👋 Welcome to the October Edition

Introducing The Quill Sentinel, our monthly intelligence brief that brings you a complete view of the evolving Web3 security landscape. Each edition highlights the month’s most critical exploits, research, audits, and collaboration updates, helping builders and projects stay one step ahead of emerging threats.

In this October edition, we uncovered 177 vulnerabilities across eight major chains, analyzed a key DeFi exploit, and expanded collaborations aimed at strengthening the global security ecosystem.

Here’s everything you need to know from the month, from research shaping DeFi and RWA security to the latest attacks, audit insights, and community partnerships.

From the Quill Research Desk

Our latest research delves deep into protocol design, DeFi infrastructure, and the tokenization of real-world assets.

• ​Perp DEX Architecture & Security: On-chain perpetuals have grown explosively, now accounting for over $1.5 trillion in monthly volume, representing roughly 18% of the global derivatives market. Our detailed report explains how traditional perpetual contracts have been adapted for DeFi, outlining their core mechanisms, security considerations, and the surrounding ecosystem.
• ​Technical Guide to Real Estate Tokenization: Real estate tokenization isn’t just aspirational, the market already supports over $18 billion in TVL, with forecasts reaching $4 trillion by 2035. This guide unpacks how tokenized property uses SPVs, smart contracts, oracles, and legal-wrappers together, and why securing every layer (on-chain + off-chain) is increasingly critical.
• ​Understanding ERC-7518: This next-generation token standard builds on ERC-1155 to deliver partitions for fractional assets, built-in compliance logic, and cross-chain interoperability. By enabling on-chain KYC/AML, time-based locks, and jurisdiction-specific controls, ERC-7518 addresses major gaps in earlier standards, making it a pivotal foundation for large-scale RWA adoption.

Hack Watch

Even in a quieter market, attackers stayed active, exploiting both private keys and protocol logic across major DeFi platforms. Garden lost $6M on Ethereum after a private key compromise, where an attacker drained assets from a compromised EOA, a sharp reminder of how fragile centralized key control remains. Typus Perp on Sui suffered a $3.4M hit due to a logic flaw in its perpetual trading module, exposing gaps in liquidation and position tracking. Abracadabra was also exploited for $1.8M, after a borrowing logic bug let attackers over-borrow against their collateral.

​Abracadabra Hack Explained​

The Abracadabra exploit was caused by a logic flaw in its borrowing mechanism, allowing attackers to manipulate collateral accounting and over-borrow beyond permitted limits. This vulnerability exposed how small validation oversights in lending protocols can lead to large-scale financial losses.

QuillAudit Stats

A quick look at our October audit activity and how we helped secure the Web3 ecosystem.

Where to Find Us Next

We’re heading into an exciting month packed with events, meet the QuillAudits team in person, and join the conversations shaping the future of Web3 security.

​​Singapore FinTech Festival 2025​

Our team will be on-ground at SFF 2025, connecting with innovators, developers, and institutions driving blockchain adoption. Catch us to discuss how on-chain security is evolving across DeFi, RWAs, and beyond.

​QuillAudits Side Event at Devconnect​

We’re hosting a side event during Devconnect, a deep-dive into smart contract security, real-world exploit learnings, and hands-on auditing insights. Join our experts and partners for open discussions, live demos, and builder-focused sessions.

Community Highlights

October was all about collaboration, sharing security insights, mentoring founders, and empowering the next wave of Web3 builders to build safely and scale confidently.

• Partnered with YardHub to guide early-stage teams through smart contract readiness and proactive security practices.

yardhub @yardhub We’re thrilled to welcome @0x0kyoshi, Head of Partnerships at @QuillAudits_AI, as a mentor for @Haven1official web3 Growth Camp! Kyoshi is a strategic growth leader who bridges data, partnerships, and security to help Web3 founders scale with confidence. At QuillAudits - a 8:1 PM • Oct 29, 2025 2 Retweets 4 Likes Read 1 replies

​

• Worked with OnePiece Labs to mentor founders on secure protocol design and scalable development.

OnePiece Labs @OnePieceLabs 🔒 Excited to collaborate with @QuillAudits_AI , a leading Web3 security firm with over 7 years of experience, 1M+ lines of code audited, and 1400+ clients including StarkWare, Taiko, ZetaChain, and Metis. Big thanks to the QuillAudits team for joining the OPL × @solana 1:28 AM • Oct 30, 2025 1 Retweets 12 Likes Read 1 replies

​

Joined xFounders Bootcamp Bali to host workshops on vulnerability discovery, operational resilience, and real-time exploit prevention.

​

Have a great day,

Team QuillAudits

​Unsubscribe​ ​Update your profile​ QuillAudits Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard, Downtown Dubai, 416654

​​​​

Copyright (C) 2025 QuillAudits. All rights reserved.

​