New issue of Burn Notice #5# 🔥 Two disclosure programs went dark in the last week. Zcash Community Grants closed its vulnerability bounty program, and THORChain is in an open dispute with a researcher over a retired one, both pointing at the volume of AI-generated reports. I know exactly what that volume does to a program, the days lost reading plausible nonsense to find the one real report underneath. The instinct to close the program is something I could understand but is never a valid response. The cost of finding a bug in old, forgotten code is dropping fast, because decompilation is good now and models are cheap, and the paid channel that routes an honest finding back to you is the part getting cut at the same moment. This was the week Aztec Connect lost $2.19M on a contract nobody could pause and Verus fell to a bridge-failure class that Wormhole and Nomad already paid for in 2022. You can read more about what happened in the last week of crypto security in the newest issue of Burn Notice down below.