Olivia
Online
Dedge Security
@DedgeSecurity
Digital Assets Security Posture Management for enterprises. The security function audits can't replace. Built by enterprise security veterans.
Madrid (Spain)
Joined April 2023
9 Following
129 Followers
67 Posts
Digital Assets security has matured beyond "secure at launch" thinking.
A point-in-time audit is a hypothesis, not a guarantee. The real attack surface evolves daily with governance actions, upgrades, integrations, and human decisions.
Security as a continuous, observable property of the entire system, from code, on-chain state, permissions, and external dependencies, rather than a one-time certification.
Most of these incidents weren't novel zero-days in audited code.
Happy to share how Dedge platform gives teams real-time visibility and automated risk detection.
Here’s a list of all crypto protocols hacked this year. It’s only May.
Stake DAO
WUSD fi/Glov
Gnosis Users
Fractal Protocol
StablR
Mure
Polymarket
MAP Protocol
RetoSwap
HermesVault
Bankr
Echo Bridge
SEA Token
Verus-Ethereum Bridge
Adshares
Thorchain DEX
Transit Finance
Aurellion
SQ Protocol
INK Finance
Renegade
TrustedVolumes
Ekubo
SmartCredit
Sharwa Finance
Bisq
Wasabi Perps
Aftermath Perps
Sweat Foundation
Syndicate
Quant
JUDAO
Singularity Finance
ZetaChain
Scallop Lend
Litecoin
Purrlend
Giddy
Kipseli
Volo Vault
Thetanuts Finance
Juicebox V3
Kelp
Grinex
Rhea Lend
Zerion Wallet
MONA
Dango
SubQuery Network
Hyperbridge
Aethir
BSC TMM/USDT
Drift Trade
LML/USDT staking protocol
GoonFi
Cyrus Finance
Resolv
Neutrl
dTRINITY dLEND
Venus Core Pool
Goose Finance
Aave V3
Gondi V3
Molt EVM
SolvBTC
Curve LlamaLend
FOOM Cash
Wise Lending V2
Ploutos Money
DGLD
Blend Pools V2
IoTeX
Veil Cash
Moonwell Lending
CrossCurve
Step Finance
Revert Lend
Matcha
Aperture LM
Saga
Makina
Meteora DAMM V2
YO Protocol
Truebit
Polycule
Fusion by IPOR
TMX TRIBE
PRXVT
Every major post-mortem since 2023 contains a version of this sentence: "The vulnerability was introduced after the audit was completed."
The snapshot is necessary, but never sufficient.
An audit tells you what the code looked like on one specific day. It tells you nothing about what your multisig configuration looks like today.
A clean audit report is a snapshot, not a shield.
It describes the code on the day we looked at it.
The code you deploy three commits later, with the "small fix" nobody re-reviewed, is the code that gets drained.
Freeze scope before you ship.
and and and...
with evm + svm contracts routing through canton natively, the attack surface just got crosschain, cross-app, and institutional-grade complex
@DedgeSecurity sits at that intersection. web3-native security posture management (SPM) built for exactly this composability layer
@ZenithFdn is building the bridge. we secure what crosses it.
; )
Matcha for Monday morning posture review. Some of us don't wait for the weekend.
The weekend is about to begin.
Saturday morning cappuccino for Saturday morning bug hunting.
@0x0kyoshi Let's do it.
The PDF problem is real. But even a perfect audit only tells you what the code looked like on one specific day.
Parameters drift. Keys change hands. Governance proposals queue silently. Dependencies get exploited upstream.
None of that shows up in the report. All of it determines whether you get hit.
H1 2026: smart contract flaws were the most common attack class and produced 11% of total losses. Key compromise and bridge exploits were less frequent and produced 85%.
Audits address the 11%. They have no visibility into the 85%.
The question after the audit isn't "was this thorough enough." It's "what's monitoring everything the audit couldn't see."
Imagine spending $20K on an audit, the auditor slaps a report on your desk and calls it a day.
You’re left wondering if your code is safer or if you just bought a very expensive PDF.
Teams deserve better than this.
Dedge is joining @areta_io's Ethereum Security Subsidy Program, alongside @cyfrin, @NethermindSec, and @OlympixSecurity.
Some context on why this matters right now.
We tracked 97 confirmed incidents and $802M+ in losses between January and May 2026. The recovery rate was 3.62%.
Drift. Resolv. Rhea Lend. The pattern across every major incident was the same. A failure in what happened after deployment. Config drift, operational compromise, governance manipulation. None of it is visible to a one-time review.
Through this program, Ethereum builders can now access Dedge's continuous security monitoring as part of their security package, from day one of deployment.
An audit tells you where you stood. Dedge tells you where you stand.
Apply here: https://t.co/gbBdUBUa0c
@ethereumfndn @chainlink
2/ We've worked with each provider to curate three security packages purpose-built for Ethereum subsidy program applicants. The tools have come a long way, and we're proud to bring some of the best of them into the program for Ethereum builders.
Big thanks to @cyfrin, @NethermindSec, @DedgeSecurity, and @OlympixSecurity for being a part of this program 🤝
Every signal in this attack was on-chain before execution day.
Durable nonce accounts tied to governance signer addresses. A zero-timelock migration that replaced four of five signers. A fabricated asset seeded three weeks in advance.
Full forensic breakdown:
https://t.co/iwyCc6UOD9
Post: "Beyond the Audit Perimeter: How Drift Protocol Lost $285M Without a Single Code Bug"
$285M. Solana. April 1, 2026.
Root cause: governance misconfiguration across three surfaces. Neither audit was scoped to assess any of them.
@trmlabs, @elliptic, and @chainalysis all attribute this independently to UNC4736.
DPRK-linked. The same cluster behind Radiant Capital in 2024.
$285M. Largest DeFi loss of 2026.
Drift had a Security Council.
It still lost $285 million.
Resolv had clean audits.
It still got drained through a rebalancing window nobody was watching.
The basics matter. But the basics alone aren't the answer either because attackers spent six months inside Drift's operational perimeter before anyone noticed.
Technically speaking, the Security Council didn't fail.
Audits check the code. Nobody checks the posture.
Not at deployment. Not six months later when the pre-signed transactions execute.
The solution is continuous security posture management by watching the configuration, the permissions, the parameter changes, and the operational hygiene of the team, every single day.
That's what's missing.
Every Defi protocol should have:
1. Circuit breakers for deposit and withdrawals, and possibly other internal operations as well
2. Timelocks for any change
3. Security councils that can shut down protocols immediately
We don't need insurance, we need to do start doing the ffcking basics correctly. It's too early for this space to drive without any training wheels.
I beg you, sacrifice a tiny bit of UX to gain a lot of peace of mind. The worst possible UX is losing your user's money.
H1 2026:
• 65 protocols.
• 802M lost.
• <1% recovered.
Audits weren't enough. They weren't scoped to be.
Today at 12 UTC, our CEO, Rubèn Jimènez Garcia, joins @rwaweek's Space on real-time token flow security with @rwa_io, @wsource4, hosted by @pauli_speaks.
Join us at:
https://t.co/EDvYJy8tsP
Bring your hard questions. The format is open.
Good thread. This is why Security Posture Management isn't optional anymore.
Audits tell you your contracts were safe when they were reviewed.
A few additions from an SPM lens:
1) Dependencies aren’t static, neither is your risk.
If your security assumptions depend on external systems (bridges, oracles, DVNs, governance layers), then every config change they make is your risk surface.
You don’t just “review” dependencies, but also continuously monitor them.
2) You are someone else’s attack surface.
If downstream protocols need to monitor your multisigs and EOAs to stay safe, that’s not paranoia, that’s correct behavior.
Security in DeFi is transitive.
3) Detection order needs to invert.
Right now it’s:
attackers → external researchers → internal teams
That’s a losing model.
Instead, the industry need:
internal monitoring → automated alerts → external validation
If the first signal comes from Twitter, it’s already too late.
Monitor your privileged keys, multisigs, upgrade rights, and deps 24/7.
As more and more admin keys are compromised to drain protocols, here's your check list if you are running one:
1) Learn as much as you can about your external dependencies. Once you learn about them, monitor their setup for upgrades 24/7. It's ridiculous to rely on an audit to tell you "hey, the doors to your house are locked, we checked it on 23rd of March". Today the external token that you may depend on could be L0 4/4 DVN; tomorrow, it may be 1/1 DVN. You should get an alert of a change and react to the news
2) As you should monitor your external dependencies, anyone relying on you should monitor you - for them, you are their external dependency. They should monitor every single MultiSig that you run, every single EOA that you set up - it's potentially their liability. Once an unsafe setup is detected, they may (and frankly should) refuse to use your protocol. So make sure you don't have these freaking EOAs that you set up just for operational efficiency
3) The first people spotting your weak points will be hackers. Then, external teams. Finally, your internal ops team. You need to reverse that order
4) Don't rely on AI slop for risk analysis. This current trend, where we see dozens of "risk-mgmt dashboards that I vibe-coded over the weekend" is frankly beyond scaring and outright irresponsible. You will get beautiful-sounding report, but you will never be sure if it is correct or bullshit or something in between
The above you should do on top of code audits of your protocol and impeccable internal opsec, circuit-breaker infra, and whatnot. If you think that's frankly too much or too expensive - gtfo of DeFi
And if you are overwhelmed with the complexity of the task - talk to @l2beat 💕
https://t.co/aTCjNXQBrd
On 22 March 2026, an attacker deposited $200,000 in USDC into Resolv's USR Counter contract and minted 80 million USR.
The contract was executed as written.
We reviewed the architecture. Three findings.
Resolv had 18 audits.
Point-in-time code review does not cover cloud infrastructure configuration. It does not evaluate incident response design. It does not check whether a pause function has a documented trigger threshold.
These are not audit findings, but rather posture findings.
If you are responsible for stablecoin, tokenisation, or privileged off-chain minting exposure: read it.
Full technical breakdown of smart contract layer, infrastructure layer, and compliance layer linked below.
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers