@yusufthebdev profile picture
Yousef @yusufthebdev
Joined December 2025
  • Tweets 955
  • Following 270
  • Followers 266
17 Photos and videos
Pinned Tweet
Yousef@yusufthebdev
May 26
My name is officially part of a security review report. 🐞 Started this journey with curiosity. Still far from where I want to be. But moments like this remind me the work is compounding. Big thank you to @KannAudits for the opportunity to contribute and learn First of many.
Kann Audits
@KannAudits
May 26
New security audit report published for @hyperlendx 6 days audit of their Leverage Lending logic. Only 5 Low severity issues found, clean codebase. Read the report below 👇 github.com/Kann-Audits/Kann-…
6
1
73
2,771
🎯 Day 93 of becoming a top Web3 security researcher ⏳ Hours worked: 5 hours 🔎 Focus: Auditing 🔧 Practical work: - Continued auditing @DRE_App contest on @sherlockdefi - Submitted a finding - Studied post-mortem hacks
17
213
Being an auditor low-key turns you into a lawyer. Half the job is arguing why a bug matters.
1
9
157
🎯 Day 92 of becoming a top Web3 security researcher ⏳ Hours worked: 4hrs 30mins 🔎 Focus: Reporting 🔧 Practical work: - Continued auditing @DRE_App contest on @sherlockdefi - Submitted 2 findings - Read on ERC-8004
2
28
397
pressure is a privilege
11
137
Yousef retweeted
Mark Manson
@Markmanson
Jun 13
There is no amount of information that will make you feel “ready.” There is no amount of approval that will make you feel confident. There is no amount of success that will make you feel entirely fulfilled. Life is about just doing the thing anyway.
92
313
2,003
42,025
🎯 Day 91 of becoming a top Web3 security researcher ⏳ Hours worked: 4hrs 30mins 🔎 Focus: Auditing 🔧 Practical work: - Continued auditing @DRE_App contest on @sherlockdefi - Studied @LayerZero_Core V2 OFT adapters - Studied post-mortem hacks
29
416
Every rounding decision should favor the protocol, not the user. The Balancer V2 exploit showed what happens when “small precision losses” are treated as harmless edge cases. In DeFi, tiny math assumptions become million-dollar attack surfaces.
2
13
320
I have had days where I looked at other researchers' wins and wondered if I belonged in this space. Then I looked back at my notes from a few months ago and realized I had come much farther than I gave myself credit for. Growth is easy to miss when you're busy comparing.
3
2
22
400
🎯 Day 90 of becoming a top Web3 security researcher ⏳ Hours worked: 4hrs 15mins 🔎 Focus: Auditing 🔧 Practical work: - Continued auditing @DRE_App contest on @sherlockdefi - Listened to @bountyhunt3rz podcast
15
278
Yousef retweeted
Sahil Bloom
@SahilBloom
Jun 10
The older I get, the more I realize the power of always having something on the calendar you're excited about. It can really be anything. Difficult physical challenge, big project, fun trip, ambitious goal, whatever. It creates energy and gets you through the lows. Life hack.
205
811
7,487
215,628
Yousef retweeted
chrisdior
@chrisdior777
Jun 9
how Web3 auditors used to travel 2022-2025 (the Golden Era)
1
35
1,327
🎯 Day 89 of becoming a top Web3 security researcher ⏳ Hours worked: 5 hours 🔎 Focus: Auditing 🔧 Practical work: - Started auditing @DRE_App contest on @sherlockdefi - Studied bug reports on @SoloditOfficial - Studied post-mortem hacks
3
25
776
Yousef retweeted
chrisdior
@chrisdior777
Jun 10
🚨 JUST IN: Old @Raydium pools were reportedly drained for ~810 ETH, around $1.34M. Stolen assets include USDC, RAY and wSOL. The attacker appears to have bridged the funds from Solana to Ethereum, then routed most of them into Tornado Cash. Root cause is not confirmed yet.
3
4
38
2,648
my future as an elite security researcher feels so inevitable that the alternative never enters my consciousness
1
13
187
🎯 Day 88 of becoming a top Web3 security researcher ⏳ Hours worked: 4 hours 🔎 Focus: Learning 🔧 Practical work: - Read docs of @DRE_App on @sherlockdefi - Learnt about @LayerZero_Core OFT adapters - Read on ERC-2535
1
20
295
Yousef retweeted
Lookonchain
@lookonchain
Jun 9
Humanity(@Humanityprot) has been exploited, with losses exceeding $30M! The hacker is currently dumping $H and swapping it for $ETH. $H has already crashed ~90%. arkm.com/explorer/entity/dcf…
202
89
923
676,940
🎯 Day 87 of becoming a top Web3 security researcher ⏳ Hours worked: 2hrs 30mins 🔎 Focus: Auditing 🔧 Practical work: - Finished auditing @Morpho midnight contest on @cantinasecurity
5
36
778
The thing I love about Web3 security is that you never truly “arrive” There’s always another protocol to understand Another concept to explore Another lesson to learn And I think that’s beautiful✨
18
204
🎯 Day 86 of becoming a top Web3 security researcher ⏳ Hours worked: 4 hours 🔎 Focus: Auditing 🔧 Practical work: - Continued auditing @Morpho midnight contest on @cantinasecurity - Submitted a finding - Read web3 security articles
2
31
606
“Security research is mostly being wrong repeatedly until you're finally right.”
A3R4H4M
@abrahamonchain
Jun 7
The Reality of Becoming a Top 1% Security Researcher Most people think it's about intelligence. It's not. It's about surviving years of confusion, rejection, self doubt, and failure long enough to become dangerous. Here's what nobody tells you Let's dive in ➪ The internet only shows the wins. You see: ➣ Accepted bug bounties ➣ Audit reports ➣ Conference talks ➣ Hall of Fame achievements ➣ Research publications You don't see: ➣ 100 rejected findings ➣ Failed exploit attempts ➣ Weeks spent understanding one vulnerability ➣ Thousands of lines of code read for nothing Success is visible. The struggle isn't. ➪ Security research will make you feel stupid. A lot. You'll open a protocol and understand absolutely nothing. You'll read a Solidity function 20 times. You'll stare at an exploit writeup for hours. And you'll wonder if everyone else is smarter than you. They're not. They've just been confused longer. ➪ One lesson I learned: Feeling lost is not a sign you're failing. It's usually a sign you're learning. The best researchers aren't the ones who avoid confusion. They're the ones who stay with it long enough for understanding to emerge. ➪ Nobody talks about the 3 AM reality. The monitor glow. The cold coffee. The failed PoC. The endless transaction traces. The attack path that doesn't work. Then doesn't work again. Then finally works. The world sees the report. You experience the thousand failures before it. ➪ Security research is mostly being wrong repeatedly until you're finally right. That's the job. Not glamour. Not recognition. Investigation. ➪ Most people don't fail because they lack talent. They fail because they quit too early. The learning curve is brutal. Progress feels invisible. Validation is rare. Rewards are delayed. So people leave. The few who stay become dangerous. ➪ Consistency beats talent more often than people want to admit. Read code every day. Study exploits every week. Write research publicly. Repeat. Small efforts compound. ➪ The most underrated security skill isn't intelligence. It's curiosity. Elite researchers ask questions longer than everyone else. Why is this here? Why is this unchecked? Why did this exploit work? Why did nobody notice? Curiosity uncovers vulnerabilities. ➪ Most vulnerabilities hide inside assumptions. Attackers know this. Researchers should too. ➪ Another uncomfortable truth: Security research is mostly pattern recognition. The best auditors don't magically spot bugs. They've simply studied enough failures to recognize familiar attack surfaces. Experience is pattern recognition in disguise. ➪ Want to improve faster? Study: ➣ Historical hacks ➣ Audit reports ➣ Post mortems ➣ Exploit writeups ➣ Attacker behavior Every exploit teaches a lesson. Every lesson becomes intuition. ➪ Let's talk about the emotional cost. Nobody warns you about this part. Security can be lonely. You miss events. You skip outings. You spend weekends reading code. Sometimes you become obsessed. And sometimes that obsession is exhausting. ➪ Then imposter syndrome arrives. You compare yourself to famous auditors. Respected researchers. Top bug bounty hunters. You feel behind. Here's the truth: Even experts feel this way. They just keep moving anyway. ➪ Top 1% doesn't mean: ➣ Knowing everything ➣ Finding every bug ➣ Never making mistakes ➣ Being a genius Top 1% means: ➣ Showing up consistently ➣ Learning relentlessly ➣ Staying curious ➣ Refusing to quit ➪ If I could give one piece of advice to aspiring blockchain security researchers: Stop chasing shortcuts. Read code. Study exploits. Think like attackers. Build things. Break things. Write about what you learn. Depth beats hype. Every time. ➪ One day people will see your audit reports, findings, and achievements. They'll assume you were naturally gifted. They won't see: ➣ The confusion ➣ The failures ➣ The rejected reports ➣ The late nights ➣ The moments you almost quit But that's the reality of becoming a top 1% security researcher. Not brilliance. Persistence. ➪ The researchers who change the industry are rarely the smartest people in the room. They're the ones who refused to leave the room. If you're building a career in Smart Contract Security, Blockchain Security, or Web3 Security: Keep going. Your future expertise is being built in today's confusion. Repost if you're on the journey.
1
21
903
Load more