samod_•

A 25 year old just turned $225 million into $5.5 billion in 12 months. Here’s exactly what he bought. Leopold Aschenbrenner got fired from OpenAI in April 2024. He spent the next few months writing a 165-page thesis predicting AGI by 2027. Then he launched a fund and put his money where his thesis was. He bought zero Nvidia. Zero Microsoft. Zero Google. Zero Amazon. He bought what AI actually runs on. Bloom Energy (BE), power infrastructure for data centers. Up 1,422% in one year. Lumentum (LITE), optical components that move data between chips. Up 1,331%. Sandisk (SNDK), storage. Up 3,130%. CoreWeave (CRWV), GPU cloud infrastructure. Up 166%. Iris Energy (IREN), AI computing and data centers. Up 583%. The thesis was simple: every AI company needs energy, bandwidth, storage, and compute. Nobody was buying those. Everyone was buying the AI companies themselves. He was right. His fund now manages $6 billion. Backed by Patrick and John Collison of Stripe and former GitHub CEO Nat Friedman. I’m adding this to my watchlist. Every time he files a new 13F, we will break it down here. Turn on notifications so you don’t miss the alert, this is VERY important. Many people will wish they followed us sooner.

A 13 year old kid from Shenzhen spent his entire winter break in his bedroom while every classmate was outside playing. He sat in front of a MacBook Air for 21 days straight watching Claude tutorials and trying to copy what he saw on screen. By the end of the break he had built his own AI agent that solves Codeforces problems in 45 seconds each. He uploaded the whole thing to a public GitHub repo on the last day of vacation. README in broken English. Description: ai agent solves codeforces fast for me. Watched it sit at zero stars. Went back to school the next morning. While the West argues about whether AI will replace coders, China is already letting 13 year olds publish working agents on GitHub between school terms. He thought he was building a homework helper. He just showed too much. Six months later his computer science teacher opened his GitHub profile to check on a class assignment. The repo the kid had pushed at the end of winter break had 3,100 forks. The teacher clicked through to one of the forks and found a wallet sitting at $4,526,176. 432614799197. $4,526,176 profit. Joined January 2026. → https://t.co/Xv5TKvZUvu A 27 year old developer in Singapore had cloned the kid's repo, swapped the Codeforces plugin for a sports betting one, pointed Claude at Asian bookmaker odds and walked away. Six months of green logs later he posted the profit curve to a small dev forum with one line of caption: I did not write a single line of this code. The original repo was a kid's homework project. Dev Twitter exploded. 180K views in 24 hours. Everyone asking for the GitHub link. Everyone wanted to know who wrote the original. The Singapore guy told them. That was the mistake. Pause at 0:08 of his demo video. Look at the contributor name in the top right of the GitHub page. That contributor is 13 years old. The comment section turned into a detective board. Someone slowed the demo to 0.25x. Someone else opened the original repo and pulled the contributor history. A third guy traced the contributor's other commits and found a school programming contest entry from Shenzhen Number 4 Middle School with the same username. The kid had won third place. The judges wrote that his project was creative but had no real world application. The Singapore guy is still running the script. 4,548 trades since January. All sports. Across six leagues. NFL, Premier League, Champions League, La Liga, Ligue 1, NHL. Biggest single win on the wallet: $1.5M. From one football match. The repo is not the product. The repo is the noise. The real engine is what the kid built and the judges missed. Asian bookmakers post lines 2 to 3 hours before Western platforms update. Shanghai moves before London. Beijing moves before New York. By the time American traders open their laptops the gap is already closed. The Claude agent catches every one of them while the West is still asleep. The kid wrote the script over winter break. The Singapore guy cloned it for free. The market gave back $4.5M. The Singapore guy deleted his post when he realized what he had revealed. Too late. The repo had already been forked 3,100 times. Someone in the kid's school recognized the username. The kid still has not made a single dollar from the script. The terms of service on his GitHub account say he is not allowed to sell anything. He is too young. The teacher who opened the profile to grade homework closed the laptop and called the principal instead. Before the post got buried, one reply got pinned: the smartest builder in this story is the one who is not allowed to use what he built.

There is something about Nigeria 🇳🇬 that someone needs to research: its ability to elicit speech in non verbal autistic children. A friend just told me about her 5 year old daughter, who had never uttered a word while they were in Canada. However, after just few months in Nigeria

There's a physicist at Stanford named Safi Bahcall who modeled this exact principle and the math is wild. He calls it "phase transitions in human networks." When you're stationary, your probability of a lucky event is limited to your existing surface area: the people you already know, the places you already go, the ideas you've already been exposed to. Your opportunity window is fixed. When you move, your collision rate with new nodes in a network increases nonlinearly. Double your movement (new conversations, new cities, new projects) and your probability of a serendipitous encounter doesn't double. It roughly quadruples. Because each new node connects you to their entire network, not just to them. Richard Wiseman ran a 10-year study at the University of Hertfordshire tracking self-described "lucky" and "unlucky" people. The single biggest differentiator wasn't IQ, education, or family money. Lucky people scored significantly higher on one trait: openness to experience. They talked to strangers more, varied their routines more, and said yes to invitations at nearly twice the rate. The "unlucky" group followed the same routes, ate at the same restaurants, and talked to the same 5 people. Their networks were closed loops. No new inputs, no new collisions. Luck isn't random. Luck is surface area. And surface area is a function of movement. The lobster emoji is doing more work than most people realize. Lobsters grow by shedding their shell when it gets too tight. The growth requires a period of total vulnerability. No protection, no armor, soft body exposed to the ocean. That's the cost of movement nobody posts about. You have to be uncomfortable first. The new shell only hardens after you've already moved.

North Korea has stolen $6.75 billion from Silicon Valley and nobody knows how to stop them. And just last week, they pulled off one of the most insane heists in tech history... A North Korean intelligence unit created a FAKE quantitative trading firm: - Built a website - Printed business cards - Showed up at crypto conferences across multiple countries - Shook hands with founders - Had real conversations about strategy and partnerships They didn't rush anything. They spent 6 months building relationships. They deposited a million dollars of real capital into the protocol to look legitimate. They collaborated on shared code repositories. And they even distributed what looked like a normal wallet app through Apple's TestFlight. Then one night they flipped the switch... They exploited access they'd quietly gained over months, removed withdrawal limits, and drained $271 MILLION from almost 20 vaults. USDC, USDT, wrapped Bitcoin, wrapped Ethereum. Everything converted and moved from Solana to Ethereum within hours. Split across wallets. Gone. CoinDesk confirmed it was a North Korean state operation. But the Drift hack is just the latest example of something much bigger: North Korea stole $2 billion in crypto in 2025. A 51% increase from the year before. They were responsible for 76% of ALL crypto service hacks globally. And they pulled it off with 74% fewer attacks. Fewer attacks. Way more money per hit. Each operation more patient and more devastating than the last. Their playbook has evolved past anything the industry expected. North Korean operatives now embed themselves as fake employees inside Western tech companies. They've shifted from applying for jobs to posing as RECRUITERS for crypto and web3 startups. They run fake technical screenings where they steal credentials, source code, and establish remote access to internal systems. They sit in Slack channels. Attend standups. Review pull requests. For months. Then they strike. And it's spreading beyond crypto too: This same week, North Korean hackers compromised Axios, an open-source software package used by thousands of American companies. Hijacked a developer's account and pushed malicious updates to every organization that downloaded the software during a 3 hour window. Security experts say the damage could take months to unravel. Mercor, the AI recruiting startup valued at $10 billion that works with OpenAI, Anthropic, and Meta, confirmed it was also caught in a related supply chain attack. The money funds North Korea's nuclear weapons program, missile development, and regime. Silicon Valley is literally financing Pyongyang's warheads and doesn't even realize it. Security researchers keep saying the same thing: "We may be seeing only the most visible portion of their activities." If the attacks we know about total $6.75 billion, what's the real number? North Korea has turned tech theft into a national industry. They train operatives for years. Build fake companies. Play the long game. And every time the industry catches up, Pyongyang evolves. The most sophisticated state-sponsored theft operation in history is happening inside the ecosystem that's supposed to be building the future of finance. What do you think?

A First Bank employee named Tijani Muiz Adeyinka worked on the electronic products team. His job gave him legitimate access to process reversals for customers. He used that access to credit merchant accounts with money that was not theirs. The fraudulent postings went to his wife's Zenith Bank account first. From there to 34 other accounts. Which then spread to 1,190 secondary accounts across multiple banks. By the time First Bank noticed and reported it to the Nigeria Police Force on March 25, 2024...the figure had grown from ₦12 billion to ₦40 billion. He was already on the run. Three court orders across Lagos and Jalingo were obtained to freeze accounts. Some of the money had already been converted to USDT through crypto traders. This is what insider fraud actually looks like in Nigerian banking. Not a dramatic hack. A staff member. A privileged function. No second authorization required. If your system allows any single person to trigger financial transactions without a second approval layer that is your vulnerability. Segregation of duties is not bureaucracy. It is what stands between your system and ₦40 billion walking out the door.

The most insane long game hack of all time! North Korea built an entire trading firm Conference passes In-person meetings Multiple countries Half a year of Telegram messages and working sessions Even $1M of their own capital deposited to look legitimate Then when all the pieces were in place they stole $280M Drift just released the full incident background and it’s wild! Fall 2025: A "quant trading firm" approaches contributors of Drift at a major conference. They Follow up in person across multiple countries. Technically fluent. Verifiable backgrounds. Typical trust building stuff. December-March: They onboard a real Ecosystem Vault and attend working sessions They even deposit $1M to further build ‘trust’ The long con had set in and by early 2026, these weren't strangers anymore They had now built a 6-month working relationship Then they share some repos which is routine stuff The attack vector: a VSCode/Cursor vulnerability flagged by the security community throughout late 2025. Opening a file was enough. Silent code execution. No prompt. No warning. Nothing. The moment the exploit fired, every Telegram message and trace of malware was scrubbed clean No record or trace left Every team managing meaningful TVL is a target and no one is safe from professional jobs such as this Six months of infiltration and a trusted relationship, not just a sketchy email link The bug is patched but the real attack vector was the relationship and patience How do you protect against that? 🤯

🚨A group of North Korean hackers possibly exploited a VSCode/Cursor vulnerability to steal $285M. > they posed as a trading firm for 6 months > met the devs at a conference > deposited $1M+ to build trust > shared repo that likely compromised a contributor > Cursor sets Workspace Trust off by default > opening a cloned repo auto-executes a malicious .vscode/tasks.json. no click. > VSCode asks you if “you trust the authors of this project”, and you likely said yes every time > Cursor has this setting disabled “to prevent confusion between Workspace Trust’s ‘Restricted Mode’ and Cursor’s ‘Privacy Mode’ > still not fixed. TO BE TRANSPARENT, Drift’s forensic investigation is still ongoing and VSCode/Cursor is mentioned as “one possibility”, but the risk is real and if you’re a dev using Cursor with default settings might need to look into this and enable WT.

Let's spend coffee time playing a little wargame in which the US decides to take on Iran and commit to a full war against it Look at this map. Where could the US stage an invasion of Iran? To Iran's east, you'll find Pakistan, Afghanistan, and Turkmenistan. A big triple no. To Iran's south: the Persian Gulf which it completely dominates. No good. To Iran's west: Iraq and Turkiye. The first a definite no, the second, a no so probable it must be considered a certain. Turkiye will not go to war with Iran for the US and Israel - a war not only sure to decimate it, but a war Turkich people will be fanatically against. To Iran's north is the Caspian Sea. No use. Azerbaijan and Armenia present an opening, but how will hundreds of thousands of NATO soldiers get there (let alone undetected)? If they go by sea, they will need to traverse the Mediterranean and the Black Sea and virtually physically go through Istanbul. Not only politically complicated, but a long long journey that gives Iran tons of time to prepare. Remember the months and months the US took to amass forces for the Iraq invasion? It took 6 months or so - with no interruptions. The problem is, with Iran, there's no way they're going to simply build up forces near the designated target's borders. Iran has an arsenal of hundreds of thousands of guided and precise ballistic missiles, satellites in space and eyes almost everywhere. If a war is declared or started, every American asset within 0-3000 kilometers of Iran's borders will be bombarded so viciously no missile defense system will be able to stop it. And all those dozens and dozens of American bases scattered throughout the vast area surrounding Iran? How will the US defend them under an attack on a scale of 1000 October 7th's combined? Additionally, Iran has the most sophisticated anti-ship missiles in the world (Russia's Yakhont), of which it probably has thousands by now. This means no surface ship is going to be able to come close enough to Iran to make it an effective striking weapon (is this going to be the first time we get to see an aircraft carrier drowning? I believe potentially yes). The US will have to rely on air superiority, but this is going to prove a very difficult, almost impossible task. US planes will have to fly a long way to get to Iran (and back), and it has invested massively in air defense systems, including some of the most sophisticated in Russia's arsenal. The US will lose many planes which will take years to replenish, and Iran will be able to target with ballistic missiles and drones all the bases from which they take off in Europe or the Middle East. Another tool the US will use is cruise missiles fired from submarines: but this, too, does not win wars, and can be costly against a rival that prepared for this. A full-scale invasion of Iran will require potentially millions of soldiers and will take years. The West is simply incapable of an effort of this kind: where will they find millions of young men willing to die at sea in order to occupy a country thousands of miles away? Today? Give me a break. All this time the Iranians will be defending their home and their independence. The West will be trying to colonize and destroy them. They will have Gaza on their minds. - I didn't mention Israel because it is virtually irrelevant in this war. Hizbullah alone is enough to paralyze it and keep its military busy for months. - Bonus point: think about what happens to energy prices in an actual war with Iran. 500$ for an oil barrel? 1000$? 2000$? All is possible. Guess what country will remain the biggest international producer and exporter of oil and gas, and rip all those extra many, many trillions. You guessed tight. Russia. If the Persian Gulf is up in flames, Russia will become a global economic superpower (at a time when the US is dwindled militarily and economically and cannot even fake a military threat against it). - Another bonus point: you think Iran cannot, or will not attack on American soil? Think again. From cyber attacks to large-scale, professional, military-level sabotage and guerrilla warfare, in a war with Iran life in the US will definitely not be business as usual, and not only because inflation will be something 200%, and thousands of dead soldiers will return home in coffins every month for a long time. - The US cannot win a war against Iran. And I believe all parties involved know it. The only thing that remains unknown is how insane and self-destructive the US has become under Netanyahu's and AIPAC's, how shall we call it, influence

Nigeria is ranked #1 in global USDT and USDC ownership. Not the US. Not the UK. Not Singapore. Nigeria. 59% of Nigerian crypto users hold USDT. 48% hold USDC. More than any other country surveyed. India is third. Brazil close behind. The reason is obvious once you see it: in countries where local currency loses 20–40% of value annually, stablecoins aren't a crypto product. They're a savings account. A dollar-denominated store of value that doesn't require a US bank account. Here's what the data doesn't show: most of those stablecoin holders can't use their USDT to buy anything. No merchant acceptance. No subscription billing. No automatic payment. No way to pay a supplier. They hold the dollars. They can't spend the dollars. They convert back to fiat every time they need to transact. The gap between stablecoin adoption and stablecoin utility is most visible not in San Francisco or Singapore. It's in Lagos, Jakarta, São Paulo. $308B in circulation. The people who need stablecoin commerce most have the fewest tools to access it. That's not a distribution problem. That's an infrastructure problem. The rails exist everywhere. The billing layer doesn't exist anywhere. That's who we're building for.

Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers. This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution.

‼️🇳🇬 A massive breach allegedly from Remita, a major Nigerian payment processing platform, has been leaked on a popular cybercrime forum. ▪️ Total Size: ~3TB of S3 storage ▪️ Data Includes: 800GB+ of KYC documents (IDs, passports, photos, bank statements, electricity bills), MySQL/Postgres databases, logs, docker registries, source codes, government HSM keys, GitKraken to S3 backups ▪️ Source codes, 35,000+ password hashes, and three databases