Privateering Praised for Rapid Hack Asset Recovery
Why @perkinscr97 is a fan of privateering for hacks like Drift: "If there's a hack and guys like ZachXBT spring into action immediately to recover those assets." https://t.co/8bYXWatFF8
Balancing Speed and Due Process in Stablecoin Hacks
"When there's a hack, latency is everything. Due process vs. latency. If you just start freezing everything, you lose confidence in the underlying stablecoin. But if you go through due process, which takes time, it doesn't reconcile." -- @perkinscr97 https://t.co/jfZlSDnB86
Questioning TestFlight Use After Drift Hack Tactics
"Do you stay away from TestFlight right now?" -- @perkinscr97 on the tactics used in the Drift hack https://t.co/8bYXWatFF8
Nation‑state Attacks on Startups Guarantee Their Own Victory
"When a nation-state attacks a startup, the nation-state is going to win every single time." -- @perkinscr97 https://t.co/jfZlSDnB86
Seal911 Success Highlights Need for Stronger Endpoint Security
"The fact that that Seal911 has been the saving grace for a bunch of teams shows that people could put more resources into better endpoint security." -- @llewellenmichael https://t.co/8bYXWatFF8
North Korea Bypasses 2FA Using Stolen Tokens, Evading AV
“It doesn’t matter that you have 2FA. They can just use that token to be you.” @tayvano_ on how DPRK bypasses 2FA entirely — and why most antivirus won’t detect it. With @kaiynne and @LucaNetz on @unchained_pod: https://t.co/izx08LxSbO
Circle's Judge‑order Rule Blocks $285 M Hack Freeze
Circle had the ability to freeze over $285M in stolen USDC from the Drift hack. They declined — their policy requires a judge’s order first. @tayvano_ explains why that’s the wrong call, and how Tether does it differently. Timestamps: 🚀 0:00 Introduction 🏦 11:21...
Tokenization Breaks Ethereum Fee Dependence on Market Cap
Ethereum's fee base is almost entirely tied to crypto market cap. Stablecoins, liquid staking, lending — all of it moves with the broader market. @jimferraioli points out that tokenization is the first use case that breaks that dependency. On @bitsandbips with...
Bitcoin Is a Risk Asset, Not a Safe‑haven Hedge.
.@Steven_Ehrlich’s interview with @JimFerraioli (Charles Schwab) demolishes the “Bitcoin as safe haven” narrative. His case: it’s a risk asset, period. But as a long-term debasement hedge? That’s where the real thesis lives. @bitsandbips Timestamps: 🏛️ 3:26 Is crypto just ping-ponging off Trump headlines? 📉...
Hope Hyperliquid Is Conducting Emergency Security Review
I really hope Hyperliquid is in a war room right now assuming they’ve already been compromised and reviewing every last thing they’ve done for the last year and a half …
Crypto Reporting Feels Like a Hollywood Thriller
Covering crypto as a journalist is like living in a Hollywood movie … I only wish this were fiction
New Attack Exposes Massive Vulnerability—Review Now
I called the attack “chilling” only from what details we knew on Thursday. What actually happened is orders of magnitude more chilling. READ THE WHOLE THING. If you work in this industry, you or your protocol may be a sitting...
Evidence Suggests North Korea May Have Orchestrated Drift Attack
Are North Korean state actors behind the Drift Protocol attack? @omeragoldberg says the markings are there, while sharing what it would take to confirm the speculation 👇 https://t.co/8SgvDYy6Lx
Drift Hack Exposes DeFi Audits Gaps and Possible NK Threat
Another week, another DeFi exploit 🫠 @omeragoldberg joined me to unpack the Drift Protocol hack: ⁉️ What went wrong? 👀 How the attack resembles the Mango DAO and Resolv exploits 🤔 Why was Circle so slow to react? ⚠️Are North Korean state actors behind the...
NFL May Ban Prediction Markets Amid Legal Tests
Laws around who can participate in prediction markets are being tested, but @_Ryne_Miller says the NFL could call it 🏈 What do you think? 👇 https://t.co/QefdYUnb8I
Quantum Threat Makes Crypto Existential, Not Just Technical
What keeps me up at night about quantum is that centralized companies can just rewrite their ledgers when hacked. Bitcoin can't. That's why a quantum threat to crypto isn't just a tech problem, it's existential. 👀 h/t @apruden08 https://t.co/ZZnqMsa0hq
Seeking Experts to Explain Circle’s Drift Hack Response
🎙️ Who would you like to hear from about how Circle handled the Drift hack? I've reached out to Circle, some former prosecutors, and Seal 911, and haven't gotten anyone yet who can do it ... Taking suggestions 👇
Crypto Protocol Designers Could Face Legal Liability Next
Could crypto builders face legal liabilities for protocol design? 👀 @TuongvyLe12, Jessi Brooks & @_Ryne_Miller discuss the verdict against Meta and YouTube and if crypto is next. https://t.co/FtAURkt30R
9‑Minute Window Poses Existential Risk to Bitcoin
When I first heard about on-spend attacks, I immediately thought: this is scary. @apruden08 on why the 9-minute window creates an existential risk for Bitcoin 😱 https://t.co/t4lZ3iQxIm
Crypto’s Core Strengths Threaten Its Quantum Future
Here's the irony: the things that make crypto work, immutability, decentralization, public addresses, are exactly what make it extremely vulnerable to quantum computers. @apruden08 on why blockchain faces a deadline other systems don't. 😓 https://t.co/7Lt08CnIfJ
Single Sanctioned Transaction Can Freeze Entire DeFi Protocol
Wondering about this technical constraint I heard on @bitsandbips this week: @austincampbell on Ethereum. If you want permissionless settlement + real world assets, can you not have complex DeFi stacking on top? One sanctioned transaction freezes a pool, you brick the...
Durable Nonces Are Intentional Feature, Not a Bug
SOLANA FOUNDER JUST SAID IT OUT LOUD: “durable nonces observed on chain” ⚠️ Not a bug… it’s a permanent feature of how on-chain authority works. Every system has this invisible attack surface. ~ @omeragoldberg https://t.co/1jXnOLapcr
Token Prices Reflect Past Exploits, Not True Value
“what is the legitimate price of a token?” 👀 That single question keeps getting crypto into chaos During the Mango Market attack era, this same debate popped up again — manipulation vs “fair pricing” In DeFi, price is just the last exploited equilibrium ~...
Fake Collateral Added, Enabling Oracle Manipulation on Drift
💥 DRIFT EXPLOIT BREAKDOWN 💥 “They added CVT as a new collateral asset on the Drift Protocol” That single move changed everything. Whitelist a fake asset → use it as collateral → start manipulating the oracle + market feed. Game over waiting to happen. ~...
Infinite-Parameter CVT Token Flagged as Dangerous Weapon
🚨 “this is not a Why would that flag that this coin could be so dangerous” 🚨 That’s the red flag moment no one acted on. They created a CVT token with wild parameters—infinite everything. On paper it looked broken. In reality? It...
Second Cosignature
2-of-5 in ONE second tells you everything 🚨 “Immediately signed by a second cosigner one second after it was created” That kind of speed is just wild. The admin key was already exposed. ~ @omeragoldberg https://t.co/DpFazTNV4V
Old Multi‑Sig Signer Omitted Themselves, Triggering Drift Confusion
The most confusing detail in the Drift hack… until it clicks 😬 “a signer from the old multi-sig… created it but then… did not add themselves to the new role” That reads like compromised access during migration. ~ @omeragoldberg https://t.co/DpFazTNV4V
Attackers Exploit April Fool’s Uncertainty to Launch Confusion
They allegedly waited for APRIL 1st 🤡 “some of the speculation was that they waited until April Fool’s Day” Confusion as a weapon. When nobody knows if it’s a joke… attackers already moved. ~ @omeragoldberg https://t.co/DpFazTNV4V
Speed and UX Can't Replace Security Audits
Even “hyperliquid” systems have centralized spots ⚠️ Teams make trade-offs for UX and speed. But that doesn’t excuse skipping security audits. ~ @omeragoldberg https://t.co/DpFazTNV4V
Admin Keys Threaten DeFi; Implement Circuit Breakers
“Admin key can drain all funds. Otherwise DeFi means nothing.” ⚠️ Every protocol should have circuit breakers, timelocks, and emergency security councils. Sacrifice a bit of UX. Save billions. ~ @omeragoldberg https://t.co/DpFazTNV4V
Attackers Leveraged Signers, Oracles, Fake Tokens, Massive Pools
They didn’t just steal. They manipulated signers, touched oracles, faked tokens, and ran massive pool volumes. 💥 Next-level attack. ~ @omeragoldberg https://t.co/DpFazTNV4V
Circle Acts After Courts; Hackers Moved $300M Unchecked
Circle does blacklist addresses, but only after legal processes ⚖️ Meanwhile, hackers ran $300M through CCTP unchecked. ~ @omeragoldberg https://t.co/DpFazTNV4V
Circle Acts Only When Legally Compelled, Leaving Billions Unchecked
Circle historically only moves when legally forced ⚖️ Otherwise? Reluctant to act. That’s billions in stolen crypto left unchecked. ~ @omeragoldberg https://t.co/DpFazTNV4V
Web2 Mindset Misses the Mark in Web3
“Wasn’t paranoid enough.” 😬 Top 10 hack, billions in TVL, and the team still got caught off guard. Classic Web2 ops fail in a Web3 world. ~ @omeragoldberg https://t.co/DpFazTNV4V
Solana Hack Spreads Across 20+ Protocols, Proving Contagion
“This hack hit over 20 protocols.” 🔗 Drift wasn’t just a single platform — it spread like wildfire through the Solana ecosystem. Contagion is real. ~ @omeragoldberg https://t.co/DpFazTNV4V
Billions in TVL, Yet No Alerts for Core Team
“All of this happened without any alerts to the core team.” 🚨 Billions in TVL and no alarms. That’s the whole problem. ~ @omeragoldberg https://t.co/DpFazTNV4V
One Compromised Signer Can Collapse Massive TVL
“So much TVL… you’d want to see who’s signing is actually who you think it is.” 🔑 One compromised signer and it’s over. ~ @omeragoldberg https://t.co/DpFazTNV4V
Who Should Explain Tomorrow’s Drift Protocol Hack?
🎙️ Who would you want to hear from tomorrow about the Drift Protocol hack? 👇🏻
Collaboration Shifts From Reading Code to Planning
"You used to have to be able to understand the code itself, and if you didn't have that shared mental model, you can't collaborate. But now that humans aren't writing the code, you have to shift from the code itself...
System Prompt Just Repeats “Don’t Do Illegal Things”
"The system prompt is literally just saying over and over, 'Don't do illegal things.'" 😂 -- @kaiynne https://t.co/s7Jw0sjSwI
China Probes Anthropic Models; Claude Code Reigns as Top Harness
"China did these weird attacks where they were trying to use the model to figure out what it was doing ... the value of Anthropic is based on the models, not on this harness, but everyone is using Claude Code,...
Even Sloppy Code Can Make Agents Surprisingly Effective
Re Claude Code hack: "The people who should be best at using agents are not. ... the code is so cobbled together and slop-filled — and yet it works." -- @kaiynne https://t.co/TvMSeHiXJj
Key‑compromise Attacks Demand More Work than Usual
re Drift: "As far as key compromise hacks go, they had to do more work than normal." 😂 -- @tayvano_ https://t.co/TvMSeHiXJj
Solana's Transfer Limits Vulnerable to Hacker Manipulation
"Solana has all these policies. They have a limit on how much money can be moved at any given time ... but that limit can be changed by the hacker ..." -- @tayvano_ https://t.co/s7Jw0sjSwI
US Government Trumps Code: Circle Won’t Freeze Coins
"It's not code is law, but it's only the US government is the law." -- @kaiynne on how Circle won't freeze coins https://t.co/TvMSeHiXJj
USDC Refuses Freezing Assets without US Government Request
"The problem is that USDC is just not it — they just don't ... I haven't heard a good explanation for why they're so hesitant to freeze things." -- @kaiynne @tayvano_ : They won't do it unless the US government...
Malicious Axios Dependency Silently Compromises Projects
"They'll push a dependency to Axios so that anyone who used these packages or worked on projects that had these packages in them are compromised. Then they get one person on a call and make them run that... It's silent...
Can Burning Satoshi's Coins Curb Quantum Risk?
Is burning Satoshi's coins the right path to solve [part of] the quantum threat? https://t.co/LVOy35zOxM
Quantum Threat May Reach Bitcoin Within One Block
Google now warns quantum attacks could happen within Bitcoin’s block time. Are we closer than we think? I’m speaking with Alex Pruden and Dolev Bluvstein about what this means for crypto. https://t.co/LVOy35zOxM
Elliptic Curve Crypto Underpins All Protocols—Removing It Requires Complete Rebuild
"Everything relies on elliptic curve cryptography. If you remove that foundation, you need to rebuild EVERYTHING. The issue? Most protocols use this." https://t.co/OMA9HmxIQs
