Kotya Security

about 1 month ago

@joranhonig So true, and the fact that you have to pay for the findings that you researched for free is absolutely crazy to me

0

55

about 1 month ago

It's great that this money won't go to nuclear program, but I don't get why people celebrate A long time ago, everyone was building in web3, loving the idea of transparency, financial freedom, and chain finality. And now blockchains are just other format of Centralized Banks?

0

1

0

69

about 1 month ago

I think this is a very significant event for Web3. Back in the days, Ethereum had to execute a hard fork to fix a catastrophic event for the chain. Nowadays, it's okay that a set of Security councils updates the chain back and forth to fix a problem of other projects.

Arbitrum

@arbitrum

about 2 months ago

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

2K

7K

1K

771

5M

1

2

0

136

KotyaSec retweeted

about 2 months ago

Q1 2026 - DeFi attacks have already exceeded $137M in total losses. Roughly $9M was recovered. The pattern is not new: Integer overflow. Oracle manipulation. Reentrancy. Flash loan abuse. Compromised keys. We analyzed five of the largest incidents with our @KotyaSec. Full trend analysis and write-up:

ConsensysAudits's tweet photo. Q1 2026 - DeFi attacks have already exceeded $137M in total losses. Roughly $9M was recovered.

The pattern is not new: Integer overflow. Oracle manipulation. Reentrancy. Flash loan abuse. Compromised keys.

We analyzed five of the largest incidents with our @KotyaSec.

Full trend analysis and write-up:

1

14

6

3

1K

Valentin Wüstholz @vwuestholz

2 months ago

Finding crits, as usual 🤯

2 months ago

📢 March update on fuzzing efforts at @ConsensysAudits (w/ colleagues at @tu_wien): found 9 bugs (5 soundness, 3 completeness, 1 logic) across 4 projects (Corset, gnark, Noir, Ziren)! 🔥 Glad to help secure the ecosystem, @Consensys @gnark_team @LineaBuild @NoirLang @ProjectZKM!

2

34

9

6

2K

0

2

0

83

KotyaSec retweeted

2 months ago

🖤Hackers with hearts showed up 📷 Look at all of you. Our gatherings are for people who genuinely care about this space. The builders, the researchers, the ones who stick around through cycles. Grateful for everyone who came through. @EthCC On Wednesday, we're hosting dinner for a smaller group. If you're leading a project and security is on your mind, link 👇

ConsensysAudits's tweet photo. 🖤Hackers with hearts showed up 📷

Look at all of you.
Our gatherings are for people who genuinely care about this space.

The builders, the researchers, the ones who stick around through cycles.

Grateful for everyone who came through.

@EthCC

On Wednesday, we're hosting dinner for a smaller group. If you're leading a project and security is on your mind, link 👇

2

15

3

2

401

KotyaSec retweeted

2 months ago

Consensys Diligence is heading to @EthCC! 🇫🇷 Good time to talk security, AI-assisted auditing and ZK fuzzing. If you're planning an audit, connect with our team in Cannes: - @T_Birb - @KotyaSec - @nicht_tintin

ConsensysAudits's tweet photo. Consensys Diligence is heading to @EthCC! 🇫🇷

Good time to talk security, AI-assisted auditing and ZK fuzzing.

If you're planning an audit, connect with our team in Cannes:
- @T_Birb
- @KotyaSec
- @nicht_tintin https://t.co/dcsaWgdptF

1

13

5

2

741

2 months ago

@BreakingOtter @LefterisJP @Balancer For some reason, black hats choose to steal all the money so that they will never be able to withdraw fully without getting caught. And while they do that, they are directly killing the whole ecosystems, years of development. Ex. - Bera chain halt after Balancer hack

KotyaSec's tweet photo. @BreakingOtter @LefterisJP @Balancer For some reason, black hats choose to steal all the money so that they will never be able to withdraw fully without getting caught.

And while they do that, they are directly killing the whole ecosystems, years of development.

Ex. - Bera chain halt after Balancer hack https://t.co/FFZCbzORrG

0

1

44

2 months ago

@BreakingOtter @LefterisJP @Balancer So you're basically saying, don't hate the player - hate the game I don't think it's applicable here, not only because of the fact that Balancer doesn't require anything except PoC. But also, that you can usually return 90% of the money as a white hat.

1

0

35

KotyaSec retweeted

2 months ago

Over-prompting dropped discovery rates from 50% to 20%. Structured workflows produce results an auditor can actually evaluate. "Prompting AI is like giving tasks to an intern - you have to be very specific to get results." - @KotyaSec

1

8

1

566

4 months ago

@KhanAbbas201 Space is still immature, devs still write low quality code, projects don’t hire QA testers, internal security engineers, lack of unit testing. And all of that while the code is public, protocols are hacked on average every second day for millions.

0

1

0

32

KotyaSec retweeted

4 months ago

$1.9 billion stolen in 28 days. That was February 2025. Felt like the right time to share what we learned. Our 2025 Security Recap brings together a year of documenting, analyzing, and learning alongside the industry. 192 incidents. $3.14 billion in losses. The exploits that shaped the year and the patterns everyone building in Web3 needs to understand. Some hard truths. Some open questions. We hope it's useful. Full report below 👇

ConsensysAudits's tweet photo. $1.9 billion stolen in 28 days.
That was February 2025.
Felt like the right time to share what we learned.

Our 2025 Security Recap brings together a year of documenting, analyzing, and learning alongside the industry. 192 incidents. $3.14 billion in losses.

The exploits that shaped the year and the patterns everyone building in Web3 needs to understand.

Some hard truths. Some open questions. We hope it's useful.

Full report below 👇

1

20

6

1K

4 months ago

@VitalikButerin Reading this message genuinely made me happy, thanks for publicly acknowledging it

0

14

6 months ago

@jarrodwatts @deadrosesxyz @hosseeb This seems more like the truth, of the current tech skills of AI to hack stuff, to find exploits in the simplest token standards. And the root cause was probably access control, something very obvious

0

1

0

27

KotyaSec retweeted

6 months ago

Thanks for the love @GalloDaSballo. Likewise, huge respect for your contributions. We know we’ve been pretty quiet. Just off in our corner breaking things and building tools like always. 2025 was about becoming independent. Now that the base is solid we promise to share more in 2026.

2

24

3

8

3K

KotyaSec retweeted

Alex the Entreprenerd

@GalloDaSballo

6 months ago

If you’re building anything on the EVM and don’t know about Consensys Diligence Tools You’re likely just rewriting stuff they did years ago Crazy how many times we’ve ended up finding tools and techniques we considered new as repos from them Huge shoutout to an insane technical team that should hire a marketer asap

2

57

6

20

7K