Tag:

bug

Decrypt logo
NFT Gaming

Bug Bounties Hit Limits as AI Puts Crypto Hackers on Equal Footing

by admin



In brief

  • Mitchell Amador, CEO of Immunefi, told Decrypt at Token2049 in Singapore that AI tools once limited to security firms are now accessible to groups like Lazarus, enabling massive attacks.
  • Bug bounties have paid out over $100 million but have “hit the limits” as there aren’t “enough eyeballs” to provide necessary coverage, he said
  • The $1.4 billion Bybit hack bypassed smart contract security by compromising infrastructure, exposing gaps where defenders are “not doing so hot,” Amador said.

AI has handed crypto attackers the same tools defenders use, and the results are costing the industry billions, experts say.

Mitchell Amador, CEO of Immunefi, told Decrypt during the start of Token2049 week in Singapore that AI has turned vulnerability discovery into near-instant exploitation, and that the advanced auditing tools his firm built are no longer exclusive to the good guys.

“If we have that, can the North Korean Lazarus group build similar tooling? Can Russian Ukrainian hacker groups build similar such tooling?” Amador asked. “The answer is that they can.”



Immunefi’s AI auditing agent outperforms the vast majority of traditional auditing firms, but that same capability is within reach of well-funded hacking operations, he said.

“Audits are great, but it’s nowhere near enough to keep up with the rate of innovation and the rate of the compounding improvement of the attackers,” he said.

With over 3% of total value locked stolen across the ecosystem in 2024, Amador said that while security is no longer an afterthought, projects “struggle to know how to invest and how to allocate resources there effectively.” 

The industry has moved from “a prioritization problem, which is a wonderful thing, into it being a knowledge and educational problem,” he added.

AI has also made sophisticated social engineering attacks dirt cheap, according to Amador. 

“How much do you think that phone call costs?” he said, referring to AI-generated phishing calls that can impersonate colleagues with disturbing accuracy. “You can execute that for pennies with a well-thought-out system of prompts, and you can execute those en mass. That is the scary part of AI.”

The Immunefi CEO said groups such as Lazarus likely employ “at least a few hundred guys, if not probably low thousands working around the clock” on crypto exploits as a major revenue source for North Korea’s economy. 

“The competitive pressures stemming from North Korea’s annual revenue quotas” drive operatives to protect individual assets and “outperform colleagues” rather than coordinate security improvements, a recent SentinelLABS intelligence report found.

“The game with AI-driven attacks is that it speeds up the rate at which something can go from discovery to exploit,” Amador told Decrypt. “To defend against that, the only solution is even faster countermeasures.”

Immunefi’s response has been to embed AI directly into developers’ GitHub repositories and CI/CD pipelines, catching vulnerabilities before code reaches production, he noted, while predicting this approach will trigger a “precipitous drop” in DeFi hacks within one to two years, potentially reducing incidents by another order of magnitude.

Dmytro Matviiv, CEO of Web3 bug bounty platform HackenProof, told Decrypt that “manual audits will always have a place, but their role will shift.”

“AI tools are increasingly effective at catching ‘low-hanging fruit’ vulnerabilities, which reduces the need for large-scale manual reviews of common mistakes,” he said. “What remains are the subtle, context-dependent issues that require deep human expertise.”

To defend against AI-powered attacks, Immunefi has implemented a whitelist-only policy for all company resources and infrastructure, which Amador said has “arrested thousands of these attempted spear phishing techniques very effectively.” 

But this level of vigilance isn’t practical for most organizations, he said, noting “we can do that at Immuneify because we are a company that lives and breathes security and vigilance. Normal people can’t do that. They have lives to live.”

Bug bounties hit a wall

Immunefi has facilitated over $100 million in payouts to white-hat hackers, with steady monthly distributions ranging from $1 million to $5 million. However, Amador told Decrypt that the platform has “hit the limits” as there aren’t “enough eyeballs” to provide the necessary coverage across the industry.

The constraint isn’t just about researcher availability, as bug bounties face an intrinsic zero-sum game problem that creates perverse incentives for both sides, according to Amador. 

Researchers must reveal vulnerabilities to prove they exist, but they lose all leverage once disclosed. Immunefi mitigates this by negotiating comprehensive contracts that specify everything before disclosure occurs, Amador said.

Meanwhile, Matviiv told Decrypt that he doesn’t think “we’re anywhere close to exhausting the global pool of security talent,” noting that new researchers join platforms annually and progress quickly from “simple findings to highly complex vulnerabilities.”

“The challenge is making the space attractive enough in terms of incentives and community for those new faces to stick around.”

Bug bounties have likely reached their “zenith in efficiency” outside of net-new innovations that don’t even exist in traditional bug bounty programs, Amador added. 

The company is exploring hybrid AI solutions to give individual researchers greater leverage to audit more protocols at scale, but these remain in R&D.

Bug bounties remain essential as “a diverse, external community will always be best positioned to discover edge cases that automated systems or in-house teams miss,” Matviiv noted, but they’ll increasingly work alongside AI-powered scanning, monitoring, and audits in “hybrid models.”

The biggest hacks aren’t coming from code

While smart contract audits and bug bounties have matured considerably, the most devastating exploits are increasingly bypassing code entirely. 

The $1.4 billion Bybit hack earlier this year highlighted this shift, Amador said, with attackers compromising Safe’s front-end infrastructure to replace legitimate multi-sig transactions rather than exploiting any smart contract vulnerability.

“That wasn’t something that would have been caught with an audit or bug bounty,” he said. “That was a compromised internal infrastructure system.”

Despite security improvements in traditional areas like audits, CI/CD pipelines, and bug bounties, Amador noted that the industry is “not doing so hot” on multi-sig security, spear phishing, anti-scam measures, and community protection.

Immunefi has launched a multi-sig security product that assigns elite white-hat hackers to manually review every significant transaction before execution, which it said would have caught the Bybit attack. But he acknowledged it’s a reactive measure rather than a preventative one.

This uneven progress explains why 2024 became the worst year for hacks despite improvements in code security, as hack patterns follow a predictable mathematical distribution, making single large incidents inevitable rather than anomalous, Amador said. 

“There’s always going to be one big outlier,” he said. “And it’s not an outlier, it’s the pattern. There’s always one big hack per year.”

Smart contract security has matured considerably, Matviiv said, but “the next frontier is definitely around the broader attack surface: multi-sig wallet configurations, key management, phishing, governance attacks, and ecosystem-level exploits.”

Effective security requires catching vulnerabilities as early as possible in the development process, Amador told Decrypt

“Bug bounty is the second most expensive, the most expensive being the hack,” he said, describing a hierarchy of costs that increases dramatically at each stage.

“We’re catching bugs before they hit production, before they even hit an audit,” Amador added. “It would never even be included in an audit. They wouldn’t waste their time with it.”

While hack severity remains high, Amador said that “the incidence rate is going down, and the level of severity of most of the bugs is going down, and we’re catching more and more of these things in the earlier stages of the cycle.”

When asked what single security measure every project at Token2049 should adopt, Amador called for a “Unified Security Platform,” addressing multiple attack vectors.

That’s essential, as fragmented security essentially forces projects to “do the research yourself” on products, limitations, and workflows, he said. 

“We are not yet to the point where we can handle trillions and trillions of assets. We’re just not quite there at prime time.”

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.



Source link

0 comments
0 FacebookTwitterPinterestEmail
EA Sports FC 26's first patch is here with a nerf to Low Driven Shots, and a fix for that Manager Career bug that had players abandoning the team
Game Updates

EA Sports FC 26’s first patch is here with a nerf to Low Driven Shots, and a fix for that Manager Career bug that had players abandoning the team

by admin


The early access period of EA Sports FC 26 appears to be chugging along nicely, but that doesn’t mean there aren’t any issues to address. The game’s first official patch, version 1.0.2, is now live with a host of changes.

The bulk of the changes in this update affect AI players, as well as Low Driven Shots. Interestingly, some of the tweaks address feedback made all the way back in the game’s closed beta.

Update 1.0.2’s biggest change is a nerf to Low Driven Shots, making them less accurate when shooting with extreme power. Difficult to perform Driven Ground Passes have also been made less accurate, such as those taken at 180 degrees.

There are also a number of changes to the AI, particularly when attacking and positioning. Wingers will now make attacking runs into the box more often, and Wing Backs will stop dropping too deep in their own half of the pitch when their team is in possession.

The patch fixed a bug that would sometimes cause AI players to not make runs into open spaces when they should, too, and improved their “offside awareness.” One of the more amusing bugs that the patch also fixed has to do with Manager Career players leaving the team during sims. Read on below for the full change log:

Gameplay

  • Tuned Low Driven Shots based on your feedback in the Closed Beta to be less accurate when shooting with an extreme amount of power.
  • As part of our AI attacking updates based on your feedback, made the the following changes:
  • Increased frequency of wingers making attacking runs into the box.
  • Wing Backs will no longer drop too deep in their own half when their team is in possession.
  • Improved teammate offside awareness.
  • Addressed instances of players not making runs into open space when it could be beneficial.
  • Improved positioning of players when playing with low defensive depth so that they’re not pushing too high up the pitch.
  • Center Backs are now less likely to run wide when marking central attackers.
  • False Backs now transition more intelligently to defense to better maintain defensive shape.
  • A goalkeeper dive indicator now displays where an incoming shot is coming from.
  • Changed the Camera Pan input based on your feedback and to avoid button conflicts.
  • As shared on the EASFC Tracker, we’re continuing to work on Be A Goalkeeper updates to improve the gameplay experience. We’ll share more details in the near future.
  • Improved cases of unexpected heavy touches when sprinting in wet weather Authentic gameplay based on your feedback.
  • Improved instances of Ground Passes unexpectedly falling behind the intended receiver.
  • Tuned difficult to perform Driven Ground Passes to be less accurate, for example, first time Driven Ground Passes taken at 180 degrees.
  • Addressed incorrect shooting animations that sometimes occurred when attempting lace shots, resulting in unexpected behavior.

Image credit: EA Sports/VG247

Ultimate Team

Addressed the following issues:

  • Players weren’t always able to enter multiplayer gameplay after accepting a Co-Op invite.
  • Player Item portraits were sometimes misaligned on the Squad screen.
  • A stability issue could have occurred after completing the Onboarding and viewing your Squad for the first time.

Career Mode

Addressed the following issue:

  • Players could’ve incorrectly left your club when simming through the calendar.

General audio and visual

Made the following changes:

  • Updated some star heads, kits, and placeholder text/images.

Addressed the following issues:

  • [PC Only] Adjusting display settings while in Borderless could have unintentionally resulted in performance loss.
  • [PC Only] Addressed a few instances of controllers not recognizing inputs. We will continue to investigate this and other reported PC issues and provide updates in the near future.
  • Addressed a number of stability issues that could have occurred.

FC 26 has been live for Ultimate Edition owners for several days now, but it officially goes live for everyone else tomorrow, or today if you’re on PC. We’ve put together a few guides to help you in these early days, such as our recommendations and tactics codes for the best formations, the best young players to sign in Career Mode (Wonderkids), the fastest players in EA FC 26 and more.



Source link

0 comments
0 FacebookTwitterPinterestEmail
The Beast Is Being Ruined By An Annoying Rain Bug
Game Reviews

The Beast Is Being Ruined By An Annoying Rain Bug

by admin


I’m really enjoying Dying Light: The Beast, the latest open-world zombie RPG from Techland. However, when it starts to rain in The Beast, the game starts to become a hard-to-play mess that is ruining what is otherwise a damn fine experience. Thankfully, the devs are aware and are working on a patch.

Originally planned to be a big DLC expansion for 2022’s Dying Light 2, Techland eventually realized it was big enough to be its own standalone game. And after playing about 16 hours of the zombie RPG–which is out now on consoles and sees the return of OG protagonist Kyle Crane–I think it might end up being one of my favorite games of 2025. Techland has once again successfully blended horror, parkour, and melee-focused action into something great. Setting the whole game in the gorgeous Swiss Alps also doesn’t hurt. But apparently, in the Alps, they have much more powerful rainstorms than over here.

Last night, while in the middle of a quest to grab some special gas that attracts super zombies, it started to rain. “No big deal,” I thought to myself, unaware of what I was about to experience. When I reached a large refinery containing a secret lab where the gas was located, I fought my way in and discovered that uh, the rain was falling through the building. And making things worse, the game’s lighting tech seemed (understandably) unprepared for such an event to occur, and it became very dark and incredibly hard to see where I was going. I pressed on and discovered the super rain also appeared in cutscenes.

Once I got a big can of the super gas, I took it to a nearby truck and popped it in the back to more easily get it to my destination. Weirdly, the rain outside was gone. Props still looked wet, and I could hear the rain falling, yet nothing was falling from the sky. When I got in the truck I discovered that, as far as the game was concerned, it wasn’t raining anymore, which was awkward as my windshield was still being drenched in water, but the wipers wouldn’t work. The only way I could get the wipers to function was to run over zombies and get enough blood on the glass to trigger them. Eventually, I just drove backwards, as the truck’s rear window wasn’t covered in rain.

©Techland / Kotaku

Techland has a fix incoming for Dying Light‘s indoor rain

After winning a boss fight and returning to a safe zone to complete the quest, I decided to reset the game, which did put a stop to the strange weather. But now I fear the rain’s return. Thankfully, Techland is working on a patch that it plans to push out very soon.

“We’re aware that you’re experiencing issues with Indoor Rain and the Disturbed Day/Night Cycle, and fixing them is our top priority,” said Techland in an update posted to Steam over the weekend. “We already have a fix prepared, but because this bug only appears in rare situations, it takes a lot of extra testing. We’ll continue these tests over the weekend and most of Monday, and if no new occurrences of this issue appear, we’ll release the hotfix to players right away on PC. This is our goal. If, however, we still spot any occurrences of the bug, we might need to go back, adjust the fix, and then re-test it again.”

So that’s good news. But even after the patch, I’ll still be nervous that the super rain will return. Perhaps it’s the same horrible rain we dealt with years ago in the remastered version of Grand Theft Auto: San Andreas? Where will this annoying rain appear next? Is any game safe? We’ll keep you updated on the rain situation as it continues.

Update: 9/22/2025, 12:55 p.m. ET: Just a few moments after posting this, Techland pushed out the rain-fixing patch on PC. The developer says the update is coming to consoles “soon.”



Source link

0 comments
0 FacebookTwitterPinterestEmail
Another Borderlands 4 patch aims at addressing performance issues, bug fixes
Game Reviews

Another Borderlands 4 patch aims at addressing performance issues, bug fixes

by admin


A new Borderlands 4 patch is now live, and it’s aiming to add some much-needed fixes for some ongoing problems in the game.

BL4 has been a hit with fans when it comes to gameplay. But a lot of issues with optimization have plagued the game’s reputation online, both for PC and console players. This latest update aims to fix some of those problems, and Gearbox says that optimization is the game’s top priority right now before anything else.

Here’s everything new and different in the latest Borderlands 4 update from Sept. 18.

Table of contents

  • Borderlands 4 Sept. 18 patch notes
    • Stability 
    • Gameplay & Progression 
    • Loot & Items 

Borderlands 4 Sept. 18 patch notes

Image via 2K

Stability 

  • Addressed crashes tied to animation states, audio, and collision checks
  • Addressed various GPU-related crashes

Gameplay & Progression 

  • Resolved an issue where the Reward Center could stop working after claiming the Gilded Glory Pack rewards
  • Addressed a progression blocker in the mission “Talk to Zadra,” where the objective could fail if players exited and relaunched mid-dialogue
  • Corrected “Doesn’t own DLC” warnings incorrectly showing up on non-DLC gear
    • This will be fixed on consoles in the coming days.

Loot & Items 

  • Updated loot pools so Gilded Glory Pack guns no longer appear in standard chests 

The full patch notes for today’s update can be found on the Gearbox website.

Like our content? Set Destructoid as a Preferred Source on Google in just one step to ensure you see us more frequently in your Google searches!

The post Another Borderlands 4 patch aims at addressing performance issues, bug fixes appeared first on Destructoid.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Screenshot from Destiny 2
Product Reviews

Destiny 2’s latest game-breaking bug: Players can no longer respawn in solo activities… Like, at all

by admin



This afternoon my Destiny 2 clanmate texted me to say: “If you die in Solo Ops or Patrol you can no longer respawn 😂”. That can’t be right, I thought. That would be such a fundamental bug that it would effectively break the game. Anyway, I loaded in, did some testing, and you can probably guess where this is going.

We are investigating an issue where players are unable to respawn in Solo Ops activities after dying. We are attempting to solve this issue as soon as we’re able. More information will be provided when available.September 16, 2025

From my own experience, once you die the respawn button will appear after the usual countdown, but cannot be interacted with. In order to start playing again you either need to go to orbit (ie, leave the activity) or switch characters. Which is as big a problem as it sounds. The bug even seems to extend to Patrol zones, although I was occasionally able to self-revive.

Quite how long it will take to fix is anyone’s guess, but as you can tell by the tone of Bungie’s tweet, this is a four alarm fire. You cannot have players trying to complete every solo activity in the game on a single life. I would love to tell you I’m surprised that a bug of this size has made it into the live game, but as we’ve been writing about recently, Destiny 2 is currently in a parlous state, both in terms of its biblical-sized swarm of bugs and player sentiment towards the systemic changes introduced with the Edge of Fate expansion.


Related articles

Only this morning, I woke up to find a message from a different clanmate about a bug, this time involving a legendary sword that is one-shotting some of the hardest enemies in the game. The only criteria is you need to have no ammo and jump as you light attack with the sword.

See below:

The Most Broken Bug EVER Goldtusk IS BUSTED! No Ammo INSANE DPS One Shot BOSSES – Destiny 2 – YouTube

Watch On

Meanwhile, the exotic hand cannon Sturm is still giving players a +380% damage buff to all outgoing ability damage. Needless to say that is very much not intended. So far, Bungie has disabled the hand cannon in the Trials of Osiris PvP mode, but let the bug slide in PvE. That’s probably because, with the community in near-constant tumult, the studio would rather not be accused of being the fun police.

Perhaps painting itself into a corner, on a recent Bungie livestream the developers said they were pausing any non-critical balance fixes, although Sturm surely qualifies as the kind of critical bug that will have to be fixed sooner rather than later.

Anyway, here’s how you can take advantage of it for now:

This Game Breaking “Build” DELETES Bosses! Destiny 2 – YouTube

Watch On

And whilst those bugs might sound fun, they are merely the wacky cherries on top of an otherwise fetid cake. Pay a visit to Bungie’s ‘Known Issues’ page for the Edge of Fate and you will find the Magna Carta of bug lists. Here are some random highlights:

On and on it goes, so much so that I can only feel sorry for Destiny 2’s embattled community team, which forms the frontline when it comes to dealing with players’ understandable fury. No wonder they sound downbeat today:

It sucks that we’ve been unable to build positive momentum. Too many bumps in the road and missteps.I truly believe we are beginning to shift and head in the right direction.Roadmap to come, and I hope it helps us to rebuild trust as we move towards Renegades and beyond.… https://t.co/qpO0YAaorWSeptember 16, 2025

Still, at least Bungie has seen sense about the recent armor controversy and effectively given players the chance to earn what would have been a paid set of armor as an in-game reward instead. Although honestly the fact I’m giving credit for that is probably a form of Stockholm Syndrome at this point.





Source link

0 comments
0 FacebookTwitterPinterestEmail
First Metal Gear Solid Delta Update Addresses Crashing Issues And Floating-Snake Bug
Game Updates

First Metal Gear Solid Delta Update Addresses Crashing Issues And Floating-Snake Bug

by admin



Konami has released the first update for Metal Gear Solid Delta: Snake Eater on all platforms. The patch notes mainly detail fixes for crashing issues that occur in specific situations for the stealth game, though there is a silly bug addressed that sees Snake floating in midair.

Metal Gear Solid Delta players could previously see Snake hovering above the ground sometimes by “transitioning from a roll into a crawl.” Overall, the update for the game brings it up to version 1.1.2. The patch actually rolled out yesterday, August 28, on Steam, while it’s going live today on PS5 and Xbox Series X|S.

Size:640 × 360480 × 270

Want us to remember this setting for all your devices?

Sign up or Sign in now!

Please use a html5 video capable browser to watch videos.

This video has an invalid file format.

Sorry, but you can’t access this content!

Please enter your date of birth to view this video

JanuaryFebruaryMarchAprilMayJuneJulyAugustSeptemberOctoberNovemberDecember12345678910111213141516171819202122232425262728293031Year202520242023202220212020201920182017201620152014201320122011201020092008200720062005200420032002200120001999199819971996199519941993199219911990198919881987198619851984198319821981198019791978197719761975197419731972197119701969196819671966196519641963196219611960195919581957195619551954195319521951195019491948194719461945194419431942194119401939193819371936193519341933193219311930192919281927192619251924192319221921192019191918191719161915191419131912191119101909190819071906190519041903190219011900

By clicking ‘enter’, you agree to GameSpot’s

Terms of Use and
Privacy Policy

enter

Now Playing: Metal Gear Solid Delta: Snake Eater Review

Earlier this week, The Boss voice actress Lori Alan marked the launch of Metal Gear Solid Delta by dressing up as the character she first helped bring to life in 2004’s PS2 classic. The new game utilizes the original’s voice recordings (except in a few spots), something that Snake voice actor David Hayter wished he could have changed. Meanwhile, the developers behind Metal Gear Solid Delta hope series creator Hideo Kojima sees how “respectful” it is.

Looking ahead, the game will get a hide-and-seek multiplayer mode called Fox Hunt in the fall. For more, check out GameSpot’s Metal Gear Solid Delta: Snake Eater review. The full patch notes are below:

Version 1.1.2 Patch Notes

  • Resolved an issue where performing consecutive survival knife attacks to secure food could cause the game to crash under certain conditions.
  • Fixed an issue where removing the Crocodile Cap from the Survival Viewer while equipped could cause the game to crash under certain conditions.
  • Addressed crashes that could occur when collecting food near a hungry crocodile under certain conditions.
  • Corrected an issue where transitioning from a roll into a crawl could cause the character model to float in midair.
  • Fixed an issue where player movement could become restricted under certain conditions in areas where Intrusion View is used.
  • Resolved an issue where the game could crash under certain conditions while in Radio Window.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Close