Web3 Security Report by BitsLab: 18 Vulnerabilities Uncovered, Including 3 Critical Ones
TechFlow Selected TechFlow Selected
Web3 Security Report by BitsLab: 18 Vulnerabilities Uncovered, Including 3 Critical Ones
Three weeks of journey completed successfully with remarkable results. We now release a three-week summary to share these phased achievements with our ecosystem co-builders.
Navigating Web3 tides with focused insightsAuthor: BitsLab
Since launching the public welfare "Web3 Escort Program" three weeks ago, BitsLab has partnered with elite global white-hat security researchers to strengthen off-chain security for the Web3 ecosystem. With our first three-week milestone achieved and remarkable results delivered, we are now sharing this progress report with all ecosystem collaborators.
Week 3 Highlights: The Power Behind the Numbers
Number of onboarded projects: 17
Number of registered white hats: 30
Valid vulnerabilities submitted: 18
Critical vulnerabilities 🚨: 3
High-risk vulnerabilities ⚠️: 3
Medium-risk vulnerabilities 🔍: 2
Low-risk vulnerabilities 🔧: 10
Total bounties distributed: 11,150 U
Highest single bounty: 3,000 U
Onboarded projects span emerging Web3 ecosystems, exchanges, DeFi platforms, wallets, and more—united in building robust security defenses and safeguarding the foundation of trust in Web3. Our white-hat contributors come from top-tier cybersecurity backgrounds, with many hailing from leading vulnerability crowdsourcing platforms such as HackerOne, Immunefi, Baidu SRC, Alibaba SRC, and Tencent SRC. These experts consistently rank among the top leaders on these platforms and have previously reported hundreds of high- and critical-severity vulnerabilities to global tech giants including Google, Alibaba, Tencent, Alipay, Baidu, and major crypto exchanges like Binance, OKX, and Bitget—continuously protecting the digital world.
These numbers reflect not only technical excellence but also mark a significant milestone in establishing security consensus across the Web3 ecosystem.
Top Performers: White Hat Honor Roll
To recognize technical excellence, we are updating our white hat积分 leaderboard. Ranking is based on the technical difficulty and remediation value of discovered vulnerabilities (Critical = 50 points, High = 25, Medium = 15, Low = 10), highlighting outstanding contributions:
Leader highlights:
Upme4 leads the rankings with 75 points, having submitted multiple high-severity vulnerability fixes and earning over 4,550 U in total bounties across three weeks—an impressive demonstration of elite skill. The Yulin Security Team also delivered strong performance, with members r3col and hack3r collaborating effectively to achieve dual success in both积分 and rewards. Congratulations to chen for securing third place with 10 points and a 300 U bounty, and to c0urag1 for earning 10 points plus a 200 U reward. We also congratulate all other participants who have earned积分, received bounties, or are actively uncovering new vulnerabilities.
These white hats are not just technical pioneers—they are the "invisible guardians" of the Web3 ecosystem, using real-world expertise to fortify project security.
Looking Ahead: The Journey Never Ends
This three-week achievement is just the beginning. BitsLab will continue deepening its commitment by aiming to attract more Web3 projects and recruit additional world-class white hats throughout the year, building a comprehensive Web3-wide security network. We will also launch Web3-focused online courses for white hats, helping traditional cybersecurity experts deepen their understanding of Web3 systems so they can better protect the projects they test.
Why Join the "Web3 Escort Program"?
Public Welfare Mission: We commit to non-destructive penetration testing, focusing on vulnerability remediation rather than exploitation. Bounties are paid directly from projects to white hats—BitsLab takes no fees.
Full-Spectrum Protection: Covers every weak point in off-chain infrastructure.
Elite Talent Pool: Brings together top-ranked white hats from platforms including HackerOne, Immunefi, Baidu SRC, Alibaba SRC, and Tencent SRC, along with members of multiple CTF championship teams, delivering unmatched technical strength.
Ecosystem Collaboration: Balanced disclosure mechanisms promote transparency while maintaining security, enabling shared industry risk alerts.
Join us today to build a safer future together
🔗 Project Application Portal:
https://docs.google.com/forms/d/e/1FAIpQLSehCT6BiZ97lRSVnTNjB263eTCGy-T5fV40JfvgTjHuPtj-LQ/viewform
👋 White Hat Recruitment (Ongoing):
https://docs.google.com/forms/d/e/1FAIpQLSf5hy1kuSknT6L4dcFqx3aAyKYOabm13HTzzTPbFq-nGoFnLQ/viewform
Security is the cornerstone of ecosystem prosperity. BitsLab invites more Web3 projects and white hats to join hands, using technology as our shield to build a secure decentralized future!
Note: This article is subject to final interpretation by BitsLab.
About FORKS
FORKS is a decentralized white-hat community dedicated to Web3 security, committed to uniting the world’s top vulnerability researchers to protect the blockchain ecosystem through technical expertise. Strategically supported by BitsLab, FORKS focuses on cutting-edge areas such as smart contracts and virtual machines, driving the transition of traditional security talent into Web3.
About BitsLab
BitsLab is a security organization dedicated to safeguarding and building emerging Web3 ecosystems, aspiring to become a respected leader in Web3 security. It operates three sub-brands: MoveBit, ScaleBit, and TonBit.
BitsLab specializes in infrastructure development and security audits for emerging ecosystems, including but not limited to Sui, Aptos, TON, Linea, BNB Chain, Soneium, Starknet, Movement, Monad, Internet Computer, and Solana. The team also demonstrates deep expertise in auditing multiple programming languages, including Circom, Halo2, Move, Cairo, Tact, FunC, Vyper, and Solidity.
The BitsLab team brings together several top-tier vulnerability research experts who have won numerous international CTF awards and uncovered critical vulnerabilities in prominent projects such as TON, Aptos, Sui, Nervos, OKX, and Cosmos.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@0xbitslab
