​

GM anon!

Welcome to this month’s QuillAudits roundup, where we discuss everything we’ve been doing in Web3 security.

Month In Review

This month, attacks on different protocols led to a loss of over $90M. Reasons for the attacks varied from Private Key Compromise, Oracle Manipulation, and bad protocol logic. The largest hack witnessed was on Cetus Protocol due to Integer Overflow, which led to the loss of $223M, out of which $162M were frozen. The other major attacks include Cork Protocol ($12M), BitoPro ($11.5M), Mobius Token ($2.1M), LND ($1.3M), and more.

​

Auditing Stats from May

​

Partnerships & Collaborations

We’ve partnered with Zeeve to secure projects launching on Cogitus - a modular Layer 1 launcher built on Avalanche. This collaboration strengthens the foundation for a more secure and resilient Avalanche ecosystem.

Zeeve🔺 @0xZeeve 🔺Security meets scale on @avax. Zeeve is proud to partner with @QuillAudits_AI for Cogitus, our modular L1 launcher on Avalanche. @QuillAudits_AI brings 7+ years of expertise & $30B+ TVL secured to ensure multi-layered security to Cogitus, empowering developers to launch with 12:35 PM • May 22, 2025 8 Retweets 18 Likes Read 3 replies

​

Chainrisk brings economic security to protocols - together, we aim to cover every layer of a protocol’s security and reliability, making them resilient against any attack vectors.

QuillAudits | Web3 Security 🥷 @QuillAudits_AI GM GM 🛡️ We’ve partnered with @chain_risk to level up your project security. Launching vaults? Building lending markets? Now get economic risk simulations as an add-on to our audit services at minimal cost. 🧵👇 7:50 PM • May 15, 2025 46 Retweets 84 Likes Read 5 replies

​

​

Upcoming Events

Join our upcoming event in Da Nang, Vietnam, with our amazing partners from Story Protocol, Superteam Vietnam, Wormhole, and more.

QuillAudits | Web3 Security 🥷 @QuillAudits_AI Heading to @SolanaSummitOrg in June? We're cooking up a playful gathering with the event Doodle & Giggle supported by @StoryProtocol & our frens @SuperteamVN , @Twendee_ , @wormhole , @SoulsLabs , @Sightsea_Tech & @fluxor_ 📍June 7th, Sat 3-6 PM 👉 Register here : 1:39 PM • May 27, 2025 29 Retweets 179 Likes Read 18 replies

​

​

Highlights from May

QuillAudits | Web3 Security 🥷 @QuillAudits_AI We recently found a bug in the Sherlock contest for @aegis_im YUSD, a bitcoin-backed stablecoin. The contest was focused on YUSD core contracts. The issue was related to how the protocol doesn’t subtract the redeem fees from the collateralAmount which goes to the insurance fund, 7:40 PM • May 28, 2025 5 Retweets 20 Likes Read 3 replies

​

QuillAudits | Web3 Security 🥷 @QuillAudits_AI 🚨 We’re LIVE! We're breaking down the exploit right now with @0xnoveleader 🔴 Join us live: https://youtube.com/live/N4qSfw8zW4o?si=xKLo5iPNaZl-lUQt Ask your questions. Learn from the breach. Stay secure🥷 https://twitter.com/QuillAudits_AI/status/1925861442848165964 QuillAudits | Web3 Security 🥷 @QuillAudits_AI $220M gone in minutes in a major exploit of @CetusProtocol We are going live on X today at 12:00PM UTC with @0xnoveleader to understand what happened in the attack. 🛡️Topic: DeFi under seige: Post-Mortem of the Cetus Protocol Exploit. 🎙 Host: @he2plus, DevRel @QuillAudits_AI 5:43 PM • May 23, 2025 1 Retweets 9 Likes Read 2 replies

​

Nex @NEX_Protocol From Audit to Mainnet: Discover What We've Built Don't miss our Space on Friday with @chainlink, @QuillAudits_AI, and @Olympix_ai! We'll talk about the RWA sector, index investing, and our mainnet launch. Set your reminder in the Tweet below 👇 9:53 PM • May 19, 2025 18 Retweets 69 Likes Read 7 replies

​

QuillAudits | Web3 Security 🥷 @QuillAudits_AI 📹Dubai was wild Dubai Aftermovie - blink and you’ll miss the alpha. 2:37 PM • May 13, 2025 18 Retweets 71 Likes Read 4 replies

​

​

Words from the Protocols

What teams are saying — hear directly from the protocols we’ve worked with.

QuillAudits | Web3 Security 🥷 @QuillAudits_AI Nothing beats working with a team that truly understands the mission🫡 @ZynkLabs believes it's not just about finding bugs, but also about building trust, delivering on time, and staying transparent at every step. Shoutout to the ZynkLabs crew for keeping the standard sky-high. 2:23 PM • May 29, 2025 8 Retweets 20 Likes Read 2 replies

​

QuillAudits | Web3 Security 🥷 @QuillAudits_AI Nothing hits harder than solid feedback from a client who gets it 🫡 Security ≠ just finding bugs It’s trust, timelines, and real communication. At @QuillAudits_AI, we’re proud to deliver on all three. Let’s keep raising the bar for Web3 security. Shoutout to @grqbera for the 7:39 PM • May 21, 2025 28 Retweets 67 Likes Read 6 replies

​

​

Featured Research & Blogs

Read about Major Hacks from Last Month:

• ​https://www.quillaudits.com/blog/hack-analysis/cork-protocol-hack-explained​
• ​https://www.quillaudits.com/blog/hack-analysis/dexodus-finance-exploit​
• ​https://www.quillaudits.com/blog/hack-analysis/cetus-protocol-hack-analysis​
• ​https://quillaudits.com/blog/hack-analysis/mobius-token-exploit-breakdown​

Read detailed blogs on different verticals across the ecosystem:

• ​https://www.quillaudits.com/blog/web3-security/perpetual-derivatives-protocols​
• ​https://www.quillaudits.com/blog/web3-security/guide-to-lending-and-borrowing-protocols​

Have a great day,

Team QuillAudits

​Unsubscribe​ ​Update your profile​ QuillAudits Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard , Downtown Dubai, 416654

​​​​

Copyright (C) 2025 QuillAudits. All rights reserved.

​