Blog

Security research, vulnerability analysis, and product updates.

Allaccess-controlai-securityanchorannouncementsaptosauditbenchmarksbest-practicesbridgechecklistci-cdconfigurationcosmoscosmwasmdefidevopserc-3525evmexploit-teardownflash-loansgovernancelstmovemultisignorth-koreaoracleproductreentrancyresearchrustsecuritysocial-engineeringsolanasoliditysuisupply-chainsvmtestingtoolingupgradesvulnerability-class
Solv Protocol Lost $2.7M to Reentrancy. The Contract Was Unaudited.
|Odin Scan Team

Solv Protocol Lost $2.7M to Reentrancy. The Contract Was Unaudited.

On March 5, an attacker turned 135 BRO tokens into 567 million through an ERC-3525 callback reentrancy on Solv Protocol. The vault had no reentrancy guard. It had no audit either.

exploit-teardownevmreentrancy
The Bybit $1.5B Hack: How a Safe Multisig Was Drained
|Odin Scan Team

The Bybit $1.5B Hack: How a Safe Multisig Was Drained

On February 21, 2025, the Lazarus Group stole $1.5 billion from Bybit in the largest crypto hack in history. The multisig was fine. The UI was not.

exploit-teardownevmmultisig
LST/LRT Oracle Pricing: The Pattern Behind $100M+ in DeFi Losses
|Odin Scan Team

LST/LRT Oracle Pricing: The Pattern Behind $100M+ in DeFi Losses

The same misconfiguration pattern has drained protocols multiple times. LST and LRT price composition is not complicated, but getting it wrong is catastrophic.

oracleevmdefi
Vibe Coding Smart Contracts: What Could Go Wrong?
|Odin Scan Team

Vibe Coding Smart Contracts: What Could Go Wrong?

AI coding assistants write fast, confident code. Smart contracts hold real money. That combination has a growing track record of going badly wrong.

ai-securityevmbest-practices
AI Wrote It. AI Caught It. Moonwell Lost $1.78M Anyway.
|Odin Scan Team

AI Wrote It. AI Caught It. Moonwell Lost $1.78M Anyway.

On February 15, Moonwell lost $1.78M to a cbETH oracle misconfiguration introduced in an AI-assisted PR. Odin Scan had flagged the exact vulnerability as Critical before it ever went live.

exploit-teardownevmoracle