Thirdweb identified vulnerability but no exploitation. Limited window for Web3 firms to prevent security breach.