GM Anon!

Welcome to this month’s QuillAudits roundup, where we discuss everything that happened in Web3 security, including recent attacks, our research, and our partnership initiatives.

Month In Review

This month, various protocols suffered attacks resulting in total losses exceeding $64.5 million. The exploits stemmed from multiple vulnerabilities, including access control flaws, social engineering, oracle manipulation, and exit scams. The most significant incident involved BtcTurk, where attackers compromised hot wallet private keys and drained assets across multiple blockchain networks, resulting in a loss of approximately $48 million. The stolen funds were consolidated into a few addresses, swapped through decentralized exchanges, bridged across chains including Ethereum and Solana and partially held in ETH, SOL, stablecoins, and meme tokens to obscure their origin. Other notable breaches included BetterBank ($5 million), Odin.fun ($7 million), and CrediX Finance ($4.5 million).

Audit Stats from August

Featured Blogs

EIP7702: Technical Deep Dive into the New Era of Account Abstraction

Uniswap v4: Technical Breakdown and Hooks Ecosystem

Read about Major Hacks from Last Month

BetterBank: BetterBank, a lending protocol on PulseChain, lost ~$5M after attackers abused flawed bonus logic that minted ESTEEM tokens for fake liquidity. By wash trading and exploiting the reward system, they drained 891M DAI, 9.05B PLSX, and 7.40B WPLS.

Odin.fun: Odin.fun, a Bitcoin memecoin launchpad on ICP, lost 58.2 BTC (~$7M) after attackers seeded pools with worthless tokens, manipulated prices via self-trades, and drained liquidity. The flaw stemmed from its AMM model relying solely on internal ratios without external price checks.

CrediX Finance: On August 4, 2025, CrediX Finance, a lending protocol on Sonic Blockchain, suffered an apparent $4.5 million exploit, now suspected to be an exit scam. An insider with admin-level permissions minted unbacked stablecoins (acUSDC and acscUSD), used them as collateral to drain assets, abandoned recovery efforts, and disappeared immediately after.

Uniswap V4 Development Handbook Launch

This month, we are thrilled to announce the release of the Uniswap v4 Development Handbook, a comprehensive resource designed for developers, researchers, and innovators exploring Uniswap’s latest iteration.

The launch of Uniswap v4 marks a fundamental redesign of automated market makers (AMMs) and programmable liquidity. Our handbook provides in-depth guidance on the new protocol features, helping the community understand not only what’s new, but also why it matters and how it can be applied in practice.

Readers of the handbook will find:

Detailed explanations of swap execution and liquidity provision in v4.
Comparisons across Uniswap versions, highlighting key improvements and design shifts.
Insights into protocols actively using hooks (Euler, Aegis, Bunni, Renzo, and more).
Guidance on security best practices when working with programmable liquidity.

While innovation accelerates, security remains paramount. The handbook also provides actionable guidance for safer development, helping teams design resilient protocols that balance creativity with risk mitigation.

Explore the full handbook here: Uniswap v4 Development Handbook

Partnerships and Collaborations

We’ve partnered with SUCI Blockchain Hub and Lisk Incubator to provide up to $50,000 in audit credits and grants, helping builders create secure, audit-ready on-chain products.

SUCI - Blockchain Hub

@Suci_Community

🌟 SUCI Blockchain Hub x Lisk Incubator: Securing Builders Onchain 🌟
We’re excited to announce that @QuillAudits_AI is joining Lisk Incubator @LiskHQ as an official Sponsor Partner 🚀
With Quill Audits on board, builders will gain access to critical security advantages:
🔹

5:7 PM • Aug 29, 2025

Retweets

Likes

Read 3 replies

We’ve partnered with Web3 X to offer up to $20,000 in audit credits, helping builders secure and scale their Web3 projects.

Web3 X

@W3X_NW

🚀 Exciting news for Web3 X Incubation Program participants! 
@QuillAudits_AI  is offering up to $20,000 in credits to leverage their top-tier audit services. 
Secure your Web3 project and accelerate your growth with us - thank you again QuillAudits 
 #Web3X #Blockchain

6:33 PM • Aug 16, 2025

Retweets

Likes

Read 2 replies

We’ve partnered with Reactive Network to provide $5,000 in smart contract audit credits, supporting builders competing for a $50,000 prize pool and helping projects launch secure, audit-ready products.

Reactive Network

@0xReactive

The BUIDL With REACT Campaign is open for entries up until Sept 30th!
With a $50,000 prize pool (individual prizes ranging between $1,000 and $5,000) and $5,000 in smart contract audit credits provided by our partners at @QuillAudits_AI. 
We're running the following tracks:
-

4:35 PM • Sep 9, 2025

Retweets

Likes

Read 3 replies

We’ve partnered with Gain Ventures to provide audit support for their Web3 & AI Pitch Competition, helping founders compete for a $44,000 prize pool with secure, audit-ready projects.

Ga^3in Ventures

@GainVentures

🔥 The Web3 & AI Pitch Competition is shaping up to be our biggest yet, with a $44,000 prize pool from our amazing sponsors!
🎉 A big thank you to our sponsors: @AethirCloud, @QuillAudits_AI, @crmchat, DD by @mywebacy, @BoostyLabs, @superfundingai.
The journey starts with

8:55 PM • Aug 1, 2025

Retweets

Likes

Read 1 replies

We’ve partnered with Areta to bring fast, transparent security audits to builders on Base, helping projects launch safely and confidently.

QuillAudits | Web3 Security 🥷

@QuillAudits_AI

1/2
We are live on @base  ft. @areta_io  security marketplace!
QuillAudits is now locking down builders on Base with fast, transparent security reviews.
Props to the @areta_io  fam for creating smooth audit experience for builders 🔥 https://twitter.com/bernard_xyz/status/1958544975718662416