Joined May 2021
- Tweets 2,249
- Following 1,953
- Followers 8,370
- Likes 13,085
126 Photos and videos
Pinned Tweet
7 Nov 2025
Made $60k last month from audit 😎
What about you?
21
135
10,160
Jeff Security retweeted
Security isn't one reviewer reading your code once
Best audit process:
1) AI-assisted analysis
2) Manual review by senior auditors
3) Fuzzing penetration testing
4) Formal verification
Each layer catches a different class of bug
1
6
19
798
Jeff Security retweeted
Jun 12
A protocol with 5 audits can still be catastrophically insecure.
We see many hacks of large projects due to insecure stale logic, off-chain misconfigs, flawed OpSec and governance failures.
Security does not guarantee success, but a lack of security almost guarantees failure.
1
2
10
620
Jeff Security retweeted
Jun 11
| ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄|
Need more Web3 devs
|____________|
\ (•◡•) /
\ /
——
| |
|_ |_
20
4
84
3,636
Jeff Security retweeted
Jun 11
Reminder: legacy contracts are live attack surface. A HongCoin ICO bug locked $2M for a decade until a white hat overflowed an admin fn to free it. Investors can now claim their ETH.
binance.com/en/square/post/3…
1
3
6
681
Jeff Security retweeted
Jun 10
2026 has already seen billions lost to exploits and hacks, with more than $800M in losses over the last two months alone.
Through it all, Multipli has maintained zero exposure.
Grateful to our security partners and economic auditors who help us stay transparent and secure.
Jun 10
The third @multiplifi audit report is coming out soon🫡
Read the previous ones:
1️⃣ github.com/shieldify-securit…
2️⃣ github.com/shieldify-securit…
30
16
90
4,902
Hot take: Claude Mythos won't replace auditors, it'll feed them. Likely true if it is as big as they claim.
6
232
AI didn't kill bug bounties by writing exploits. But it might be on track to do it by flooding triage with slop while real research drowns
shubs.io/the-down-fall-of-bu…
1
1
12
652
Jeff Security retweeted
Jun 6
Three Common Bugs in Rebase Token Contracts 🧵
Rebase tokens look simple, but usually hide a lot of custom protocol logic under the hood.
Small implementation mistakes can quietly lead to major value distortions or broken peg mechanics.
1
4
14
1,076
BSC testnet contracts containing malware
Injected JS on hacked sites calls eth_call → pulls full malware payload from on-chain storage. No domain/host to seize, free testnet infra, un-takedownable🫠
trendmicro.com/en_us/researc…
1
5
409
The most expensive bugs aren't always the clever ones.
It's often the obvious ones everyone assumed someone else had already checked.
Reentrancy didn't die. It just learned to hide behind "we use OZ."
2
7
356
Sadly "self-custody" is only as strong as the modules bolted onto your Safe. Gnosis just got hit through the Zodiac delay module 😢
thedefiant.io/news/hacks/gno…
1
6
303
May 29
No foolproof fix for prompt injection yet - but you can shrink the blast radius.
Good rundown on delimiting untrusted input, scoping permissions & monitoring LLM activity. Relevant if you're securing AI agents 🤖
composable-security.com/blog…
1
8
279
Jeff Security retweeted
May 28
Web3 hackers negotiating a 20% bounty after draining a couple mil:
7
13
140
3,197
May 27
Your audit is a snapshot. The codebase is a movie.
The diff between them is where the funds go. Re-audit every upgrade like your reputation depends on it. Because it does.
5
285
May 25
Man recovers 5 BTC (~$350k) from a legacy blockchain.com wallet using Claude AI.
finance.yahoo.com/video/man-…
6
401
May 21
If you're crossing from web2 sec into web3 (or vice versa), this repo is gold. Hundreds of bug bounty writeups grouped by class - IDOR, race conditions, RCE, SSRF, auth bypass.
github.com/devanshbatham/Awe…
1
1
31
1,131
May 20
ChainSecurity's 2026 ETH security wishlist:
- shared whitehat fuzzers
- safer signing.
- compiler-level 24KB fixes
chainsecurity.com/blog/audit…
15
797
May 19
Neat find: recursive calldata decoder for EVM txs. handles multicalls, batched txs, and nested ABI-encoded calls that most generic decoders choke on. fully client-side, served via ENS.
recdec.eth.limo/
8
395
Jeff Security retweeted
May 14
🚨PSA for anyone considering working with these guys, they don't pay for their audits. We've been chasing the invoice for months!
Repost, so no one else wastes their time.
@MuratLite @Fast_Protocol @primev_xyz
May 14
First time getting scammed for providing an honest, on-time security service. 👏
Still, shoutout to @Fast_Protocol, @primev_xyz and @MuratLite - hope the help made a difference, even if it came at our expense.
Hope the good gets passed forward to someone else 🙏
7
11
55
9,458