1d ago · 5 min read · On March 5, 2026, an attacker turned 135 BRO tokens into 567 million — then drained $2.7 million in SolvBTC from Solv Protocol's BitcoinReserveOffering vault. The weapon: a callback-driven double-mint vulnerability hiding in the intersection of ERC-3...
Join discussion1d ago · 6 min read · Proxy upgradeability bugs are responsible for over $500M in cumulative DeFi losses. The OWASP Smart Contract Top 10: 2026 added "Proxy & Upgradeability Vulnerabilities" (SC10) as a brand-new category — recognition that this bug class is no longer nic...
Join discussion2d ago · 5 min read · The Attack That Auditors Already Flagged On March 15, 2026, Venus Protocol on BNB Chain lost $3.7 million and accrued $2.15 million in bad debt from a single attacker who spent nine months preparing. The exploit combined three well-known attack vecto...
Join discussion3d ago · 11 min read · The Attack That Proves Flash Loan Defenses Are Still Broken On January 20, 2026, an attacker drained approximately $4.2 million (1,299 ETH) from Makina Finance's DUSD/USDC Curve stableswap pool using a flash loan oracle manipulation that took seconds...
Join discussion3d ago · 10 min read · The Problem Nobody's Talking About Account Abstraction (AA) was supposed to fix crypto UX forever. No more seed phrases. Social recovery. Gas sponsorship. Batch transactions. The dream. But here's what the dream looks like in practice: Trail of Bits ...
Join discussion4d ago · 5 min read · Solana Smart Contracts with Python: A Beginner's Complete Guide Solana is one of the fastest blockchains on the planet, processing thousands of transactions per second at a fraction of the cost of Ethereum — and you don't need to learn Rust to start ...
Join discussion5d ago · 5 min read · When Ethereum's Pectra upgrade went live on May 7, 2025, it brought EIP-7702 — a powerful mechanism that lets Externally Owned Accounts (EOAs) temporarily delegate their execution to smart contracts. The promise was revolutionary: transaction batchin...
Join discussion6d ago · 9 min read · The OWASP Smart Contract Top 10: 2026 just dropped, and it's the most data-driven edition yet — built on 122 deduplicated incidents from 2025 totaling $905.4 million in smart contract losses alone. If you're building, auditing, or investing in DeFi, ...
Join discussion6d ago · 4 min read · The Upgradeable Contract Kill Chain: How Uninitialized Proxies Became DeFi's $200M+ Recurring Nightmare From Parity's $150M freeze to Ronin's $12M drain — the same initialization bug keeps claiming victims. Here's why, and how to stop it. Every DeFi...
Join discussionMar 13 · 7 min read · Two Incidents, 48 Hours, $76 Million Between March 10–12, 2026, Aave—the protocol that just crossed $1 trillion in lifetime loans—suffered back-to-back incidents totaling roughly $76 million in user losses. Neither involved an external attacker. Both...
Join discussion
