TrustSec (@TrustSecAudits) / X

TrustSec

856 posts

TrustSec

@TrustSecAudits

Web3 security boutique, founded by @trust__90. Audits (150+), Partnerships (10+), Bug Bounties ($600k+), securing on-chain ecosystems one bug at a time.

Joined June 2012

Pinned
TrustSec
@TrustSecAudits
Mar 27
‼️ MAJOR ANNOUNCEMENT TLDR: - Trust Security is now TrustSec. New name, new logo, new website. - We’re setting industry standards on how security teams communicate their work. Our entire portfolio is now on open display - every audit, bounty, contest win. Full transparency,
00:00
17K
TrustSec
@TrustSecAudits
Oct 21, 2024
Dear @PrimordialAA and @LayerZero_Core AKA @StargateFinance team, I’m writing to you during your office hours of 9-5pm on M-F and have no reason to believe today is a national holiday. I’d like to inform you that your Bridge contract has a critical issue. You mistakenly
Bryan Pellegrino (臭企鹅)
@PrimordialAA
Oct 21, 2024
Dear @AcrossProtocol team, I’m writing to you during your office hours of 9-5pm on M-F and have no reason to believe today is a national holiday. I’d like to inform you that your token contract has a critical issue. You mistakenly exposed what was meant to be an internal
211K
TrustSec
@TrustSecAudits
Apr 10, 2023
People are saying all kinds of terrible things while being uninformed so allow me to share more details. I've initiated coordination privately with Immunefi officials 3 hours before the white-hack. 90 minutes later, I realized the asset is currently used by the frontend and
160K
TrustSec
@TrustSecAudits
Jan 3, 2023
It has been decided. Every 2 weeks I will leak one alpha auditing/bug hunting tip that keeps me ahead of the competition. Let's hope that my pocket of tricks is deep enough...🎩
68K
TrustSec
@TrustSecAudits
Apr 9, 2023
I have just white-hacked @0xSifu for 100ETH. I would like to return it, contact in DM
260K
TrustSec
@TrustSecAudits
Sep 8, 2023
Two weeks ago I've discovered a bug class that impacts hundreds of projects, 20+ of which have an active bug bounty. I've reported them all simultaneously. Project responses have varied between outright denying the issue, to paying the max for that severity. This has been a
53K
TrustSec
@TrustSecAudits
Nov 14, 2023
Can finally share what @zachobront and I have been working on last year. TLDR: Attacker can break neutrality guarantees of Chainlink's VRF (verifiable random function). Chainlink confirmed CRITICAL severity and paid us $300K for the finding!🎇 From the Chainlink blog:
52K
TrustSec
@TrustSecAudits
Oct 21, 2024
Replying to @PrimordialAA and @AcrossProtocol
Dear @PrimordialAA and @LayerZero_Core AKA @StargateFinance team, I’m writing to you during your office hours of 9-5pm on M-F and have no reason to believe today is a national holiday. I’d like to inform you that your Bridge contract has a critical issue. You mistakenly
39K
TrustSec
@TrustSecAudits
Dec 7, 2022
Got lucky and went on an absolute killing spree on CodeArena 🥇🥇🥇 Will share writeups when findings are public as usual 📃🖋
TrustSec
@TrustSecAudits
Jul 21, 2023
Talking with the fine folks on the security panel was a pleasure. A few sessions in, I'm also convinced some of the best math / pure compsci in crypto is done at @zksync
ZKsync
@zksync
Jul 21, 2023
Inspiring conversation, great minds and magical views @ zkUnconference ✨
102K
TrustSec
@TrustSecAudits
Nov 12, 2024
Recently the bounty team at TrustSec found another critical leading to live unauthenticated theft of funds. Due to what we consider malicious behavior of the project and especially of @immunefi , not only did the project get away without paying the bounty, but due to a dirty
immunefi.com
Immunefi - Responsible Publication Policy | Immunefi
48K
TrustSec
@TrustSecAudits
Jun 25, 2025
Every day that goes by it becomes increasingly clear to us that @cantinaxyz is an extractive entity and a net negative to the space. A week past @jack__sanford 's killer piece on the countless deficiencies of the Cork contest and no hint of a response soon. With the amount of
25K
TrustSec
@TrustSecAudits
Apr 17, 2023
Check out our GOAT lineup at Trust Security's new roster page! trust-security.xyz/team Magical things happen when you bring the provably best auditors on the planet to collaborate rather than compete. Book your/our success story today.
71K
TrustSec
@TrustSecAudits
Feb 2, 2023
Legends speak of illegal software that outputs all bugs in a given repo. They call it trustGPT.
41K