The Fault-Proof System in the OP Stack is under active development and subject to frequent modifications. It has also undergone multiple security audits, during which several vulnerabilities were identified. In this blog post, we’ll discuss five real-world bugs that auditors and researchers uncovered in early 2024-25. While all identified issues were promptly addressed, and none
To serve nearly 500 million users across the European Economic Area (EEA), Bybit needed a Markets in Crypto-Assets Regulation (MiCAR) license from Austria’s Financial Market Authority (FMA). Acquiring that license required more than paperwork – regulators demand hard, technical proof that every Crypto-Asset Service Provider (CASP) can withstand real-world cyber-attacks. Solution: Penetration Testing with Hacken
In Q1 2025 Cisco researchers broke DeepSeek R1 with 50 out of 50 jailbreak prompts, while red-teamers turned Microsoft Copilot into a spear-phishing bot just by hiding commands in plain e-mails — exactly the threats we map in our LLM security risks deep-dive and drill against in the AI Red-Teaming playbook. In this post we
In Part 1 – “Fault Proofs 101” we mapped the why: Optimism’s June 2024 hard-fork switched on permissionless fault proofs, letting anyone roll back a malicious output root and moving OP Mainnet’s trust model closer to Ethereum. Part 2 – “FPP, FPVM & the Pre-image Oracle” broke down the what: the stateless program, the deterministic
Your LLMs now write incident-response playbooks, push code, and chat with customers at 2 a.m. Great for velocity – terrible for sleep. One jailbreak, one poisoned vector chunk, and the model can dump secrets or spin up malware in seconds. A standing AI red-team function flips you from reactive patching to proactive breach-proofing. This post
Circom lets you encode trust as math, but every time you skip a constraint you give attackers a blank cheque. Over the past year, audits have uncovered everything from hidden division-by-zero bugs to entire output arrays that never hit the R1CS. This post distills the five most common Circom mistakes, shows how they slip past
Overview Mina is the leading layer-1 blockchain focused on zero-knowledge (ZK) privacy. With its lightweight 22kb “proof of everything,” Mina enables users to verify data from web services, blockchains, or real-world credentials without revealing sensitive information. It supports a new generation of dApps and verifiable use cases spanning identity, voting, DeFi, real-world assets, and gaming.
LLM copilots are crashing the party everywhere – customer support, DevOps runbooks, trading desks, even incident‑response playbooks. That rocket‑speed adoption is awesome for productivity, but it also blows your threat model to pieces if you’re not watching. This post kicks off a no‑fluff series that boils months of hands‑on research into snack‑size, high‑leverage moves you
By Dyma Budorin, CEO of Hacken I have a dream: transparent, secure and fair CEX. Centralized cryptocurrency exchanges (CEXs) have seen huge progress in capabilities and safety measures since the early days of digital asset trading. However, uncertainty persists around core issues, including asset custody, assets listing, trading transparency, and security. CEXs that consider trading
