In Part 1 of this series, we explored how authentication flaws and logic errors can compromise Web3 platforms – from brute-force attacks bypassing two-factor authentication to IDOR vulnerabilities that lock users out of their own funds. Those vulnerabilities were dangerous, but they required some level of exploitation skill and understanding of API manipulation. What we’re...
After a year of pen-testing Web3 applications at Securze, we’ve seen patterns that most security discussions miss. While everyone focuses on smart contract vulnerabilities and consensus attacks, some of the most critical issues we’ve uncovered exist in places developers don’t expect. Throughout 2025, our team has assessed security across the Web3 ecosystem: crypto wallets managing...
In a recent security incident, DeepSeek, the new Chinese AI startup, suffered a significant data breach due to an unsecured ClickHouse database. This breach exposed over a million log entries, including sensitive information such as chat logs, API keys, backend service details, and operational metadata. Technical Walkthrough: Cause of the Breach The root cause of...