​

GM anon!

Welcome to this month’s QuillAudits roundup, where we discuss everything that happened in Web3 security, including recent attacks, our research, and our partnership initiatives.

Month In Review

This month, various protocols suffered attacks resulting in total losses exceeding $107.36 million. The exploits stemmed from multiple vulnerabilities, including access control flaws, reentrancy issues, social engineering, oracle manipulation, and backdoors. The most significant incident involved CoinDCX, where a social engineering attack granted unauthorized access to critical infrastructure, leading to a loss of $44.2 million. All stolen funds were laundered through Tornado Cash and have been linked to North Korea’s Lazarus Group. Other notable breaches included WOO X ($14 million), GMX V1 Perps ($42 million), Arcadia Finance V2 ($2.5 million), Kinto Bridge ($1.55 million), and Texture ($2.2 million).

Audit Stats from July

Featured Research & Blogs

• ​Bonding Curves: Understanding Their Variants and How to Audit Them​
• ​Social Engineering: Draining Millions and Emerging as a High-Stakes Attack Vector​
• ​Access Control Failures: Still the #1 Crypto Attack Vector in 2025​

Read about Major Hacks from Last Month

​GMX V1: GMX V1, a perpetual DEX on Arbitrum, was exploited for ~$42M through a reentrancy bug in the executeDecreaseOrder function, which allowed bypassing position price updates and manipulating GLP’s value. The attacker minted GLP at a low price and redeemed it at an inflated price, but later returned most of the funds, retaining approximately $5M as a white-hat bounty.

​Arcadia Finance: Arcadia Finance, a liquidity management protocol on Base, was exploited for approximately $3.5 million due to missing input validation in key functions. Using a flash loan, the attacker set themselves as the Asset Manager and abused flashAction() with malicious data to drain funds. A 10% bounty offer was ignored, and the funds were laundered via Tornado Cash.

Read detailed blogs on different verticals across the ecosystem

​Guide to Uniswap V4 Protocol: Learn Uniswap V4’s implementation and hooks, understand the security considerations around them, and gain a high-level overview of the Uniswap protocol.

​Guide to Staking Contracts and their Security: Learn the implementation and mechanics of staking contracts and understand the security aspects involved.

​Guide to Stablecoins: Learn the design, implementation, and functionality of stablecoins, along with the use cases and key security considerations, and potential risks they entail.

Partnerships and Collaborations

We have partnered with Circle to Bring Industry-Leading Security to USDC and Help Build the Future of Global Financial Systems

QuillAudits | Web3 Security 🥷 @QuillAudits_AI Teaming up with the future of money! We’re thrilled to join the @circle Alliance Program as an official security partner. Bringing top-tier audit & security expertise to financial systems with USDC & shaping the next generation of financial infrastructure. 1:33 PM • Jul 10, 2025 1 Retweets 15 Likes Read 3 replies

​

We’ve partnered with Avinya Labs to bring trusted Web3 services to projects worldwide and help build the future of a secure, scalable decentralized economy.

QuillAudits | Web3 Security 🥷 @QuillAudits_AI GM fam! We’re coming together with @AvinyaLabs89, a leading and trusted Web3 service partner helping clients shape the future of Web3. Together, we’re empowering projects to build securely, scale confidently & earn lasting trust in the decentralized world. The future of Web3 7:48 PM • Jul 14, 2025 0 Retweets 9 Likes Read 5 replies

​

Sponsored Gain Ventures Pitch Competitions in Chicago & Berkeley with a $15K Prize and Comprehensive Web3 Security Audits to Empower Winning Startups

Ga^3in Ventures @GainVentures 🎉🎉🎉15,000$ Prize Announcement! @GainVentures pitch competitions in #Chicago and #Berkeley just leveled up: 🏆$15,000$ for the 1st place in addition to fame and recognition. Prize sponsor is @QuillAudits_AI ➡️ Web3 Security 🥷🛡️ - full Web3 security review so winners can 11:12 PM • Jul 16, 2025 0 Retweets 7 Likes Read 1 replies

​

Partnered with Cointelegraph Accelerator for EthCC Founders Event in Cannes, Offering Up to $50K in Audit Grants to Standout Startups

QuillAudits | Web3 Security 🥷 @QuillAudits_AI @EthCC founders roll call!! We are teaming up with @CointelegraphAc for the top-tier VC <> Start Up Connect side event in Cannes 🔥 Pitch in front of top VCs & ecosystem leaders IRL and get a chance to win up to $50,000 in audit grants from us ;) Building something cool? 7:34 PM • Jul 1, 2025 4 Retweets 10 Likes Read 1 replies

​

Hosted Web3 Security Mixer in Hanoi, Uniting Builders from DeFi, Infrastructure & Security Sectors for an Evening of On-Chain Insights.

QuillAudits | Web3 Security 🥷 @QuillAudits_AI gm Vietnam 🇻🇳 Hanoi’s getting its own Security Mixer. We’re bringing together the Web3 security, DeFi & infra all in one room. 📍 Hanoi, Vietnam 📅 July 31st | 5–8 PM → Register here: https://lu.ma/vtnb4ptx No slides. No suits. Just raw alpha & real builders. Supported by 1:45 PM • Jul 22, 2025 9 Retweets 21 Likes Read 4 replies

​

Highlights from July

QuillAudits | Web3 Security 🥷 @QuillAudits_AI The next wave of Web3 hacks is coming, scary but true! QuillAudits have got you covered 🥷 We're peering into the future to decode the biggest security threats of 2025 & how you can stay ahead of the hackers. Joining us are the absolute Giga Brains of Web3 security: - 7:47 PM • Jul 18, 2025 14 Retweets 37 Likes Read 7 replies

​

QuillAudits | Web3 Security 🥷 @QuillAudits_AI GM GM Frens 🌍 We’re going live with @paragmatically founder of @BigWProtocol, to explore how Web3 is reshaping ESG ( Environmental, Social & Governance frameworks ) on-chain. 🗓️ Date: July 30 🕖 Time: 7:00 PM IST 📍Set a reminder: https://x.com/i/spaces/1OdKrDXopakJX We’ll talk real-world 7:27 PM • Jul 29, 2025 24 Retweets 72 Likes Read 6 replies

​

QuillAudits | Web3 Security 🥷 @QuillAudits_AI believe in somETHing. happy 10th birthday @ethereum 10:10 PM • Jul 29, 2025 0 Retweets 13 Likes Read 1 replies

​

QuillAudits | Web3 Security 🥷 @QuillAudits_AI ERC-4626 vaults are standardized, composable & still exploitable. @AkshayBabhulkar breaks down vault inflation attacks, where early depositors manipulate the share-to-asset ratio to extract unfair value from later users. Think 1 ETH = 100 shares now, 1 ETH = 0 share later, Game 7:41 PM • Aug 5, 2025 1 Retweets 13 Likes Read 1 replies

​

QuillAudits | Web3 Security 🥷 @QuillAudits_AI @BNBCHAIN gm QuillWardens 🥷 BNB Chain @BNBCHAIN gm builders 👷 3:2 PM • Jul 21, 2025 0 Retweets 2 Likes

​

QuillAudits | Web3 Security 🥷 @QuillAudits_AI Big shoutout to our frnd @PrimeNumbersFi who gets it 🫡 Security ≠ just squashing bugs. It’s trust, speed, and helping builders ship with confidence. At @QuillAudits_AI, we keep your code sharp, your security tighter & your community bullish. Glad team trusted us with their 3:7 PM • Aug 12, 2025 6 Retweets 19 Likes Read 4 replies

​

Have a great day,

Team QuillAudits

​Unsubscribe​ ​Update your profile​ QuillAudits Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard , Downtown Dubai, 416654

​​​​

Copyright (C) 2025 QuillAudits. All rights reserved.

​