Olivia
Online
Jasper | Neodyme
@JasperCPS
Co-founder @Neodyme. CTF @allesctf. Algorithms and complexity theory nerd. Opinions my own.
I break blockchains for fun and profit.
Berlin, Germany
Joined November 2022
637 Following
594 Followers
385 Posts
Solana was built for security. As the ecosystem scales, so does our investment in the tools, standards, and support.
Today that commitment deepens with a new security program, active monitoring, formal verification for top protocols, and a new crisis response network.
Learn more 👇
Alongside STRIDE, the Solana Incident Response Network (SIRN) is now live. A membership-based network of security firms for real-time incident response across the Solana ecosystem. Available to all protocols. Prioritized by TVL.
Founding members: @asymmetric_re, @osec_io, @neodyme, @multisig and @zeroshadow_io
https://t.co/qYBMCup9i6
Who to follow
Neodyme 
@Neodyme
We secure software with deep-dive audits, cutting-edge research, and in-depth trainings.
Secure your solana program with Riverguard @ https://t.co/VmxVHzx2U2 🏞️💂
Jarry Xiao
@jarxiao
co-founder @ellipsis_labs
Soju 燒酒 | Meteora
@0xSoju
Co-Lead @MeteoraAG / @BedrockFndn Prev @JupiterExchange | The Ticker is $MET
Small update on the unfolding Drift timeline: as surfaced in other threads (eg https://t.co/Rpv6VgfcRW), the malicious proposal and execution were nonce transactions (those can be signed offline and not immediately submitted to the network).
The thing about nonce accounts is, that they have an authority set.
So we can go look on-chain to find nonce accounts that are configured to work with any of the new and old drift multisig members. When we do that with dune, we find *three* nonce accounts:
One created March 31st, used in exploit for 6UJb, member of new multisig:
https://t.co/QvxRnvOMK1
And two created March 24th. One used in exploit for 39Jy, member of old multisig: https://t.co/ETvP0Ytb3C
And one NOT used in exploit, for a key in old multisig 45cZ...: https://t.co/AZ1GheaGt8
This can be an indication that they were prepared to attack the old multisig before the migration happened.
There are two additional nonce accounts created by the same authority as the above three, that seem also related to the attack but are not multisig members.
You also don't have to set up the nonce account before signing a transactions. It is perfectly possible to keep that also stealthy, and only create the nonce account once you are ready to submit the transaction. But it appears the attacker didn't do so, and thus "leaked" all keys he wanted to be able to create offline transactions for.
Drift Protocol on Solana just got drained. It's looking like a multisig member compromise -- and the story starts at least a 20 days before the attack. Here's the breakdown:
Excellent discussion on the current and future landscape of Solana auditing. Thank you @mikemaccana!
We spoke with Marius at @Neodyme - auditors for Anza, Jump, Marinade, Drift and more - on the past and future of Solana program security.
Most descriptions of the hack floating around on twitter were incorrect or incomplete. Here's what actually happened.
@GMX_IO V1 has been hacked. Here is how:
Meet our colleagues at the "Festival der Zukunft" at @DeutschesMuseum in Munich. Don't miss our talk on July 3 at 4pm!
Check it out here: https://t.co/ZNDrI2NmOj
Part 3 of our Riverguard series is out!
We're looking under the hood at the "fuzzcases" Riverguard uses to catch real-world bugs in Solana smart contracts.
Still shocked how often some of these pop up.
Check it out 👉 https://t.co/5WkvxEz0oU
From iframes and file reads to full RCE. 🔥
We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit.
👉 Read the full write-up here: https://t.co/Qa5Beuuncr
Interested in learning about Windows exploitation?
This August, join us in Las Vegas for an intensive, hands-on 4-day DEFCON training:
Binary Exploitation on Windows, led by Felipe and Kolja!
🗓️ When: August 9–12, 2025
📍 Where: Las Vegas Convention Center
About to touch some snow
Neodyme about to go downhill (but just on these Utah slopes) ⛷️
Catch one of these guys at mtnDAO v7 to get your Neodyme beanie.
🔎Digging deeper into COM hijacking!
In Part 3, we explore two new vulnerabilities:
🗑️ Webroot Endpoint Protect (CVE-2023-7241) – SYSTEM via arbitrary file deletion
📥 Checkpoint Harmony (CVE-2024-24912) – SYSTEM via a file download primitive
Read more: https://t.co/rDNGUg89Lc
Your laptop was stolen. It’s running Windows 11, fully up-to-date, device encryption (BitLocker) and Secure Boot enabled. Your data is safe, right? Think again! This software-only attack grabs your encryption key. Following up on our #38C3 talk: https://t.co/8Wbrhqi0iG
Following our #38c3 talk about exploiting security software for privilege escalation, we're excited to kick off a new blog series! 🎊
Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking: https://t.co/5ne5FBggZl
Slides for our talk "The Key to COMpromise" (AV/EDR privilege escalation) are on GitHub.
If you want to discuss this stuff, you can find @__k0lja or me at the CTF area of 38C3
https://t.co/tugYdK8TYa
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers