tuo imperio * non movebit quisquam manum aut pedem in omni terra (alleluja). [Ant. on Mag.] Ecce Dominus meus * omnia mihi tradidit, nec quidquam est, quod non in mea sit potestate, vel non tradiderit mihi (alleluja).

Proud to see MoveBit presenting today at Web3 Scholars Conference 2026 in Hong Kong. Their work, “Beyond Guesswork: LLM Driven Semantic Distillation to Fuzz and Exploit Smart Contracts,” explores how LLM-driven semantic distillation can enhance smart contract fuzzing and vulnerability discovery across both Solidity and Move ecosystems. 🏆 Congrats to all authors: Ziqiao Kong, Wanxu Xia, Borui Li, Yi Lu, Pan Li, and Yang Liu And best of luck to today’s presenters, Ziqiao Kong and Wanxu Xia 🎉 #BitsLab #MoveBit #Web3Scholars2026 #SmartContractSecurity #BlockchainSecurity #LLM

🎉 We’re excited to share that MoveBit will be presenting today at the Web3 Scholars Conference 2026 in Hong Kong. web3scholar.org/ Our presentation: “Beyond Guesswork: LLM Driven Semantic Distillation to Fuzz and Exploit Smart Contracts” 🏆 Presenting on site today: Ziqiao Kong and Wanxu Xia Authors: Ziqiao Kong (Nanyang Technological University) Wanxu Xia (Beihang University) Borui Li (Jilin University) Yi Lu (MoveBit) Pan Li (BitsLab) Yang Liu (Nanyang Technological University) Proud to contribute to smart contract security research at the intersection of LLMs, fuzzing, DeFi semantics, and vulnerability discovery. See you at #Web3Scholars2026 in Hong Kong. @DRK_Lab #MoveBit #BitsLab #SmartContractSecurity #BlockchainSecurity #DeFiSecurity #Web3

BREAKING: Volo Protocol Hacked For $3.5M - $2.6M Already Recovered Sui-Based @volo_sui Suffered A Vault Exploit Today. Here's The Full Story 👇 The Hack: 🔸 ~$3.5M Drained From 3 Specific Vaults 🔸 Assets Stolen: $WBTC, $XAUm, $USDC 🔸 Remaining ~$28M TVL Across Other Vaults Is SAFE 🔸 No Shared Vulnerability With Other Volo Vaults Team Response: ✅ Attack Detected Instantly ✅ All Vaults Frozen ✅ Sui Foundation & Ecosystem Partners Notified ✅ Volo Absorbing The Full Loss, Users Protected Recovery Progress (~74% Blocked): ✅ ~$500K Frozen Via Sui Ecosystem Partners ✅ 19.6 WBTC (~$2.1M) Bridge Attempt Intercepted & Blocked ❌ ~$900K Still Under Investigation Second Major @SuiNetwork Recovery Win After Cetus ($162M) In May 2025. Validator-Level Freeze Mechanism Proving To Be A Real DeFi Safety Net. Retail Lesson: Volo Had 3 Audits (OtterSec, Movebit, Hacken) Open-Source Code Active Bug Bounty, Still Got Hit. Audits ≠ Immunity. #VOLO #SUI

一起来认识 Aptos 的安全生态系统👀 主网上线 3 年多， @Aptos DeFi、NFT、GameFi 生态早已成型，如今正向 RWA、机构级应用、合规化等场景深入演进 然而，安全作为一个重要门类经常被用户忽视，在 @stan_ngx 制作的 APTOS SECURITY ECOSYSTEM 地图中，可以看到 Aptos 已经形成了一套覆盖「开发 → 上线 → 运行 → 应急」的完整安全框架👇 —————— 🛡️ 审计与验证（Audits & Verification） 从智能合约到协议层，多家顶级安全团队进行系统性审计：OtterSec、Hacken、Zellic、zkSecurity、MoveBit、Informal Systems、Plainshift、Adevar Labs、Sherlock、Shielder 在代码上线前，尽可能消除潜在漏洞 —————— 🚨 威胁预防与实时监控（Threat Prevention & Monitoring） 不仅是“发现问题”，而是提前识别风险：Doppel、Hypernative、GuardRail 包括钓鱼识别、异常行为监控、攻击预警等实时防护能力 —————— 🆘 应急响应与漏洞披露（Emergency Response） 当风险发生时，快速响应同样关键：HackenProof、ChainAbuse、Seal 911 覆盖漏洞赏金、攻击上报、紧急响应机制 —————— 🛠️ 安全开发体系（Build Securely） 从源头降低风险，而不是事后修补： → Move 安全开发指南 → Bug Bounty Program → Move Security Challenge 帮助开发者在设计阶段就写出更安全的代码 —————— 多层审计 实时监控 应急机制 开发规范 = 全生命周期安全体系 高性能之外，当链开始承接更多稳定币、RWA 资产和机构资产时，安全不再是加分项，而是基础设施本身👍

HỆ SINH THÁI BẢO MẬT APTOS Dưới đây là sơ đồ hệ sinh thái, được chia thành các lớp bảo mật chuyên biệt và các danh mục vận hành: Kiểm định & Xác thực (Audits & Verification) (Các đơn vị kiểm định hợp đồng thông minh, mật mã học và giao thức chính) OtterSec - @osec_io Hacken - @hackenclub Zellic - @zellic_io zkSecurity - @zksecurityXYZ MoveBit - @MoveBit_ Informal Systems - @informalinc Plainshift - @plainshift Adevar Labs - @AdevarLabs Sherlock - @sherlockdefi Shielder - @ShielderSec Ngăn ngừa & Giám sát (Phát hiện đe dọa chủ động, triệt phá lừa đảo và giám sát thời gian thực) Doppel - @DoppelHQ Hypernative - @HypernativeLabs GuardRail - @guardrailai Phản ứng khẩn cấp & Báo cáo (Xử lý sự cố và xác định lỗ hổng bảo mật) HackenProof - @HackenProof ChainAbuse - @chainabuse Seal 911 - @SEAL_911 Build một cách An toàn (Dành cho dev) (Các hướng dẫn và công cụ để code Move an toàn) Move Security Guidelines Bug Bounty Program Move Security Challenge Build dự án một cách an toàn trên Aptos!