🔗💻 Do you know how bytecode decompilation can be beneficial to your security? Our latest blog article explores the features and applications of bytecode decompilation in the blockchain industry.

▶️ Read on Medium: Bytecode decompilation: features and implementation in the blockchain industry

Stay tuned for more updates from SmartState 💚, follow us on social media to learn about our latest security services and success stories:

🤖 SmartState on X
🟦 LinkedIn
✈️ Telegram
🥳 Medium

❗️🪙 The Socket team found a Solana key‑stealing payload in the Python semantic-types package, which is also used to compromise 5 other packages (solana-keypair, solana-publickey, solana‑mev‑agent‑py, solana‑trading‑bot, and soltrade). Malware steals private keys by monkey-patching Solana keygen methods.

▶️ Know more: https://socket.dev/blog/monkey-patched-pypi-packages-steal-solana-private-keys

>25,900 downloads of the malicious packages. Solana devs, check your code 🔍

🔒✅ A quick security reminder: verify before you click. Scammers seem to be pretty active with their fake notifications from 'wallets', 'exchanges', 'social media' and 'business apps'.

Protect your crypto. Don't trust, verify.

🌎⚙️ Content-based addressing. You've probably heard of ENS on Ethereum or searched for NFT metadata on Solana. What unites these two examples is IPFS, a Web3 alternative to the 'classic' Internet. IPFS is a decentralized technology that fits seamlessly into the principles of blockchain, crypto, and the evolving Web3 ecosystem.

Find out more about IPFS and its applications in the blockchain industry:

▶️ Read on Medium: IPFS and its progressive role in blockchain, cryptocurrencies, and Web3

Stay tuned for more updates from SmartState ☺️, follow us on social media to learn about our latest security services and success stories:

🤖 SmartState on X
🟦 LinkedIn
✈️ Telegram
🥳 Medium

📝🔧 Function selectors in Solidity are your Ethereum smart contract roadmap.

Selectors guide the EVM to execute the right function of your code. So what are selectors? Let’s dive in.

Selectors are 4-byte identifiers that tell the EVM which function to call, so selectors are critical for contract execution.

🔍 Visibility matters. Selectors are intended for use by external contracts, so only public & external functions have selectors, as they’re callable externally via the ABI. Internal & private functions don’t have selectors as they are not needed.

🔢 How to derive the selector? First, you'll need the function signature. In Solidity, signature is a string that represents the function name plus its parameter types (not names). To calculate the selector, you should hash the function signature with the Keccak-256 algorithm and take the first 4 bytes. That’s it ✨

An example: for balanceOf(address), the Keccak-256 hash starts with 0x70a08231b98ef4ca…, so the selector is 0x70a08231

🛠 Why care? Selectors enable function dispatching, common standards and contract compatibility, and gas-efficient calls. Selectors are also vital for low-level calls.

Understanding selectors is useful for a better understanding of Ethereum smart contract execution and efficient blockchain development 💻

🤔❗️ Security myth busting: recently we heard the opinion that macOS and iOS are 'invincible' to malware, so using Apple products = 100% user crypto data security.

This is a classic myth, Mac and iPhone malware thrives, so be vigilant 🔍

▶️ An article with the list of Mac viruses, malware and trojans

Always protect your devices and assets 🔓

⁉️ Data breach: Forbes reports 16 BILLION login credentials, including passwords, from Apple, Google, Facebook and other leaked.

▶️ Forbes: 16 Billion Apple, Facebook, Google And Other Passwords Leaked — Act Now

To stay safe online, set strong unique passwords, enable 2FA, monitor suspicious activity 🛡

Have a good Friday, Everyone 👆 🎧

💻 Code quality in blockchain and crypto development means A LOT.
And linters are a powerful tool for increasing quality of your smart contract code.

Discover the benefits of using linters to improve coding efficiency, security, and readability 👇

▶️ Read on Medium: What are linters and how can they help in blockchain and crypto development

Stay tuned for more updates from SmartState 💚, follow us on social media to learn about our latest security services and success stories:

🤖 SmartState on X
🟦 LinkedIn
✈️ Telegram
🥳 Medium

✅ We are all used to hear of DeFi projects losing significant funds because attackers exploited vulnerabilities in the project.

This is a success story: a crypto project actually prevented losses by implementing coordinated blockchain security measures👇

Read an article: DODGING A BULLET

Proactive security measures are always a best practice ✅

🚨 Kaspersky alerts of a new SparkKitty stealer spreading through App Store and Google Play.

Trojan steals sensitive data such as seed phrases from user screenshots.

▶️ Read an article: Your cat pics are at risk: the threat posed by the new SparkKitty Trojan

🛡 Stay cautious, avoid screenshotting your private data

🔒 Crypto security news: Akamai released two new techniques to identify and shut down cryptominer botnets:

▶️ Read the article: Cryptominers’ Anatomy: Shutting Down Mining Botnets

⚙️These techniques aim to effectively halt malicious cryptominer campaigns without disrupting the legitimate pool operation

💻 Have you ever wondered how machines store multi-byte data? This mini article is about Little-endian and Big-endian, two ways to organize bytes. Endianness is a crucial topic in blockchain, crypto, and Web3 security & development. Let's break it down.

➡️ In the big-endian the ‘big’ end (most significant byte or MSB) comes first. For example, the number 0x1234 will be stored 'as is', 12 34. Big-endian is commonly used in network protocols, for example in TCP/IP.

⬅️ In the little endian the ‘little’ end (least significant byte or LSB) comes first. So, 0x1234 will be stored in memory as 34 12. Little-endian is used in modern processor architectures.

So, big-endian vs. little-endian example:
Take the number 0xDEADBEEF:

- Big-endian: DE AD BE EF
- Little-endian: EF BE AD DE

Why care in blockchain & crypto? We use different machines and protocols to store and transfer the data. The order of bytes affects how data is hashed, signed or transmitted. To create a solid and secure blockchain ecosystem, it is important to take care of endianness.

💡 Fun fact: endianness comes from Gulliver's Travels, where factions fought over which end to break the egg from. In 2025, this is still a hot topic for developers building secure Web3 applications.

Be mindful of the endianness and double-check protocol specifications to ensure a consistent data flow across your Web3 system 🚀

⚠️ Phishing in crypto seems to be on the rise. Trezor has recently warned about the exploitation of their support form.

Read the article about the incident: Trezor Issues ‘Urgent Alert’ After Support-Form Exploit Sends Phishing Emails – What Users Must Know

🟢 Do not share your private data with anyone, not even 'legitimate support'

💻❔ What do CoinMarketCap, Cointelegraph, Trezor, Bybit and many other crypto projects have in common?

Supply chain attacks due to lack of frontend security.

It is time to speak up and take frontend security seriously in the blockchain / Web3 industry👇

▶️ Read the article on Medium: Frontend / supply chain attacks in crypto and what to do about it

Stay tuned for more updates from SmartState ☺️, follow us on social media to learn about our latest security services and success stories:

🤖 SmartState on X
🟦 LinkedIn
✈️ Telegram
🥳 Medium

🛡️ Google has released security updates to address the CVE-2025-6554 Type Confusion high severity vulnerability in the Chrome browser 👇

Read an article: Google fixes fourth actively exploited Chrome zero-day of 2025

Time to update your Chrome 🌐

👾 Crypto Security Bingo is here!

Avoid these popular traps like lack of proper checks, clicking phishing links, saving seeds in screenshots.

Play, learn, & stay safe 🛡

📡 Ever wondered how validators can manipulate blockchain transactions for additional profit?

Our latest article dives into MEV attacks, their impact on DeFi, and solutions to ensure integrity in Web3 👇

▶️ Read the article on Medium: Understanding MEV attacks

Stay tuned for more updates from SmartState 💚, follow us on social media to learn about our latest security services and success stories:

🤖 SmartState on X
🟦 LinkedIn
✈️ Telegram
🥳 Medium

🪙💻 Building on Solana? Deciding between Anchor and native Rust for your programs? Let’s break it down! Anchor simplifies dev with macros & tools, while native Rust offers max control. Here’s a quick guide to help you choose:

What’s Anchor? It’s a Rust framework for Solana that cuts boilerplate & boosts productivity. Offers declarative syntax, auto account validation, TypeScript bindings, and more. Perfect for DeFi, NFT, or quick prototyping.

Native Rust gives you full control over Solana programs. You handle accounts, serialization & CPI manually. Ideal for custom logic or performance-critical apps, but needs deep Solana knowledge.

Anchor’s edge:

🔸 Less code with macros
🔸 Built-in basic security checks
🔸 Testing framework & TS support

Downside? Less flexibility for niche use cases.

Native Rust’s strengths:

🔸 Ultimate flexibility
🔸 Fine-tuned performance

But, you’ll write more code & handle security yourself. Risky if you miss a check. Best for low-level protocols.

When to use Anchor?

- New to Solana
- Building DeFi / NFT
- Want fast dev & safety

When to use native Rust?

- Need custom logic
- Performance is critical
- You’re a Solana pro or interested in becoming one 😎

In sum:

✅Anchor’s ecosystem, tools & simplicity make it the go-to for most Solana devs

✅Native Rust is for those who need total control (and can handle it).

Want to dive deeper?

▶️ Check Anchor docs: https://anchor-lang.com

▶️ or Solana docs: https://docs.solana.com

❗️ Bitcoin Depot reports data breach exposing personal data of nearly 27,000 crypto users

▶️ Read an article: Bitcoin Depot discloses data breach that doxed 27K customers

The breach compromised names, phone numbers, and driver’s license numbers, and may have also exposed addresses, birth dates, and emails