When your security is only as strong as your weakest vendor. On 16th July 2025, the BigONE exchange lost $27M in a sophisticated supply chain attack that compromised hot wallet logic through third-party software. The attack went undetected initially because it bypassed traditional security measures by manipulating operational code. Real-time behavioral monitoring could have caught the anomalous asset movements within minutes instead of hours.

This X Spaces discussion hosted by QuillAudits brought together leading security experts from across the Web3 ecosystem, including Guardrail Founder, Samridh Saluja, to discuss the alarming trend of security breaches in early 2025. The conversation focused on the three major attack vectors responsible for 95% of funds lost: access control issues, social engineering attacks, and infrastructure vulnerabilities.

Guardrail CEO Samridh Saluja discusses how Web3's unique challenges—from open source code to immutable transactions—require a fundamental shift from traditional auditing to continuous, real-time security monitoring. With hacks growing larger while mitigation costs decrease, the security landscape is evolving toward automated, AI-powered protection that adapts faster than threats evolve.

On 15th July 15th, Arcadia Finance lost $3.5M to an exploit that turned the protocol's own safety mechanism against it. The attack began at 4:05 AM, but the team's emergency response didn't start until 4:25 AM, a critical 20-minute window where real-time security monitoring could have blocked the attack in under 2 minutes.

How a classic donation attack exploited a newly deployed vault in 90 minutes. In June 2025, Resupply lost $9.6M to a donation attack on a newly deployed, empty vault. The attacker used a $4K flash loan to donate funds, minted 1 wei of shares, and used it as collateral to borrow the protocol's entire treasury. This preventable attack highlights why proper vault initialization matters.

OpenZeppelin Defender is a monitoring and automation platform launched by OpenZeppelin to provide infrastructure for smart contract security, automated responses, and operational workflows. Building within the OZ ecosystem, Defender offers teams a ground-up platform for managing their protocol security.