Olivia
Online
Oak Security
@SecurityOak
Book. Secure. Relax.
Oak Security offers audits, penetration testing, training, and advisory.
Joined July 2021
414 Following
2.8K Followers
1.9K Posts
Pinned Tweet
Straight, sharp, and action-driven:
CypherTalk is now LIVE in the TheDAO Security Fund round.
We break down:
• OpSec for builders
• ZK & privacy risks
• Real-world attack patterns
Featuring voices from across Ethereum.
Support & vote:
https://t.co/owr4qsHtgN
Every contribution increases matching.
We're incredibly proud to be part of @thedaofund's first Ethereum community quadratic funding round.
CypherTalk brings top-quality interviews with experts in the fields of cryptography, privacy, and security, with a mission to make protocols and users safer.
Support us 👇
Listen here : https://t.co/K3FZMszEVu
New CypherTalk Podcast episode is live!
@isaacpatka, Certification Lead at @_SEAL_Org and Co-Founder of @0xshield3, joins @beyer_st and @pumpkinGMI to discuss:
🔹 SEAL Certifications
🔹 Incident response & war games
🔹 Operational security
🔹 Social engineering
🔹 AI-driven threats
"An audit tries to prevent an incident. A war game helps you deal with one."
Listen here: https://t.co/K3FZMszEVu
Who to follow
yAudit
@yAuditDAO
ZK & Smart Contract Auditing. Formerly yAcademy, electisec
Jeff Security
@jeffsecurity
Independent Smart Contract Researcher & Researcher at @ShieldifySec
My mission is to find vulnerabilities in smart contracts for a safer Web3 Space!
dravee.eth
@BowTiedDravee
Leading at @Certora 👨💻 | Preaching about Mindsets 📝 | Over-Approximating 🔎 | Expectations != Reality
@_SEAL_Org Congratulations to the SEAL team on this milestone.
Security is strongest when the ecosystem aligns around shared standards.
We're proud to be among the accredited firms offering SEAL Certifications and look forward to helping protocols demonstrate and strengthen their security posture.
Congratulations to the SEAL team on this milestone.
It's finally happening!
SEAL Certifications are now open for business. 🎉
It's finally happening!
SEAL Certifications are now open for business. 🎉
Listen here: https://t.co/W0GzHu9BkF
Finding a critical bug is one thing. Getting paid for it is another.
On CypherTalk, @joranhonig joins @beyer_st and @pumpkinGMI to discuss bug bounty incentives, responsible disclosure, and why researchers often lose leverage the moment a report is submitted.
Listen here: https://t.co/W0GzHu9BkF
Bug bounty hunting is a game of efficiency.
On CypherTalk, @joranhonig joins @beyer_st and @pumpkinGMI to explain why bounty hunters focus on finding the highest-impact vulnerabilities rather than reviewing every line of code.
The goal: identify the crown jewels, maximize impact, and spend time where it matters most.
A single court order just froze the entire confidential cUSDC token contract of Zama.
At Zama it hit mostly a hacker's funds, so it stayed clean.
But the real danger is what this means for every other privacy protocol: freeze the contract, freeze everyone in it.
Here's the problem. 🧵 1/6
Thanks to @zachxbt, we found the root cause and will be taking the appropriate actions to unblock the situation. Tldr; this has nothing to do with Zama, or privacy.
The issue stems from an address related to the Overnight Finance hack, which deposited over ~$12.5m USDC into our confidential USDC wrapper contract. Back when they did, their address wasn't on any sanctions list and was not flagged by our KYT tools. However, a court order yesterday night placed a restraining order on various wallets linked to the hacker.
Since there wasn't much utility yet for the cUSDC wrapper, there were very little funds in it, and as a result the vast majority (>99%) of funds in the cUSDC contract came from that single hacker's deposit. Because of this, the court order asked to freeze our wrapper contract to freeze the hacker's fund.
So the sanction was not against Zama, or against privacy. It was a classic restraining order as we see often in DeFi, and we should have been notified so we could have taken the appropriate actions on our side.
I want to be very clear about something: our posture has always been compliant confidentiality, and we will not tolerate any illicit behavior in our protocol. It's also really useless for hackers to try to use Zama to hide their trail as we are precisely not a mixer and we do not obfuscate the sender and recipient, only balances and amounts. Eg you can see the hacker's cUSDC transactions here: https://t.co/yFtdaz5ytU
We are in touch with the various people involved to resolve the situation asap. In the meantime, we will pause the cUSDC, cUSDT and cWETH contracts until we have finished our investigation, identified all addresses linked to this case and taken appropriate action.
I will share a more detailed post-mortem and how we plan to deal with such requests in the future.
Sponsorship Spotlight:
Looking forward to having @bermudabayzk on board for the Institutional and Policy Forum.
Institutions will not sleep on privacy, compliance, and security.
Format
⤷ A curated room of regulators, institutions, and builders, built for candid discussion, not public positioning. The insights raised feed directly into EEI's ongoing engagement with EU institutions, including the MiCA review and tokenisation initiatives.
On 15 June, the European Ethereum Institute and @SecurityOak are bringing the Institutional and Policy Forum in Berlin.
A full-day gathering of institutions, policymakers, central banks, regulators, and Ethereum builders shaping Europe’s next financial layer.
Sponsorship Spotlight:
Looking forward to having @bermudabayzk on board for the Institutional and Policy Forum.
Institutions will not sleep on privacy, compliance, and security.
On 15 June, the European Ethereum Institute and @SecurityOak are bringing the Institutional and Policy Forum in Berlin.
A full-day gathering of institutions, policymakers, central banks, regulators, and Ethereum builders shaping Europe’s next financial layer.
@EuEthInstitute Can't miss this. Builders, Regulators, and Institutions all in one room.
Listen here: https://t.co/W0GzHu9BkF
Operational security is about reducing risk, not eliminating it.
On CypherTalk podcast, @joranhonig joins @beyer_st and @pumpkinGMI to discuss zero-trust thinking, economic risk assessment, and why becoming a harder target is often the real goal.
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers