QuillAudits π₯·
8,764 posts
QuillAudits π₯·
@QuillAudits_AI
Multilayer security for Web3 β AI, fuzzing, formal verification, manual audits & monitoring in a single audit
β 1,500+protocol audits
β 25+ chains
β Since 2018
We've started our security review for @MSTBlockchain . We're diving into the protocol and infrastructure layer to assess security, reliability, and network behavior across the updated implementation. Excited to work alongside the team as they continue building. Looking forward
- Humanity Protocol got rekt by seven keys on one laptop. No bug. No exploit. A director got phished, the attacker grabbed his Gnosis Safe signer keys on both chains, drained 141M H from the ETH bridge, then minted 122B+ H from nothing on BSC. 3-of-6 and 3-of-5 multisigs. Both
- We audited some of the most complex DeFi architectures this month. Perp Dexes. Bridges. RWA protocols. Reserve-backed tokens. Multi-chain. Multi-vector. All cleaned up before mainnet. The builders who ship quietly? They audited first. May 2026 roundup is live. π
Made with AI - Formal verification is the only security method with no miss rate. Zcash's Orchard circuit had a silent inflation bug for 4 years. Expert audits missed it. A formal verifier does not flag suspicious code. It attempts to prove output = [scalar]*base for all inputs. When the
- Every crypto neobank says they're secure. Most only audit the smart contracts. The problem? Smart contracts are just 1 of 6 layers that hold user funds. Attackers are increasingly exploiting: β’ Custody infrastructure β’ Card issuing systems β’ Backend ledgers β’ KYC vendors
- π¨ @Humanityprot exploited for $40M+ The attacker didn't find a bug in the code. They compromised 3 Gnosis Safe admin keys, took ownership of the ProxyAdmin, and silently upgraded the entire H token infrastructure across Ethereum and BSC, and managed to get 1,641,182,632 H
Replying to @QuillAudits_AIOn-chain trail: Attacker ETH: etherscan.io/address/0xD1ea⦠BSC: bscscan.com/address/0x6aa2⦠Malicious implementations deployed by attacker ETH: etherscan.io/address/0xee1b⦠BSC: bscscan.com/address/0xd18c⦠Previous legitimate bridge implementation (ETH + BSC):
INCIDENT UPDATE: Last night, June 8, the H token was hit by a coordinated attack across Ethereum and BSC. While weβre still investigating this incident, we want to be transparent with our community about what happened. As of right now, ~$36M+ has been stolen across both chains - π₯ QuillAudits is now officially ISO/IEC 27001:2022 certified. The gold standard in information security, independently audited, not self-declared. Your security is verified, not assumed. Full breakdown of what our ISO certification means for your audit π
- π₯· QuillAudits is coming to New York ETHConf NYC and our CEO @raopreetam_ & CPO @bigrkg will be on the ground the entire time. If you're building in DeFi, stablecoins, or RWAs and want to talk security, this is your shot to sit down with the people who've investigated some
Catching us at the Quantum Qafe Coffee Meetup this Tuesday β A morning event presented by @tectonicxyz alongside @hack_vc , @SushiSwap and others during ETHConf NY. QuillAudits will be there. No agenda. Just builders, coffee, and real conversations. 275+ already registered.On June 11, we're hosting an invite-only roundtable. AI & Formal Verification for Onchain Finance π‘οΈ Built for founders, CTOs, stablecoin & RWA teams, and security researchers. What's on the table: β’ How AI is powering the next wave of DeFi attacks. β’ Real exploit - QuillAudits π₯· reposted
This week, I'm attending @ethconf in New York City. I'm also hosting an event, "AI & Formal Verification for Onchain Finance," alongside it. if you're building or securing onchain finance, come say hi π luma.com/qwsnw8n2
