ETH Foundation: AI Agents Find Bugs, Mostly False Positives
The Foundation frames AI-driven auditing as a force multiplier for human reviewers, not a replacement, and the false-positive ratio is the reason that distinction still matters.
Every Zipp story tagged #Security, newest first.
The Foundation frames AI-driven auditing as a force multiplier for human reviewers, not a replacement, and the false-positive ratio is the reason that distinction still matters.
The platform's wallet-to-wallet model sidesteps the pooled-custody attack surface that drained KelpDAO, Drift, and Grinex in a single quarter.
Treasury's $10B scam warning and a new DeFi coalition show the industry is finally treating social engineering and state-linked hackers as the primary attack surface, not smart-contract bugs.
The builder cannot trace the perpetrator, and recovery work is still running through parallel approaches two weeks after the breach first surfaced.
The flaw sat in SecondFi's address-generation layer, so moving a seed phrase to a new wallet offers zero protection, and SlowMist's wider loss estimate is the number every ADA holder is reading now.
A US criminal case built around a Bitcoin-funded Lamborghini has put physical attacks on crypto holders back in the courtroom, as cumulative losses from wrench attacks top $100M this year.
Bridges, flash-loans and key compromises have been engineered out. The remaining risk is bespoke protocol logic — and a single flaw now lands on Ethereum, Base, Arbitrum, Polygon, OP Mainnet and…
April logged breaches on 27 of 30 days and North Korea drained nearly $600M from Drift and Kelp — the executives on stage in Paris said the bridge problem alone is keeping institutional capital on…
Solstice Labs' CEO frames the gap as cultural, not technical: DeFi's growth is being undercut by a $2B+ exploit cycle that proves capital management, not code, is the missing layer.
OpenZeppelin's CEO says coding agents have flipped the asymmetry on smart contract security — and $1.1B in 12-month hack losses plus a $20B+ TVL drop make the warning impossible to wave off.
Cross-chain liquidity router Squid has moved to distance itself from a $3.2 million exploit tied to a third-party…
A four-chain drain hitting BTC, ETH, BNB and Base layers puts THORChain back on incident-watch — the fourth or fifth security event on a protocol that has been here before.
Ronghui Gu says the cost gap is structural: attackers lean on AI to scan operational and supply-chain gaps faster than white-hat budgets can keep up, while the Arbitrum freeze fallout threatens…
A single verifier-path failure let a fraudulent cross-chain message slip through, and the knock-on withdrawal cascade is now reading as a stress test of DeFi contagion plumbing.
If Kelp's Telegram screenshots hold, the $292M loss wasn't Kelp's misconfiguration — it was a verifier design LayerZero reviewed for 2.5 years, then blamed on the victim after Lazarus drained the…
Griff Green argues the real risk on Aave isn't smart-contract bugs — it's operational: leaked keys and social engineering from state-aligned attackers that lending markets haven't priced in.
The opt-in feature lets users freeze on-chain withdrawals for up to a week, a security control that targets social-engineering and account-takeover vectors, not just external hacks.
Contracts held, bridge didn't: WETH utilization hit 100% in 90 minutes, a seven-hour head start the Protocol Guardian's freeze couldn't recover.
The new 1–7 day freeze is the first major exchange feature aimed squarely at physical coercion, not phishing — and it lands as CertiK data shows 75% more wrench attacks in 2025.
The 1–7 day lock is opt-in and only fires when a user flips it on — a UX nudge toward self-custody-grade caution that depends entirely on the user opting in ahead of the hack, not during it.