The IMU token supports participation and incentives within the Immunefi ecosystem. The platform and the token are governed separately: the platform is operated by Singapore-based Immuni Software Pte. Ltd., while the IMU token is managed by the Immunefi Foundation. Simply put, Immunefi acts as a security shield for Web3.

Who Is Behind Immunefi?

The platform and the token serve different functions. The company delivers cybersecurity services, while the Foundation oversees token usage and ecosystem incentives.

• Founder & CEO: Mitchell Amador

• Founder & CTO: Chris Calamari

The Immunefi platform is developed and operated by Immuni Software Pte. Ltd., headquartered in Singapore. The IMU token is governed by the Immunefi Foundation, which coordinates token distribution and ecosystem utility.

Key Stakeholders and Support

Immunefi is actively used by major L1 and L2 networks such as Ethereum Foundation, Arbitrum, Optimism, Berachain, and Scroll, as well as high-TVL DeFi protocols including Aave, GMX, Synthetix, and Yearn.

The project has raised approximately $29.4–37 million to date. Tier-1 investors such as Electric Capital, Framework Ventures, and IDEO CoLab Ventures stand out on the financial side, while 16% of the total token supply is allocated to early backers.

Protecting more than 650 protocols, Immunefi has also been included in Coinbase’s listing roadmap. The IMU token is accessible via integrations with KuCoin, Bybit, Gate.io, and Bitget, while potential collaborations with World Liberty Financial have recently drawn market attention.

Why Immunefi?

Traditional security models are slow and static. Immunefi promotes the idea of “continuous security.” By redirecting hackers’ financial incentives toward responsible disclosure, the platform enables projects to fix vulnerabilities before exploits occur. The IMU token maximizes trust and speed within this marketplace. Immunefi currently protects over 650 protocols, hosts 60,000 security researchers, and has distributed $125 million in rewards.

• Crowdsourced Security: Vulnerabilities identified early by a global researcher community

• Continuous Monitoring & Preventive Controls: Firewalls, runtime protection, code reviews, and incident response during live operations

• IMU Token: An economic layer incentivizing platform usage and ecosystem contribution

How the System Works

At its core, Immunefi operates through a value flywheel.

• Protocols: Earn IMU credits by expanding security coverage and stake IMU to unlock premium features

• Researchers: Stake IMU to boost rewards and reach higher contribution tiers

• Community & Users: Stake IMU to support researchers or protocols and share in rewards

This self-reinforcing flywheel works as follows: Protocols invest in security → Researchers secure protocols → Community amplifies incentives → The cycle repeats.

How Security Is Layered

Immunefi structures security across six continuous defense layers:

• Pre-Audit: AI-driven checks before code deployment

• Audit: Crowd audits, fuzzing, and formal verification

• Bug Bounties: Live vulnerability disclosure programs

• Monitoring: On-chain threat detection and brand protection

• Last-Mile Protection: Firewalls and multisig reviews

• SecOps: Incident response and attack simulations

Security becomes an ongoing operation rather than a one-time review.

Governance

IMU token holders have indirect participation and governance rights within the ecosystem. The Immunefi Foundation manages token distribution, rewards, and incentives, while the token economy is designed to scale alongside ecosystem growth.

Roadmap

• Early Phase: Smart contract audits and bug bounty programs

• Mid Term: Continuous monitoring, preventive controls, and AI-driven security tools

• Long Term: Expanding the security flywheel and protecting the onchain economy through Immunefi AI

IMU Token Utility

IMU directly addresses incentive misalignment in security. Researchers, protocols, and contributors operate along a shared incentive path, feeding high-quality threat data into the Security OS.

As the system learns from each signal, AI defenses strengthen and protect more value. As risk grows, protocols allocate more IMU toward security, allowing protection to scale with onchain value.

IMU Token Details

• Token Name: Immunefi

• Symbol: IMU

• Total Supply: 10,000,000,000 IMU

Token Distribution

• Ecosystem & Community – 47.5%
  Incentives, bug bounties, staking rewards, partnerships, airdrops, marketing, and liquidity

• Early Backers – 16%
  Vested over three years

• Team & Core Contributors – 26.5%
  Locked for 36 months to ensure long-term alignment

• Reserve – 10%
  Treasury buffer for ecosystem growth and unforeseen needs

Ecosystem Highlights

• Hunt Points Program: Rewards impactful security research

• Crowdsourced Security: Global researcher network

• Continuous Security Ops: AI-powered monitoring and defense

• Self-Reinforcing Flywheel: Compounding ecosystem value

• IMU Incentives: Rewards security contributions

Key Achievements & Features

Achievements

• $25 billion in potential hacks prevented

• $125 million distributed in security rewards

Key Features

• Bug bounty programs for smart contract vulnerabilities

• AI-driven adaptive Security OS

• Staking and reputation systems

• Proactive threat detection with Magnus AI

• Web3 Security Playbook for protocol teams

• On-chain monitoring with Dune Analytics

• Community-driven incentives and governance

Summary

Immunefi delivers a comprehensive cybersecurity ecosystem for Web3 protocols. The IMU token sits at its core, aligning protocols, security researchers, and the community around a shared mission: securing the onchain economy at scale.

Official Links

• Website
• Twitter
• Telegram

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post What Is Immunefi (IMU)? appeared first on Coin Engineer.

Human-Targeted Fraud

ZachXBT alleges on social media and Telegram that the scammer, known by the alias Haby (Havard), carried out operations starting in late 2024. Haby reportedly stole 21,000 XRP (approximately $44,000) and an additional $560,000 through Bitcoin wallets.

Leaked group chats reveal that by February 2025, Haby was boasting a wallet balance of $237,000. Videos show the scammer actively conducting social engineering calls and sharing contact information, with his flashy lifestyle compromising operational security.

ZachXBT has called on Canadian authorities to intervene. Haby’s lack of remorse toward victims and the abundance of evidence make the case relatively straightforward, though Canadian law enforcement rarely prosecutes such cyber crimes.

1/ Meet Haby (Havard), a Canadian threat actor who has stolen $2M+ via Coinbase support impersonation social engineering scams in the past year blowing the funds on rare social media usernames, bottle service, & gambling. pic.twitter.com/bBqrV7GmPi

— ZachXBT (@zachxbt) December 29, 2025

Tracking Stolen Crypto

On December 30, 2024, Haby shared a screenshot showing 44,000 USD worth of XRP stolen from a Coinbase user. The funds were sent to the XRP address rN7ddvk4DrGHZUrBfNARJEEAbPkky9Mwcz. A few days later, Haby posted another screenshot from his Exodus wallet, exposing his Telegram and Instagram accounts. ZachXBT matched past balances to identify a second XRP address.

This new address was linked to approximately $500,000 in two additional Coinbase support frauds. Investigations revealed Haby converted the stolen XRP to Bitcoin via instant transactions. Time analysis helped ZachXBT identify Haby’s Bitcoin address. The traced chain revealed multiple addresses were used, and further investigation uncovered three more Coinbase support scams, generating over $560,000 for the scammer.

Human Psychology in Web3

The case illustrates a growing security crisis in the crypto ecosystem. Scammers now target human psychology as much as technical vulnerabilities. North Korean actors attempting over $300 million in fake meetings and Ponzi schemes in India confirm this trend.

Crypto users must remain vigilant beyond technical security measures, as trust and haste remain the scammers’ most potent tools.

Social engineering losses in 2025 mark new breaking points for Web3 security, emphasizing that user caution is unavoidable.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Crypto Detective ZachXBT Exposes $2M Coinbase Scam appeared first on Coin Engineer.

The platform addresses a critical issue: over 200,000 smart contracts are deployed monthly, but 80% remain unaudited. Traditional audits are slow and expensive, whereas LISA delivers real-time, fast, and affordable security. To date, it has scanned over 200,000 contracts, achieved 90%+ detection rate, safeguarded billions in assets, and prevented millions in potential losses.

Slogan: “Connect. Share. Secure. Earn.”

Team and Founders

AgentLISA’s technical team includes senior security engineers and researchers from Meta, Aptos, and CertiK.

Key advisor:

• Brad Moon, blockchain security researcher

Investors and Strategic Partnerships

The project prioritizes technical output and academic collaboration, including partnerships with Nanyang Technological University (NTU), and is active in South Korea and Asia with events and developer engagement.

The project secured a significant $12 million investment in November 2025. Key backers include:

Investors: Redpoint Ventures, UoB Venture Management, Signum Capital, NGC Ventures, Hash Global, LongHash Ventures, M23 Capital, Kryptos, Fellows Fund, ByteTrade Lab, Summer Ventures, and Woori Ventures.

Strategic Partnerships:

• x402 Protocol: Security integration for autonomous payments

• Questflow: Security for AI agent orchestration

• SurgeOnSui: Pre-audit support for Sui network launchpad projects

• Ecosystem Support: Collaboration with major chains including BNB Chain, Sui, and Aptos, as well as protocol-level partnerships with CertiK and Taiko

Project Concept

AgentLISA analyzes complex smart contracts using a multi-layered architecture with a Tree-of-Thought mechanism, combining rule-based pre-scans with LLM-powered symbolic execution and logical validation.

Future Features (Roadmap Highlights):

• Auto-Repair (automatic bug fixes)

• Proof-of-Concept (PoC) generation

• Advanced LLM models for smart contract auditing

How It Works

AgentLISA executes code analysis as a multi-layered pipeline:

• Code Analysis Pipeline: Contracts undergo both rule-based and logic-based analysis

• Filtering Module: Redundant data removed via semantic slicing and rule-based filters

• Tree-of-Thought Validation: LLM-powered symbolic execution ensures genuine risk detection

• Comprehensive Database: Continuously updated security taxonomy and logic rules feed the system

Governance and Token Details

AgentLISA incentivizes community participation via the “Road to Genesis” campaign and a points system.

Token Information:

• Symbol: $LISA

• Launch: Upcoming

• Contract Address: Not publicly disclosed

• Total Supply: 1,000,000,000 LISA

• Max Supply: 1,000,000,000 LISA

• Circulating Supply: 216,220,000 LISA

Token Use Cases

• Discounts on platform fees

• Access to advanced analytics reports

• Staking rewards

• Future governance voting (DAO)

Roadmap and Future Vision (2025–2027+)

• 2025 Q4 – Public Launch: Multi-chain support, Solidity & Rust contract analysis, $LISA TGE, exchange listings

• December 18, 2025 – Binance Alpha will be the first platform to list AgentLISA (LISA)

• 2026 Q1 – Developer Experience: Hybrid audit workflows with automatic fixes

• 2026 Q2 – Proactive Security: Real-time on-chain monitoring for suspicious activities

• 2026+ – Autonomous Infrastructure: Formal verification integration to establish default Web3 security standards

Features and Ecosystem

• Speed and Accuracy: 99% faster than traditional audits, 90%+ detection rate

• PaymentShield: Extra security for autonomous payments (honeypot & OFAC scanning)

• LISA-Bench: Over 10,000 test cases in the largest open-source blockchain security benchmark

• Accessibility: 5 free scans initially, then ~$0.80 per scan

Ecosystem Highlights

• Developers: Free/credit-based scans and BNB Chain discounts

• AI Agents: Automated scanning and payments via x402

• Community: Public scans, rewards for contributions, events in Asia

• Integrations: DappBay, Questflow, Surge

• Benchmarking: LISA-Bench open source data

Official Links

• Website
• Twitter
• Telegram

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post What is AgentLISA (LISA) ? appeared first on Coin Engineer.

The Cetus incident, which has made waves in the blockchain world recently, was linked by many to a security vulnerability in the Sui or Move platforms. However, according to statements by developers and security experts, these claims are inaccurate. The incident actually occurred due to an error in Cetus’s own math library. They assert that the issue was not caused by a direct vulnerability in the Sui network or the Move programming. A miscalculation in Cetus’s mathematical operations led to incorrect results and unexpected consequences. Therefore, it is considered a problem specific to the Cetus project. 

According to the published report, the network was designed specifically to support the development of more secure smart contracts. The team expressed that it was deeply disappointed to witness such a major incident on a single dApp. They also emphasized that incidents like this are part of the growth process that every major blockchain faces over time. Even the best system designs or programming languages cannot fully prevent human error. 

SUI $10 Million Security Investment 

Sui has taken a significant step to strengthen ecosystem security. It will elaborate on its existing security measures. Additionally, it has allocated $10 million toward audits, bug bounty programs, formal verification, and other security initiatives. Sui is committed to spending an additional $10 million on security efforts. The team is working closely with the developer community to refine its security plans. 

SUI Technical Details 

According to security firm SlowMist’s analysis, the “checked_shlw” function in Cetus’s smart contract failed to perform overflow checks correctly. This flaw allowed attackers to over-mint liquidity with a single token. Research by Verichains indicated that similar mathematical errors might exist in other projects within the Sui ecosystem. However, those projects have started correcting the related issues. 

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post SUI Invests $10 Million in Security After Cetus Hack  appeared first on Coin Engineer.

Millions Lost Within Minutes

The attacker deployed a smart contract from address 0xb32a53… at 07:31 UTC and launched the exploit two minutes later from contract 0x631adf…, draining funds from wallet 0xb5252f… The stolen tokens were quickly converted into USDT, totaling $2,152,219.99.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Cyvers classified the exploit as “critical,” citing abnormal transaction patterns and suspicious contract code. As of publication, the attacker’s wallet remains active and has not moved the stolen assets. No official statement has been issued by the Mobius Token team.

Cyvers noted their system had flagged the malicious contract two minutes prior to the exploit, but it was too late to prevent the loss.

Crypto Exploits Surge in 2025

This incident follows a wave of crypto hacks reported in April 2025, when PeckShield identified over $360 million in digital asset losses from 18 attacks — a 990% increase from March. The largest was a $330 million BTC theft via social engineering.

As the crypto space grows, so do the threats. This attack highlights the importance of not only decentralization but robust smart contract security in protecting investors and protocols alike.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Mobius Token Smart Contracts Exploited on BNB Chain appeared first on Coin Engineer.

Malware Hidden in “Coding Assignments”

Hackers from the group Slow Pisces (aka Jade Sleet / TraderTraitor) approach developers on LinkedIn, offering dream gigs in DeFi or blockchain security. Once trust is built, they send malware-infected coding challenges hosted on GitHub. When opened, these files steal SSH keys, cloud access credentials, and crypto wallet data.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Using Freelance Platforms to Spread

According to Hacken and Cyvers, platforms like Upwork and Fiverr are also being used by attackers posing as hiring managers.

“They create credible profiles and fake resumes just to infiltrate Web3 firms via targeted developers,” says Hayato Shigekawa of Chainalysis.

Security Tips for Devs

• Always use virtual machines or sandboxes to test external code
• Verify job offers via official channels
• Never store secrets in plain text
• Be wary of unverified packages and unsolicited opportunities
• Implement endpoint protection and operational hygiene

“If it looks too good to be true, it probably is,” warns Luis Lubeck of Hacken.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post North Korean Hackers Target Crypto Devs with Fake Job Offers appeared first on Coin Engineer.

Security Issue Resolved, Operations Restarted!

In an X post dated March 18, Four.Meme announced that its launch function is back online after addressing a security vulnerability. Earlier, it had suspended the function, stating the platform was “under attack.”

“The launch function has now been resumed after a thorough security inspection. Our team has addressed the issue and reinforced system security. Compensation for affected users is underway.”

— Four.Meme Team

$120,000 Sandwich Attack Confirmed!

Web3 security firm ExVul reported in a March 18 X post that the exploit was a market manipulation tactic known as a sandwich attack, netting the attacker $120,000.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

According to ExVul, the attacker “pre-calculated the address for creating the liquidity pool’s trading pair” and used one of the platform’s functions to purchase tokens. This allowed them to bypass Four.Meme’s token transfer restrictions.

“Subsequently, the hacker lay in wait for Four.Meme to add liquidity to the transaction, ultimately siphoning off the funds.”

— ExVul

CertiK Also Confirms: The Attacker Escaped with 192 BNB!

Blockchain security firm CertiK confirmed similar details, stating that the attacker transferred an imbalanced amount of unlaunched tokens to pair addresses before the liquidity pair was created. They then manipulated the price at launch for profit.

For example, in the case of the SBL Token, the attacker sent a small amount of SBL Token to the pre-calculated pair address, then made a 21.1 BNB profit by sandwiching the liquidity addition transaction at launch.

In total, the attacker walked away with approximately 192 BNB (worth about $120,000), which they later sent to the decentralized crypto exchange FixedFloat, according to CertiK.

Four.Meme Hit by Its Second Exploit in Two Months!

This attack marks the second time in two months that the Four.Meme platform has been exploited. The previous attack on February 11 resulted in a loss of about $183,000 worth of digital assets.

In the wider crypto industry, February saw $1.53 billion in losses due to scams, exploits, and hacks, with the $1.4 billion Bybit hack accounting for the majority of the losses.

Blockchain analytics firm Chainalysis reported a total of $51 billion in illicit transaction volume over the past year. This increase is attributed to a professionalized era of crypto crime dominated by AI-powered scams, stablecoin laundering, and efficient cybercriminal syndicates.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Four.Meme Restarted Operation After Attacks! appeared first on Coin Engineer.