Cyba Blockchain Security @CybaSecurity

@GraniteBTC 2/2 A detailed report of the audit can be found here: cybasecurity.io/audits/granite…

1/2 Back with another security review for @GraniteBTC. This engagement focused on liquidation improvements and protocol hardening, covering changes to liquidation flows, bad debt handling, staking mechanics, and related core functionality. Granite continues to build Bitcoin-backed liquidity infrastructure on Stacks through sBTC, while iterating on the protocol's security and robustness. Always a pleasure working with teams that treat security as an ongoing process rather than a checkbox.

@GraniteBTC @Stacks @trustmachinesco 2/2 A detailed report of the audit can be found here: cybasecurity.io/audits/granite…

1/2 We recently completed a security review for @GraniteBTC, a Bitcoin liquidity protocol built on @Stacks enabling users to borrow stablecoins against Bitcoin collateral through sBTC, developed by @trustmachinesco. This engagement focused on reviewing fixes, hardening efforts, and protocol enhancements across the protocol’s lending system, covering changes across borrowing, liquidation flows, staking, governance, LP incentives, oracle integrations, withdrawal logic and related core functionality. Granite combines Bitcoin-backed liquidity access with design choices such as isolated collateral, soft liquidations, and Bitcoin-native infrastructure. Happy to support teams building BTCfi infrastructure. Always a pleasure working with security-oriented teams pushing the ecosystem forward.

Our founder @abarbatei spoke last week at @ETHCluj about securing BTCfi and how Bitcoin''s expanding ecosystem introduces new security assumptions. Topics covered: 🟢 Bitcoin security assumptions 🔴 Historical Bitcoin network vulnerabilities (25 disclosed issues in the last 10 years) ⚪ Litecoin April incident analysis 🟡 BitVM technology 🟠 Bitcoin L2s: @Stacks, @citrea_xyz, @babylonlabs_io Understanding how security assumptions stack is critical for building and securing BTCfi systems. 🔗 Watch the full presentation: youtube.com/watch?v=dH9wjV…

Happy to be among the Romanian teams featured. Romania has a strong builder base across Ethereum and blockchain in general, with a lot of solid work happening quietly in the background. It's good to see more visibility on what's being built locally and how the ecosystem is taking shape. Well worth a read for anyone looking to understand the space better. open.substack.com/pub/localether…

The rsETH markets on Aave V3 and Aave V4 have been frozen. Aave's contracts have not been exploited and this is an exploit related to rsETH. The freeze follows an exploit of the Kelp DAO rsETH bridge. Freezing the rsETH markets prevents new deposits and borrowing against rsETH collateral while the situation is assessed. We are reviewing information about rsETH borrows on Aave that occurred after the exploit and will share more details as soon as possible. If the protocol accumulates bad debt from this incident, we'll explore paths to offset the deficit.

2/2 This article breaks down: - how Stacks addresses are derived and encoded - why different address formats exist across networks - what these differences mean from a security perspective Read: cybasecurity.io/blog/clarity-i…

1/2 When we launched Cyba in February, we said to judge us by what we publish, how we review code, and the standards we hold ourselves to. We're continuing on that path by publishing security content that benefits the ecosystem. We're starting with a deep dive into Stacks principal (address) derivation and standard network checks. For those who may not know, @Stacks is the leading Bitcoin L2, where we have extensive experience securing protocols.

@AccountableData While the report for this engagement remains private, you can find one of our previous public audits for Accountable, for reference, here: cybasecurity.io/audits/account…

We've completed our security audit for @AccountableData, reviewing an extension to their DeFi credit vault infrastructure. Accountable is a key player operating at the intersection of DeFi and TradFi. Their vault-based credit layer programmatically allocates capital across lending strategies, with over $160M deployed to generate risk-adjusted yield. They are also building the Data Verification Network (DVN), a privacy-preserving infrastructure that verifies financial data directly at the source. It already secures $1B+ in assets across partners like Galaxy, Amber Group, and K3 Capital, positioning Accountable at the intersection of onchain finance and institutional reporting. Security at this scale is never a one-off.

Just kicked off a new audit for an extension to a complex DeFi strategy system. Good protocols don't treat audits as a one-time checkbox. Every production change deserves a security review. From first contact to audit kickoff: < 24h. Security doesn't end after the first audit.

🚨URGENT: Blockaid's system has identified a front-end attack on compound[.]finance, and is redirecting to a malicious website. If you’re connected, please refrain from signing transactions and avoid interactions with the dApp until the issue is resolved.

The ecosystem is maturing, and we're here to help ensure it grows safely x.com/abarbatei/stat…

ABA @abarbatei

3 months ago

This weekend I participated in @CryptoExpoEu, the largest crypto and blockchain conference in Eastern Europe. I want to share a few takeaways from the event. At this point in the blockchain ecosystem, the people who are still here are those who are genuinely interested in the

0 0 7 481 1

We're proud to see our founder, @abarbatei, joining the speaker lineup at @ETHCluj. Looking forward to sharing insights on blockchain security and exploring how @Stacks and other Bitcoin L2s support the safe growth of BTCfi. x.com/ETHCluj/status…

ETHCluj @ETHCluj

3 months ago

We're delighted to welcome @abarbatei as a speaker at ETHCluj. He is the founder and principal security researcher at Cyba Blockchain Security and brings on stage over a decade of cybersecurity expertise across Web2 and Web3, securing over $1B in TVL across EVM and Bitcoin L2s.

0 2 11 973 0

@bitflow Congratulations on your launch! 🔥

3/3 Blockchain reorgs are subtle, yet critical when building production infrastructure. We break down reorg risk from both a founder's and auditor's perspective. cybasecurity.io/blog/blockchai…

2/3 Did you know you can trigger a "Stack too deep" compiler failure in Solidity simply by adding the keyword "indexed" to an event parameter? No logic changes. Just one keyword. cybasecurity.io/blog/stack-too…

1/3 We're consolidating and migrating some of our older technical articles to the Cyba blog. cybasecurity.io/blog Two recent additions worth revisiting:

@web3sec_news @Stacks 2/2 Builders can find more details about our services here: cybasecurity.io/services

1/2 Thanks @web3sec_news for the shout-out🙏 We currently provide EVM and @Stacks (Clarity) security reviews, with scope and capabilities expanding over time. x.com/web3sec_news/s…

Web3 Security News @web3sec_news

4 months ago

For specialized security reviews of EVM or stack-based Bitcoin L2 based projects, check out @CybaSecurity. Hit them up if you are building.

0 1 8 2K 0