🚨 We got RCE on Solana 🚨 Finally revealing FULL details about the RCE vulnerability we found 2 years ago. Found it. Lost it. Exploited it anyway. 🔬 Here’s what real-world bug hunting looks like: anatomi.st/blog/2025_06_2…

We worked with DefiLlama.com to remove ~500 dead dApp domains from their database 🧟‍♀️ Some already host drainers. ⚠️ Wallets use these dApp lists to mark domains as trusted. If you manage a dApp list or phishing DB, make sure to filter these to protect users.

Do you remember when you joined Twitter? I do! #MyTwitterAnniversary

+ Approach the code review assuming a developer may have intentionally introduced a subtle bugdoor.

🪓🧟Our zombie dApp research delivered a list of malicious domains. We're now sharing it directly with web3 security teams because public GitHub lists didn't spread as expected, likely because providers fear false positives. Get in touch!

Billions stolen ≠ Web3 security is worse. We do both Web2 and Web3 audits. 🌐 Web2: every black-box pentest is a bloodbath of critical issues in production. 🦄 Web3: most high-risk bugs are caught pre-release. The difference? Web3 attacks can’t be swept under the rug.

🧟‍♀️🧟‍♀️ ⚠️ Zombie dApp alert! 🥖 "baguette[.]exchange" just turned and now hosts as a fake CAPTCHA to drain wallets 💸🛑 Don’t connect block the site and please help us report it. #Crypto #Web3 #ScamAlert cc 0xngmi Web3 Antivirus Kerberus ChainPatrol.com Security Alliance DappRadar

Michael from Curve Finance confirmed they’re switching DNS providers. This is not an attack, but as a precaution, only use curve.finance

Zombie dapp update:🧟‍♀️🧟‍♂️🧟 100+ wallet drainer domains just got buried. 🪓🪓 Our team tracked the necromancer behind them and drove a stake through his op. Stay safe out there. #Web3 #InfoSec #security

Huge shout-out to Netlify 🎉 - their support team crushed every drainer account we flagged. FYI Vercel: the same attackers migrated to your platform after Netlify kept banning them.