QuillAudits π₯·
8,758 posts
QuillAudits π₯·
@QuillAudits_AI
Multilayer security for Web3 β AI, fuzzing, formal verification, manual audits & monitoring in a single audit
β 1,500+protocol audits
β 25+ chains
β Since 2018
Formal verification is the only security method with no miss rate. Zcash's Orchard circuit had a silent inflation bug for 4 years. Expert audits missed it. A formal verifier does not flag suspicious code. It attempts to prove output = [scalar]*base for all inputs. When the
- Every crypto neobank says they're secure. Most only audit the smart contracts. The problem? Smart contracts are just 1 of 6 layers that hold user funds. Attackers are increasingly exploiting: β’ Custody infrastructure β’ Card issuing systems β’ Backend ledgers β’ KYC vendors
- INCIDENT UPDATE: Last night, June 8, the H token was hit by a coordinated attack across Ethereum and BSC. While weβre still investigating this incident, we want to be transparent with our community about what happened. As of right now, ~$36M+ has been stolen across both chains
- Replying to @QuillAudits_AIOn-chain trail: Attacker ETH: etherscan.io/address/0xD1ea⦠BSC: bscscan.com/address/0x6aa2⦠Malicious implementations deployed by attacker ETH: etherscan.io/address/0xee1b⦠BSC: bscscan.com/address/0xd18c⦠Previous legitimate bridge implementation (ETH + BSC):
- Replying to @QuillAudits_AIH token was built as a multichain token using custom Hyperlane bridge contracts, all managed through a shared ProxyAdmin, which itself was owned by a Gnosis Safe. The attacker compromised 3 signing keys of the Gnosis Safe, crossed the execution threshold, transferred ProxyAdmin
- π¨ @Humanityprot exploited for $40M+ The attacker didn't find a bug in the code. They compromised 3 Gnosis Safe admin keys, took ownership of the ProxyAdmin, and silently upgraded the entire H token infrastructure across Ethereum and BSC, and managed to get 1,641,182,632 H
- π₯ QuillAudits is now officially ISO/IEC 27001:2022 certified. The gold standard in information security, independently audited, not self-declared. Your security is verified, not assumed. Full breakdown of what our ISO certification means for your audit π
- Replying to @QuillAudits_AIOn June 11, we're hosting an invite-only roundtable. AI & Formal Verification for Onchain Finance π‘οΈ Built for founders, CTOs, stablecoin & RWA teams, and security researchers. What's on the table: β’ How AI is powering the next wave of DeFi attacks. β’ Real exploit
- Replying to @QuillAudits_AICatching us at the Quantum Qafe Coffee Meetup this Tuesday β A morning event presented by @tectonicxyz alongside @hack_vc , @SushiSwap and others during ETHConf NY. QuillAudits will be there. No agenda. Just builders, coffee, and real conversations. 275+ already registered.
- π₯· QuillAudits is coming to New York ETHConf NYC and our CEO @raopreetam_ & CPO @bigrkg will be on the ground the entire time. If you're building in DeFi, stablecoins, or RWAs and want to talk security, this is your shot to sit down with the people who've investigated some
