sudo rm -rf --no-preserve-root /
@pcaversaccio
ππ¨π«π€π’π§π π¨π§ π°π‘ππ'π¬ π§ππ±π. κΌGκΌ: 063E 966C 93AB 4356 492F E032 7C3B 4B4B 7725 111F
We, the Ethereum Cypherpunks, act on principles. We fucking care about privacy. We fucking care about security. We fucking care about censorship resistance. And we will always fucking defend these core principles. I wrote the Ethereum Cypherpunk Manifesto because this shitβ¦
What Ethereum needs is a lot of young blood who shared the cypherpunk vision. All OGs are jaded. Itβs on the next generation now.
this is 2025βs most fascinating security find imo: a "zeroβday" that hackers were quietly positioning upon, betting it'd stay hidden while the future payoff grew. thankfully caught just in time by the good guys. outstanding work by @deeberiroz @pcaversaccio @dedaub
It gets even more fancy: the way Etherscan was tricked showing the wrong implementation contract is based on setting 2 different proxy slots in the same frontrunning tx. So Etherscan uses a certain heuristic that incorporates different storage slots to retrieve the implementationβ¦
I should mint this image as an NFT and send it to you guys, so you can hold it until you fix your shit.
besides being easier to scan at a glance (`_only_role_or_open_role` > `onlyRoleOrOpenRole`) and dodging acronym ambiguity (`api_http_status_code` > `apiHTTPStatusCode`/`apiHttpStatusCode`/`apiHttpstatusCode`), snake_case is way more grep-friendly (i know you all use `git grep` inβ¦
unfortunately most people in ethereum still use curly-brace languages, so it's "onChain" (though if you join the python+vyper gang you can start using "on_chain" today π)
βNo regular person uses a VPNβ shows that he clearly hasnβt seen the bajillion creators hawking VPNs in every video.
Treating privacy like a red flag is how we normalise surveillance. Saying "no regular person uses a VPN" is one of the most ignorant and retarded takes you can have. I can't believe how full of shit this FBI guy is. It's not just wrong; it outright dismisses the idea that anyoneβ¦
This first witness in Roman's trial immediately caught my attention bc the victim was a classic Pig Butchering case. The only issue is....uh.....those scammers don't use Tornado Cash? And they never have? So, like, wtf?
The first witness in Roman Storm's trial was fascinating for many reasons. A Taiwanese American who works as a court translator, Prosecutors walked "Katie" Lin through her communication with a scammer who contacted her through WhatsApp and ultimately talked her out of $190k. π§΅
Treating privacy like a red flag is how we normalise surveillance. Saying "no regular person uses a VPN" is one of the most ignorant and retarded takes you can have. I can't believe how full of shit this FBI guy is. It's not just wrong; it outright dismisses the idea that anyoneβ¦
Storm's Patton: People use privacy application online, like VPNs - criminal sometimes use them, right? FBI's DeCapua: You are conflating with VPN proxies. Patton: They are extremely common, right? DeCapua: I don't think a regular person would use it [?]
This is similar to how I feel about MM. They are squandering their advantage (and Ethereums lead to an extend) by not innovating and holding the whole wallet space back. I'm grateful for their early contributions, but its time to rethink Ethereum and Crypto UX!
iirc I first started using MM sometime in early 2017. Back then, they really did a solid job in onboarding new people (and also the wallet quality was nice for the early days); kudos for that. These days, though, I've been using Rabby alongside it for a while, the quality isβ¦
Exploit Bounty Opens We will allow the attacker a 12h grace period starting now to contact us, after which a bug bounty will be opened rewarding 10% of funds returned if the intel leads to a recovery. We already have several leads regarding the IP addresses and on-chainβ¦
BlockThreat - Week 28, 2025 π Sponsored by @SecurityOak π₯ Mass exploitation of proxy contracts discovered by @deeberiroz and whitehatted by @pcaversaccio @dedaub and @_SEAL_Org πΈ @GMX_IO reentrancy hack $42M ($37M recovered) πΈ @KintoXYZ uninitialized proxy. $1.55M
Lessons for security experts: Audit proxy inits rigorously. Monitor delegatecall chains (easy to do in our app) & ensure storage integrity with complex proxying patterns. Props go to @deeberiroz @VennBuild @pcaversaccio @_SEAL_Org Stay vigilant.
Just mitigated: The CPIMP Attack β a stealthy front-running exploit infecting 100s of DeFi proxies across many protocols Attacker inserts hidden proxies that self-restore, spoof Etherscan, and lie dormant for high-value strikes Tens of millions at risk dedaub.com/blog/the-cpimpβ¦
It is important to have principles and stand up for your beliefs, especially in hard times. Looking at the market, it sure looks like we're in easy times right now. If folks won't put their crypto where their mouth is now, when will they? Heed @pcaversaccio 's wisdom and make aβ¦
The level of hypocrisy in this space makes me vomit every fucking single day. Roman is standing up for what crypto was meant to be (=censorship-resistant, immutable, and privacy-first code) he's paying a real price for it. Meanwhile, you retards throw 500 million into anotherβ¦
Dear Software Community, ππ It's Roman Storm here. As my trial begins on July 14, we're facing an unexpected hurdle: β οΈ What started as a planned 2-week trial is now expected to last 3-4 weeks due to complex legal arguments and unforeseen witnesses and evidence. This meansβ¦
Special thanks to @pcaversaccio, @deeberiroz, @VennBuild, @seal_911, and everyone in your team who helped flag! Weβll keep this thread updated if any new, relevant info emerges. As always, weβre actively monitoring 24/7 to keep the community safe.