1/ As a Solidity auditor, I'll be the first to tell you how unreliable Solidity is for smart contract development. Exploits are a dime a dozen. The #Move programming language was designed for blockchain. Here's one reason why Move will outperform Solidity: Modules 👇🧵

Had the pleasure to perform this audit for @sanctumso alongside the great @movebrah 🫡 cantina.xyz/portfolio/b135b6…

📢 Big news from @suidevelopers and @SuiNetwork! A new bounty target is live: Bella Ciao — next-generation Sui VM execution layer rewrite with enhanced performance and new Move capabilities — offers a wide range of bounties: Critical: $100,000 - $1,000,000 High: $10,000 - $50,000 Medium: $5,000 - $10,000 Low: $2,500 - $5,000 Start the #bugbounty hunt right now: hackenproof.com/programs/sui…

We are so back! Mark your calendars: Sui Basecamp 2026 📅 October 7-8 🇸🇬 Singapore ( @token2049 )

DPRK rn:

"Make no mistakes"

“AI is gonna take our security jobs!” also AI:

while i do understand this pov and the plight of alot of dev teams, what's not being considered is that audit prices are the symptom not the disease. this all stems from something sec ppl have been saying for years, across all industries, which is security isn't prioritized early nor internally. the 10 dev teams in question waiting until they're ready to launch on mainnet to prioritize security exemplifies the problem. dev teams created the environment of high audit costs. you can't build something that take months to complete then outsource months of risk to someone with: - no knowledge of the codebase - to find all crits/highs/mediums/lows/infos vulns - in only a week or sometimes a few days and expect cheap costs. that puts auditors in a high pressure situation coupled with short time constraints while shifting the blame of exploits to the audit team - effectively absolving themselves of their own mistakes. the cheapest option is for devs to prioritize security themselves- or at the very least contract vCISOs- and include ongoing manual reviews, static analysis, fuzzing and/or fv throughout the dev process not ad hoc. but until that's done, framing audit prices as an unnecessary evil and dev practices as a necessary good is oxymoronic.

Not just Move. @SuiNetwork Move. Arbitrum is bringing objects to Ethereum. Powered by Stylus

Move feels alien to Solidity devs until the object model clicks. Once that clicks, the rest follows. This is a solid walkthrough of that mental shift, honestly worth the read 🔻

Today’s the first Monday of February, so here’s a quick January check-in: - only 2 audits - both in Sui Move Bad news is it was kinda slow. The good news is I still cleared ~20k for a slow month. Looking to build on it in February 🔥

Protocol on Sui was exploited today. Still waiting for the post-mortem but it appears the attacker generated an AdminCap that allowed them to mint tokens. This is why access control capability management is EXTREMELY important. Wishing the team the best on recovery.

THIS is how you should learn Move security. Every one of these labs maps to bugs I’ve seen slip through real Sui reviews because the code looked "reasonable". Read the workshop below and try to break the labs yourself 🔻

My 2025 Web3 Security Wrapped > Joined @spearbit as a Move SR > Audited Aave’s LayerZero’s Move integration w/ some of the most goated auditors > Grew my formal verification skills in Move > Worked with some of the most respected web3 sec firms > Fully booked every month of the year > Began doing Rust audits > >90% of audits this year were in Move > Consistently hit high-5figs every month in Q4 > Was able to fund a trip for my friends to Bali got a private client there > Earned more this year than I ever thought possible > Met and made friends with some of the best people in this industry Goals for 2026 > Tapping into fuzzing in Move > Double the amount of protocols I secure > Build out AI FV tool > Work with more protocols firms > Contribute more to Move security knowledge > Work with more firms new SRs I’m just incredibly proud of the work I put in this year. It was hard to close myself off to a single new and niche language for 2 years with no results but it’s paid off immensely this year. Only tip I have to offer: Study foresight and study conviction. See you all in 2026 🫡

formal verification during the fix review is probably the most underrated underutilized place to leverage it. problem is: > too much work > clients don’t care for the extra effort might incorporate it in future audits and see the impact it makes

on the real, i don’t even read some of y’all’s posts. if you’re the homie or i see a post from a familiar pfp - it’s an automatic like.

2 exploits in 3 weeks????

we are starting to see the decoupling between crypto and blockchain

“AI is gonna take our security jobs!” also AI:

If you care about formal verification, read this. Despite Move being designed hand in hand with FV, you'd be interested in seeing where Certora's Prover outshines the Aptos Move Prover. Read more about it here: arxiv.org/pdf/2502.13929