Neptune

Friendly reminder that audits don't catch everything. Cetus had three. Ronin had been audited. Bybit's Safe contracts were fine. Combined losses still cleared $1.6 B. An audit tells you what your code looked like on the day someone read it. Everything that happened after is on you. You don't know what you don't know.

Given the recent TanStack-related supply chain compromise activity, I put together a read-only detection script to help identify currently known indicators of compromise and suspicious artifacts tied to the “Mini Shai-Hulud” npm worm activity. The script performs local IOC checks against lockfiles, node_modules, GitHub Actions workflows, known dropper filenames, malicious package versions, credential staging artifacts, and related persistence indicators. No network calls are made. If your environment uses affected TanStack packages, would strongly recommend running it to verify you are clean and review findings manually. https://t.co/R2QLlCBt0q

Had an interview with a “crypto” recruiter. We talked for about 40 minutes, and then they asked me to look at some code. Their first instruction was to clone the repo. I didn’t. They seemed surprised, so I told them I wanted a moment to check whether it was safe first. I ran a quick analysis with Claude. Turns out the code had a backdoor. It would copy my environment variables and send them to a remote server. The recruiter went speechless and ended the call pretty quickly. Be careful who you talk to. Scammers are real.

100,000 North Korean operatives. Deepfake video interviews. AI-generated identities. Stealing millions in IP and crypto while funding nuclear weapons. The hiring process is broken. Companies are unknowingly employing state-sponsored hackers. FBI confirms: $600 million+ siphoned to the regime annually. Your next hire might be working from Pyongyang

Wrench attacks are still climbing in 2026 and they have nothing to do with your keys. Criminals skip the technical side entirely and go straight for the person, with threats, coercion, physical force until you hand over access yourself. Analysts found roughly 45% of reported attack frequency tracks directly with market cap, so as prices rise, so does the violence. Reduce your exposure: keep your public identity separate from your holdings, split day-to-day funds from long-term storage, and audit what's out there with your name attached to it.