Coinspect Security

about 12 hours ago

Needed. About "No composite scoring" (we ♥️ rankings): sounds neutral, but in the vertical interfaces we scroll every day, something always goes first. Ordering can be hidden in UI defaults, or explicit with raw data, methodology, expert-voted weights, and adjustable by users.

charles (csl) ᛋ

@CharlieStLouis

1 day ago

1/ The EF App Relations team is putting out an open RFP for a neutral DeFi risk intelligence aggregator. Public good, open source, no composite scoring. If you're the team to build this, applications close June 15. Apply here: https://t.co/vvbZiEBH4h Here's how we got here 👇

9

150

43

35

23K

0

5

0

139

about 12 hours ago

@Bookof_Eth @CharlieStLouis @ethereumfndn Weights can be voted on transparently, combined with AHP, pairwise voting and exposed as adjustable sliders so users can reflect their own priorities; while raw data always remains available. We are developing a web app to make weight voting less tedious.

0

8

coinspect retweeted

Paladin Blockchain Security

about 22 hours ago

BOMB "... found myself back in 2012. That year, Juliano Rizzo and I discovered CRIME, a compression oracle that recovered cookies from compressed HTTP headers. I was at Google at the time, so I was asked to review the fix, ... I just re-read my notes from that review..."

0

11

2

0

2K

Who to follow

@0xPaladinSec

Smart contract audits with a focus on safety from the user's perspective. Audited projects are not an endorsement nor financial advice. https://t.co/hm7CmgOr4t

Gerard Persoon

@gpersoon

Solidity security reviews @cantinasecurity https://t.co/2Ql2W2pa9w

0xasen

@asen_sec

Web3 sec x AI. Minimizing trust, line by line. Bleeding edge security at @PashovAuditGrp

coinspect retweeted

koeppelmann

@koeppelmann

3 days ago

Unfortunately, there is a hack related to @gnosispay and the "delay module". Please be patient while we try to contain the damage. Rest assured, Gnosis will cover all user losses.

63

757

140

125

171K

3 days ago

Incident worth following:

mrwildcat

@mrwildcat7

4 days ago

I'm certainly underestimating the amount stolen, given that addresses on the Bitcoin network were also drained. The most likely cause is the use of a faulty mnemonic implementation that does not generate seeds with enough entropy to be secure.

1

17

3

4

3K

0

1

221

Blockchain Threat Intelligence @blockthreat

6 days ago

Thanks to @Giveth, @thedaofund, and the Ethereum community for backing our Wallet Security Ranking in the QF Round. We're proud to be part of this ecosystem-wide effort. We'll keep shipping transparent and open resources that help improve web3 end-user security — with more public goods to come.

coinspect's tweet photo. Thanks to @Giveth, @thedaofund, and the Ethereum community for backing our Wallet Security Ranking in the QF Round.
We're proud to be part of this ecosystem-wide effort.
We'll keep shipping transparent and open resources that help improve web3 end-user security — with more public goods to come.

1

18

8

0

507

coinspect retweeted

7 days ago

BlockThreat - Week 21, 2026 $7.7M was stolen across 11 incidents this week. 10+ hacks a week is the new baseline. This week’s BlockThreat focuses on three attack vectors DeFi projects and security auditors should prioritize immediately.

blockthreat's tweet photo. BlockThreat - Week 21, 2026

$7.7M was stolen across 11 incidents this week.

10+ hacks a week is the new baseline.

This week’s BlockThreat focuses on three attack vectors DeFi projects and security auditors should prioritize immediately. https://t.co/fvcs2pLqQw

1

10

3

6

760

coinspect retweeted

Giveth

@Giveth

7 days ago

🛡️ The results for the @thedaofund’s Ethereum Security QF Round are LIVE! This historic round is closing with a HUGE last minute contribution: @wintermute_t has added $200K to the matching pool 🔥 Wintermute is a well known liquidity provider, and one of the leading supporters of Ethereum security, in fact exactly a year ago today they donated $1M to @_SEAL_Org. This year they teamed up with TheDAO, @Quantstamp & several other community partners to allocate over $1.6M worth of funding to Ethereum Security Public Goods 👇

Giveth's tweet photo. 🛡️ The results for the @thedaofund’s Ethereum Security QF Round are LIVE!

This historic round is closing with a HUGE last minute contribution:

@wintermute_t has added $200K to the matching pool 🔥

Wintermute is a well known liquidity provider, and one of the leading supporters of Ethereum security, in fact exactly a year ago today they donated $1M to @_SEAL_Org.

This year they teamed up with TheDAO, @Quantstamp & several other community partners to allocate over $1.6M worth of funding to Ethereum Security Public Goods 👇

69

372

94

16

136K

7 days ago

"secure" has ingredients

vitalik.eth

@VitalikButerin

7 days ago

In an ideal world all software and hardware would have "nutrition labels" that provide a full list of trust dependencies - what math and which actors' honest behavior (and on what time scale) the system is relying on to provide its core functionality and implied guarantees.

308

1K

237

72

170K

1

8

2

1

571

8 days ago

👀 The new Wallet Security Ranking repo started to move Wallet teams: if you've improved your app since our last review, open an issue!

coinspect's tweet photo. 👀 The new Wallet Security Ranking repo started to move
Wallet teams: if you've improved your app since our last review, open an issue! https://t.co/OuaMpruf30

0

5

1

222

8 days ago

In wallets, the challenge is building features that are secure, respect privacy, and are usable at the same time. A weak privacy feature can be worse than no privacy feature: it gives users confidence without giving them protection.

0

1

0

103

8 days ago

Privacy was on the checklist when we started the Wallet Security Ranking. We tested security first because security is what makes meaningful privacy possible.

0

2

0

117

8 days ago

cc @MetaMask @CBWalletUK @ambire @OneKeyHQ @Rabby_io @rainbowdotme @zerion @BinanceWallet @phantom @Ctrl_Wallet @coin98_wallet @exodus @brave @TrustWallet

1

2

0

1

227

8 days ago

📢 Wallet Vendors: Our Wallet Security Ranking is fully open & collaborative. Spot a testing mistake? Fixed an issue we flagged? ➡️ Let us know. Just click "Report an issue with this check" on any wallet report (one-click GitHub issue template in our repo)

coinspect's tweet photo. 📢 Wallet Vendors:
Our Wallet Security Ranking is fully open & collaborative.
Spot a testing mistake?
Fixed an issue we flagged?
➡️ Let us know.
Just click "Report an issue with this check" on any wallet report (one-click GitHub issue template in our repo) https://t.co/378IpYoko9

1

4

0

261

9 days ago

@VitalikButerin @donnoh_eth @zklim5389 and dApp frontend privacy? many delivering obfuscated trackers that get your wallet address and more.

0

1

79

coinspect retweeted

11 days ago

1/ From all the recent writeups, I pick a few to read carefully and enjoy while drinking 🧉 and eating chipa, the way I did before with every (yes) Bugtraq post. This week: Qualys ptrace LPE, CVE-2026-46333 — no AI Linux PDF RCE, CVE-2026-46529 — human+AI Both are worth reading:

1

62

8

29

6K

coinspect retweeted

15 days ago

🚨GitHub CONFIRMS breach of ~3,800 internal repositories. Root cause: Poisoned VS Code extension on employee device. Exfiltrated: GitHub Actions, Enterprise, Copilot, CodeQL, billing/auth platforms + more. ✅ No customer data impacted Log analysis and secret rotation in progress.

0

13

3

5

6K

coinspect retweeted