Secure0x @Secure0x - Twitter Profile

Pinned Tweet

Secure0x @Secure0x

12 months ago

If a web3 project has a revenue model but can’t fund basic security, do they even care about users funds at all?

1

0

394

Secure0x retweeted

Sadik

@0xsadikbaba

15 days ago

Black hats always win Whitehat spends weeks on a PoC, gets it accepted, saves the project $800M walks away with ~$4k. Meanwhile, the Verus bridge attacker drains $11.58M, returns $8.5M after negotiation, and pockets $2.8M as bounty with no charges. The system is not fair enough.

0xsadikbaba's tweet photo. Black hats always win

Whitehat spends weeks on a PoC, gets it accepted, saves the project $800M walks away with ~$4k.

Meanwhile, the Verus bridge attacker drains $11.58M, returns $8.5M after negotiation, and pockets $2.8M as bounty with no charges.

The system is not fair enough.

51

718

62

150

59K

Secure0x @Secure0x

about 2 months ago

@pashov FR

0

1

0

148

Secure0x @Secure0x

about 2 months ago

@pashov https://t.co/A4bpXNjzWx

Secure0x @Secure0x

about 2 months ago

reported a critical vulnerability that could've drained nearly over $1M. Project: "Thanks! We fixed it. Here's $5,000." : You made $ x,xxx,xxx in revenue last year and this is what you offer? Project: "Gotcha, April Fools. Here's additional $45,000."

1

3

0

1K

0

2

1

0

1K

Secure0x retweeted

pashov

@pashov

about 2 months ago

Hyperbridge exploit story: >single audit, no bug bounty >rude to whitehats, publicly mocking their efforts >April Fool's - "Security Incident Report xD lolllz" >claims they're unhackable >gets hacked 2 weeks later - "Bridge update!" Always respect the whitehat efforts, always🙏

pashov's tweet photo. Hyperbridge exploit story:

>single audit, no bug bounty
>rude to whitehats, publicly mocking their efforts
>April Fool's - "Security Incident Report xD lolllz"
>claims they're unhackable
>gets hacked 2 weeks later - "Bridge update!"

Always respect the whitehat efforts, always🙏 https://t.co/KE7qnK5IXC

58

1K

123

183

81K

Secure0x @Secure0x

about 2 months ago

reported a critical vulnerability that could've drained nearly over $1M. Project: "Thanks! We fixed it. Here's $5,000." : You made $ x,xxx,xxx in revenue last year and this is what you offer? Project: "Gotcha, April Fools. Here's additional $45,000."

1

3

0

1K

Secure0x retweeted

Nolan | Exvul

@ma1fan

about 2 months ago

Check out this article: HB Token Exploit Analysis: ~$193K Lost to AMM Reserve Manipulation via Reward Path https://t.co/aZ8FlT8Upt

0

12

3

8

1K

Secure0x retweeted

Secure0x @Secure0x

about 2 months ago

@zachxbt @arc the real problem now projects just patch the bug and offer zero room to negotiate a fair reward. not even the bare minimum.

0

1

0

943

Secure0x @Secure0x

about 2 months ago

@zachxbt @arc the real problem now projects just patch the bug and offer zero room to negotiate a fair reward. not even the bare minimum.

0

1

0

943

Secure0x retweeted

ZachXBT

@zachxbt

about 2 months ago

@arc I can match your lowball joke of a Circle bug bounty program with my personal funds if a grey hat researcher chooses to exploit it for themselves.

zachxbt's tweet photo. @arc I can match your lowball joke of a Circle bug bounty program with my personal funds if a grey hat researcher chooses to exploit it for themselves. https://t.co/QrwnYVD1C3

54

635

27

108K

Secure0x retweeted

William | bugduino.eth @bugduino

3 months ago

Thanks to @Secure0x for flagging a misconfiguration on an old, unused legacy subdomain from the pre-rebrand Idle era. No active Pareto infrastructure or production user flow was affected, but we appreciate the responsible disclosure and have taken care of it.

0

4

1

0

146

Secure0x @Secure0x

5 months ago

Secure0x. Same team. Still hunting. Last year’s vulnerabilities didn’t stop us. Neither will this year’s. Projects we touched stayed off the breach headlines. That’s the only metric.

Secure0x's tweet photo. Secure0x. Same team. Still hunting. Last year’s vulnerabilities didn’t stop us. Neither will this year’s.
Projects we touched stayed off the breach headlines. That’s the only metric. https://t.co/YvFaoWyHsR

0

39

Secure0x @Secure0x

11 months ago

@lonelysloth_sec majority them don’t know how to handle situations… panic rules highlight

1

0

239

Secure0x retweeted

LonelySloth

@lonelysloth_sec

11 months ago

If you’re running a BBP Someone reports to you a bug that puts your entire TVL at immediate risk And your number one concern is “how can I pay less for the bounty? 0.05% of funds at risk is too much!” Why do you have a BBP? Why are you even in web3 actually?

16

123

6

7

9K

Secure0x retweeted

Poscidon

@PoSciDonDAO

11 months ago

Shout out to community members such as @Secure0x that work hard to keep web3 safe. Together, we protect and fuel the future of DeSci!

0

17

4

0

665

Secure0x @Secure0x

11 months ago

@sandypeng bounty + $33k extra from pockets 🌛👍

0

113

Secure0x retweeted

Immunefi

@immunefi

11 months ago

🎉 The $20,000 Invite Only Program with @zano_project has officially wrapped! All rewards have been distributed to the participating security researchers. 🏆 Winners: 1️⃣ @0xiamkunal9 – $7,194 2️⃣ @Secure0x – $3,971 3️⃣ @hacker_ – $2,835 👏 Big congrats to all the winners! 🔗 Leaderboard: https://t.co/aETEJ4FtVT

immunefi's tweet photo. 🎉 The $20,000 Invite Only Program with @zano_project has officially wrapped!

All rewards have been distributed to the participating security researchers.

🏆 Winners:
1️⃣ @0xiamkunal9 – $7,194
2️⃣ @Secure0x – $3,971
3️⃣ @hacker_ – $2,835

👏 Big congrats to all the winners!
🔗 Leaderboard: https://t.co/aETEJ4FtVT

5

31

5

1

3K

Secure0x @Secure0x

12 months ago

Yes, this is how we monitor projects w bug bounty programs. Secure0x, always reporting the unexpected first ;-;

0

1

0

154

Secure0x @Secure0x

12 months ago

Secure0xd Projects: It took years of contributing (: The `IMPACT` factors are based on the overall report's impact, not just isolated bug severity. Really! Awesome projects!! https://t.co/IzBVd41GSU