The Quantstamp Blog

Blockgeeks recently joined the Smart Contract Security Alliance, a collaboration of industry leaders that recommend security standards and guidelines for the blockchain industry to drive the healthy growth and adoption of blockchain applications.

Quantstamp has joined the Chamber of Digital Commerce’s Executive Committee and the company’s CEO Richard Ma will serve as co-chair on the Chamber’s Smart Contracts Alliance.

Quantstamp, a blockchain security company backed by Y-Combinator, recently conducted their most significant audit to date: OmiseGo’s Minimum Viable Plasma (MVP) implementation.

$59.52M was lost across 29 crypto incidents, down sharply from April's ~$635M. No single hack carried the month. The bigger story happened off-chain, where a self-propagating npm worm called Mini Shai-Hulud kept resurfacing in new waves through the month, ultimately spanning more than 1,000 malicious package versions across the npm ecosystem.

April was undoubtedly a rocky month in security. $635M was lost across 28 crypto incidents. The Axios npm package was compromised on day one, exposing an estimated 600,000 installs in three hours. Vercel was breached through a third party. Three major CVEs under active exploitation. Here's the month in security 👇

Web3 is different from “normal software” for one brutal reason: bugs turn directly into money. In 2025 alone, an estimated $3.4B was stolen through crypto exploits. That incentive creates a uniquely hostile environment where attackers systematize vulnerability search.