Olivia
Online
BLOCKMAGE
@BlockmageSec
Web3 Native Threat Intelligence.
The Ether
Joined December 2022
152 Following
1.3K Followers
266 Posts
Takeaway: Automated scanners are essential for flagging capabilities, but manual verification is the only way to determine intent.
We acted quickly in hopes of preventing harms, but in this case, we were mistaken.
We've removed the post to avoid any confusion (sorry!).
Earlier today, we flagged a VS Code extension (rphlmr.vscode-drizzle-orm) based on 21 critical YARA hits from vsix-audit.
After manual inspection and deeper analysis, inspecting the .vsix, and reversing the WASM binaries, we’ve confirmed this is a False Positive.
- The SOL wallet identified was actually a character property table in the Oniguruma regex engine.
- The "Dropper" patterns were standard Emscripten/LLHTTP boilerplate.
- The "Stealer" hits were bundled dotenv and undici dependencies.
1/ I've been doing some research into how Unity Packages (similar to Node or Pip packages) could be weaponized for malware delivery
Let me tell you, it doesn't exactly look good... 🧵
Who to follow
🛡️SHIELDS 
@SH13LDS7
Security Advocate | Expose threats & teach safety | Contributor @BoringSecDAO | AI Enthusiast | Bald Black Christian Conservative Dude | Opinions are my own
Britt 📍Network School
@brittintech
probably building // learning and exploring with @theminihackers // prev @harpieio
IOC Investigations
@intell_on_chain
Professional Crypto & OSInt Investigations | Visit us @ https://t.co/JY6uEKeGxH | Urgent support +44 (0) 330 133 9852 or visit https://t.co/yz3dvkDcNX
Links:
CVE-2025-31201: Apple
CVE-2025-31200: Apple and Google Threat Analysis Group
macOS Sequoia 15.4.1:
https://t.co/t3r8hndiDn
iOS 18.4.1 and iPadOS 18.4.1:
https://t.co/su6XCE0N23
visionOS 2.4.1:
https://t.co/GY4t0NIJWu
No excuses.
These are live use, not theoretical CVEs.
Apple doesn’t push same-day cross-platform updates and delete vulnerable code unless the stakes are real.
Stay sharp. Patch everything. Watch your traffic. 🧙♂️
July 2023 #TornadoCash exit worth 1,400 ETH ($2.6M)
Exit via 100 ETH Contract, swaps for USDC, heads out over the Synapse bridge, to Polygon 0xc09d3c2 and get gambled away at @Stake. I see this fairly often when analysing TC.
Tool: @MetaSleuth
@zaingaziani @Ledger @Microsoft Sadly received two messages about this from victims today. Seems another person lost funds in just past few min.
Community Alert: There is currently a fake @Ledger Live app on the official @Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen
Scammer address
bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q
1/ An investigation into the Canadian scammer known as Yahya for their involvement in 17+ SIM swaps which resulted in more than $4.5M stolen.
@solminingpunk How else would we know what they are up to all the time?
Unfortunate but true, web3 sees security as something you pay for once prior to your contract deployment. Brand protection gets sidelined in favor of keeping hype perpetually alive. Not to mention, those who do help, very often get nothing in return, so there's little incentive for professionals, albeit rife with opportunity to improve security across the board. We hardly have a name for the position though, so it can certainly be and feel overwhelming.
That said, its always appreciable seeing the builders and the devs and security techs that are here, reaching out and making such efforts. This has been a constant in the space for years despite any market or trends otherwise. There's a sense of purpose to the whole thing because of this, and it certainly brings a level of quality and enthusiasm that you can't rightly find elsewhere.
Nice post - cheers.
@PeckShieldAlert This is another MakerDAO deposit. Now, I dont understand the exact mechanics of this, but after a bit of digging, funds seem to get withdrawn from Maker as USDC and deposited into Coinbase
https://t.co/sAI8lsi5aO
It's release time 🎃
- Responses can now be intercepted and modified
- Delete requests from HTTP History
- [Pro] Import/export your projects using our new "backups" page
- [Pro] Add shell commands to your convert workflows with the new "Shell" node
https://t.co/5zKo9NF31G
@nft_sec https://t.co/X7pRKNZq8S
or https://t.co/lcl29jLxuy
GM GMers! Tagging people who do great work in this space but I feel are not shown enough love!
Go follow ⬇️
@CryptoaaService @WoAS_Necksus @0xFantasy @0xSaiyanElite @1c4m3by @Plumferno @BlockMageSec @boringsecurity @brookejlacey @ManicalEngineer
Who did I miss? Tag them!
@PocketUniverseZ @1c4m3by @OxSaiyanGod @BlockMageSec @Plumferno @opensea @Server_Forge @1c4m3by saved me the other day 🤝 appreciate your work ♥️
Introducing the Pocket Guardians
They've already saved *hundreds* of you from dangerous websites
Here's a quick intro ⬇️
3/
- @1c4m3by is a security researcher who's already blocked hundreds of scams
- @OxSaiyanGod is a security researcher from @BlockMageSec
- @plumferno works at @opensea's trust & safety team and founded @Server_Forge
Last Seen Users on Sotwe
Doo..หมีมั้ย
Seen from Thailand
Türk jartiyerli Porno - Türk Jartiyerli Sex
Seen from Turkey
🔞 66CHIVAS 🔞
Seen from Germany
Ayamjantanxayambetina
Seen from Malaysia
เป็นอีกปีที่เก่งเติบโตแข็งแกร่งไปอีกขั้น
Seen from Thailand
كُـُـ‘ـآســࢪة التـ‘ــآريـِـِِـِـخ 🥂
aunty Solo
Seen from India
ArdiyansyahPutra
Seen from Indonesia
نوره
Seen from Jordan
Nicole🔅
Seen from Canada
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.5M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.7M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers