Olivia
Online
BitsLab
@0xbitslab
Securing and Building EMERGING Web3 Ecosystems
☂️ @MoveBit_ | @ScaleBit_ | @TonBit_
Joined July 2024
101 Following
2K Followers
354 Posts
🚀Move Web IDE — latest release✅
Auto Completion is now live in the LSP WASM build.
Get contextual suggestions as you type — keywords, variables, functions, structs, modules, and more.
View symbol types, icons, signatures, and type details in the suggestion popup.
🔘Press Enter or Tab to complete.
No install. No setup. Open and code.🙌
🔗https://t.co/CGVTaQILhl
#Sui #Move #Web3 #DevTools
The future of crypto isn't humans clicking "Confirm."
It's agents executing on your behalf.
But here's the problem: every AI agent today asks you
to hand over your private keys. That's not autonomy —
that's surrender.
Claw is built differently:
🔐 Key-sharding — no single point of failure, not even us
🤖 Policy-driven controls — agents act within limits you define
🛡️ Anti-phishing at the wallet layer — not your job to spot the scam
⛓️ Multi-chain, gasless, swap-routed across the best DEX aggregators
The agent economy is coming.
The wallets we use today weren't built for it.
Claw was.
→ https://t.co/VCtPbCBwoD
#AIAgents #Web3 #CryptoWallet #DeFi
https://t.co/YONjwrRxvA
Tweet 12/12
📄 Full technical write-up:
https://t.co/vH07LtpBnA
CVE: CVE-2026-33654
Affected: nanobot ≤ 0.1.4.post5
For ongoing AI × Web3 security research from @BitsLabHQ, follow us 👇
https://t.co/t6gCBlx7tY
🚨 BitsLab Research: One forged email is enough to hijack a nanobot agent.
No clicks. No user interaction. No prior access.
We disclosed CVE-2026-33654 — a zero-click Indirect Prompt Injection chained with Authentication Bypass in the Email Channel.
Here's how it works 🧵👇
Tweet 11/12
Architectural takeaway for every AI Agent framework:
Email, Webhooks, RSS — any async channel — cannot rely on claimed identity. They need cryptographically verifiable signals at the boundary.
Trust must be earned at the door, not inherited from a header string.
Root cause stack:
🔴 Data structure ambiguity (supplemental vs full)
🔴 Fixed-offset parsing without flag validation
🔴 No binding between amounts and proof hash
Bridges aren't only vulnerable to logic bugs anymore. The next frontier is semantic mismatch between source and destination chains.
Stay safe on-chain.
🚨 INCIDENT REPORT — Verus-Ethereum Bridge
$11.58M drained in a single transaction.
ETH 1,625.37 · tBTC 103.57 · USDC 147,658
Not a signature bug. Not a reentrancy.
It was a data-structure ambiguity that let the attacker walk through proof verification untouched.
BitsLab breakdown 👇
The attacker took it one step further.
They crafted the trailing reserveTransfers bytes so that — when the contract misreads them at the wrong offset as "hashReserveTransfers" — the value matches:
keccak(serializedTransfers)
= 0x00a37ecd...3d964581
Verification passes. Funds released.
Last Seen Users on Sotwe
Planeta do Futebol 🌎
Seen from Brazil
شهودة
Seen from Italy
ASUPAN RANDOM ENAK😁
Seen from Indonesia
QUÊ TRAI
Seen from Vietnam
𝑵𝒊𝒉 𝑻𝒉𝒆 𝑺𝒖𝒄𝒄𝒖𝒃𝒖𝒔 VA🎙️🔞
Seen from Brazil
Hot Vids (18+)
Seen from United States
Cuckold PlayGround
Seen from Turkey
Aunty Lover
Seen from India
Kumpulan Bacol
Seen from Indonesia
Çanakkale çift
Seen from Germany
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers