Olivia
Online
Fantasy
@0xFantasy
Intel @DoppelHQ, Investigations @Fairside, Contributor @BoringSecurity
news: t.me/fable_n
Joined October 2021
1.4K Following
1.6K Followers
661 Posts
@coffeebreak_YT @MoistCr1TiKaL the original researcher didnt even find the true api endpoint that was the issue lol
https://t.co/MlYxrvs19i
However, I wasn't fully satisfied with this simple find. Searching through the front end code of the site, I was able to identify an undocumented API endpoint: api/auth/customer-info
Querying this endpoint with the internal user ID from my test sign up showed all of my data including plaintext password
https://t.co/g9ZyCyzThO
🧵 Trump Mobile exploit was way worse than everyone thought. A straight up GOD MODE api endpoint was available for anyone to use to pull back full customer data including plaintext password
Tump Mobile is currently leaking customer information, including full names, shipping addresses, emails, and more
A security researcher contacted @coffeebreak_YT to make him aware of the vulnerability. The researcher has contacted the Trump Mobile team about a responsible disclosure, but hasn't heard back yet
Spot checking random user IDs that previously were unknown returned real user data including plaintext password, phone IMEI, connection/disconnection dates, user generated PINs, and more.
Full blog post below
Who to follow
Chinmay Farkya 
@dev_chinmayf
Security Researcher @cantinaxyz
Jon_HQ
@Jon_HQ
Security, Marketing, Community
My clients include @Circle, @Aptos, @JupiterExchange, @AbstractChain, @Berachain, and many more
DM me for a Discord audit.
Jacob H.
@lukenamop
I'm a Discord security specialist (auditor & builder). I also develop Discord bots like Server Supervisor. Schedule a call: https://t.co/hGqswIV1WW
im waiting for the craziest new iteration of click fix to pop up based on this
‼️🚨 ALARMING: Google now treats privacy as suspicious behavior by default. Users of GrapheneOS, CalyxOS, /e/OS, and other deGoogled Android phones are being locked out of millions of websites unless they install the exact Google Play Services software they deliberately removed.
GrapheneOS is recommended by the EFF and used by journalists, lawyers, and activists in high-risk environments. The audience most likely to read Google's data practices and refuse its terms is now flagged as fraudulent for that exact decision.
What happened?:
▪️ Google announced "Cloud Fraud Defense" at Cloud Next on April 22-23, 2026, branding it "the next evolution of reCAPTCHA." Existing reCAPTCHA customers were auto-migrated.
▪️ When the system flags traffic as suspicious, the old click-the-bus puzzle is gone. Users get a QR code instead.
▪️ Scanning the QR code requires Google Play Services running on the device. Internet Archive snapshots show this requirement has been live since at least October 2025, silently rolled out for 7 months before anyone noticed.
▪️ No Play Services = no QR scan = locked out.
The bigger picture:
▪️ Google already tried this in 2023. It was called Web Environment Integrity (WEI), and it would have let Google decide which devices were "real enough" to access the web. Standards bodies and the public pushed back hard, and Google killed it. Three years later, the same idea is back, just hidden behind a QR code instead of a browser feature.
▪️ reCAPTCHA runs on millions of websites. Every developer who keeps using it is now, by default, telling deGoogled Android users they're not welcome...
@bax1337 everyone who i saw posting about this was constantly leaking their order IDs lol. theres a reason i was instantly blocked when i called him out
https://t.co/kG6kL63BUR
@PerpetualCow casually leaking your users order ids
@ctrlaltintel i welcome you to explore the rabbit hole of FTID services
@JFrogSecurity is the Targeted Local Paths ioc list exhaustive? i find it interesting they only target claude and kiro (which ive never heard of until now). no codex, cursor, or windsurf?
https://t.co/3vIHs3Xgs4
@NeerajKA keeps deleting his replies so here’s my response to his series of excuses for Circle.
CIRCLE is responsible for the things it builds and the decisions they make and the people they provide services too.
Just like every other person and company in this space.
In this situation EVERYONE ELSE ACTED to the respond to the incident and take the steps THEY COULD to mitigate the harm.
Not because they were forced to. But because they could and they don’t want the hackers to fucking win. That’s the fucking difference and why Circles actions are fucking unacceptable. They could. Not only can they—they have a bigger staff and more money than every other one of these teams. And they chose not to.
A lot of bridges can’t freeze. But they can block on the frontends or APIs. They can refuse to process transactions that are 100% stolen funds. AND IN THIS CASE EVERYONE DID EVERYTHING THEY COULD.
EXCEPT CIRCLE.
The frontends blocked. The bridges limited the SOL->ETH routes temporarily. The people who could freeze froze. Drift and Squads and security experts worked instantly to identify and contain the threat and ensure no further loss could be realized—to Drift AND to others.
The only ones who sat and did NOTHING was Circle. They watched. As people alerted and worked together and said FUCK YOU to the hackers and tried to stop them, Circle sat in their ivory tower and said FUCK YOU to all the innocent people impacted.
CIRCLE has decided that they don’t want to work together to make the world better. Fuck that.
CIRCLE fucking CHOSE to keep servicing blatant fucking stolen funds via their stablecoin, their bridge, their frontend, their apis, their servers. For fucking HOURS. And then they made excuses for not acting after.
No. That’s unacceptable. You are responsible for your actions. You don’t get to make excuses when you fuck up. Own it and be better or literally get the actual fuck OUT.
@tayvano_ never thought i'd catch myself on the side of tether😭 blows my mind how consistently circle/usdc has dropped the ball
@buda_kyiv @sumsub @SmartEnginesLLC im amazed this finally came out. i identified this breach all the way back in november 2024 when we thought it was Blofin directly instead of their KYC provider, Sumsub
https://t.co/ybEVKGg3dI
There is potentially a significant, undisclosed data breach affecting @BloFin_Official customers
Specifically:
⁃ customer KYC data (name, address, SSN, email, phone number, scans of passports/DL/etc)
⁃ support, account recovery, and liveliness videos
@pcaversaccio this is interesting. how is it possible there are three entirely different dates present in the github ui and the raw git patch?
July 8 1983
July 8 2019
Sept 17 2001
1/ Welcome to the Circle $USDC files.
$420M+ in alleged compliance failures since 2022, including fifteen cases of the US-regulated stablecoin issuer taking minimal action against illicit funds.
Drift has been hacked. Lots of confusing information going around. I've taken a look at what's actually happening.
The core attack sequence is just 3 transactions:
1. Create a new Drift User Account:
https://t.co/9B4CRorZzE
2. Deposit 500 Million "CVT" into Drift as collateral:
https://t.co/Sr37jul3zB
3. Withdraw Millions of real assets against the provided collateral:
https://t.co/FytexVbQ2i (and later transactions)
Now, as it turns out, this CVT token was just created a few weeks ago. The core question: How did it become accepted collateral within Drift?
Last Seen Users on Sotwe
Nico Leevien
Seen from Saudi Arabia
Penikmat Stw Umur 50 ke Atas🥰🤤
Seen from United States
Jilbabsekitar
Seen from Turkey
แม่ยาย คนสวย
Seen from Thailand
ibrahim
Seen from Turkey
Kerudung Dusta
Seen from Singapore
jayzi
Seen from Indonesia
genghis
Seen from France
Alejandrina Manalang
Seen from Singapore
José Bailon
Seen from Brazil
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers