John

You were taught crypto very poorly. Public blockchains are global supercomputers. Anyone anywhere in the world can run a program on them and anyone in the world can use the program. Bitcoin supercomputer only runs the Bitcoin ledger. Solana supercomputer can run any Rust program. SUI supercomputer can run any Move program. Ethereum supercomputer can run any Solidity program. The supercomputers are constructed as a distributed set of nodes all around the world and are connected via physical networks to act as one. To stop the supercomputer you have to stop all the nodes all around the world. To run programs on the supercomputers requires gas tokens or "native" tokens to the particular supercomputer. To use the programs the user requires these tokens. These tokens are public and can be used as currency on the supercomputers. Examples of "native execution network" tokens are $BTC, $SOL, $SUI, $ETH. Note: No different from running a AI LLM supercomputers which also requires tokens to run but LLM tokens are not yet tradable or public and represent one word of a AI query. Bitcoin does not have the ability to run arbitrary programs, it only runs the Bitcoin ledger. This means it is not an "execution network". An "execution network" can run arbitrary programs that represent functionality or other token ledgers. Solana, SUI and Ethereum are examples of "execution networks" and are typically called Layer 1 execution networks because they can execute user programs. Now understand all other "tokens" or "crypto" are just programs running on one of these "execution network" supercomputers. StableCoin like USDC or USDT are just programs running on each of the supercomputers. Defi applications and DEX's are just programs running on the supercomputers. Meme coins are just programs running on an "execution network". Anyone can run a program and anyone can use the program. Now you can imagine how these global supercomputers that store and run programs will be used by everyone, institutions and governments will run everything on them and an entire agentic infrastructure will use them. Start to learn what crypto really is. Understand you were PURPOSEFULLY taught it incorrectly. You were the early testers of the supercomputers. Everything we see in crypto today can be thought of as a test. Together with AI these supercomputers will run the world.

A security researcher just documented a large-scale counterfeit Ledger Nano S Plus operation selling compromised devices across multiple online marketplaces. The fake units look identical to the real thing but contain completely different hardware. Instead of Ledger's secure element chip, the counterfeits run an ESP32 microcontroller with modified firmware labeled "Nano S+ V2.1." Seeds and PINs are stored in plain text and transmitted to attacker-controlled servers. Any wallet initialized on the device is drained. The operation goes beyond the hardware. The sellers also distribute a fake version of Ledger Live built with React Native and signed with a debug certificate. It intercepts transactions and exfiltrates sensitive data to multiple command-and-control servers. The campaign spans five attack vectors: compromised hardware, Android APKs, Windows executables, macOS installers, and iOS apps distributed through TestFlight to bypass App Store review. This comes days after ZachXBT documented a separate fake Ledger Live app that made it through Apple's Mac App Store review process. That operation drained over $9.5 million from more than 50 victims, including musician G. Love, who lost 5.92 BTC after entering his recovery phrase into what he believed was the legitimate app. The pattern is clear: the attack surface for hardware wallet users has shifted from firmware exploits to supply chain and distribution fraud. The devices themselves remain secure. The problem is that users are being intercepted before they ever touch a real one. Ledger's own "genuine check" feature can be bypassed when the hardware itself is compromised at the source, which makes where you buy the device as important as how you use it. The rules haven't changed, but they've never been more important: buy hardware wallets only from the manufacturer. Never enter your recovery phrase into any software. If a companion app asks for your 24 words on a screen, it's a scam. Every time.

BREAKING: Bitcoin developers have proposed BIP-361 to freeze early Bitcoin addresses that have quantum vulnerabilities. This includes Satoshi wallets and other OG dormant wallets from the 2010-11 era. It's a big step, as these wallets hold over 4M BTC and are at high risk from future quantum computing attacks.

🚨NORTH KOREA JUST PULLED OFF THE MOST TERRIFYING HACK IN CRYPTO HISTORY.. AND IT TOOK THEM 6 MONTHS OF PATIENCE.. They didn't send a phishing email.. They didn't exploit a smart contract.. They built a relationship.. Fall 2025.. A "quant trading firm" walks up to Drift contributors at a major crypto conference.. In person.. Face to face.. Real conversations.. They followed up across multiple countries.. At multiple conferences.. Technically fluent.. Verifiable backgrounds.. Professional networks that could withstand scrutiny.. A Telegram group was set up.. Months of real conversations about trading strategies and vault integrations.. The kind of stuff that's completely normal in crypto.. December to March.. They onboarded a real Ecosystem Vault on Drift.. Filled out the forms.. Attended working sessions.. Asked detailed product questions.. Even deposited over $1M of their own capital.. One million dollars.. Just to build trust.. By early 2026 these weren't strangers anymore.. They had a 6 month working relationship.. Drift contributors had met them in person multiple times.. At multiple conferences.. In multiple countries.. Then they shared some repos and tools.. Routine stuff.. Things trading firms share all the time.. The attack vector was a VSCode and Cursor vulnerability the security community had been flagging since late 2025.. Opening a file was enough.. Silent code execution.. No prompt.. No warning.. No permissions dialog.. Nothing.. $280 million.. Gone.. The moment the exploit fired.. Every Telegram message was wiped.. Every trace of malware scrubbed clean.. No record left.. And here's the part that should keep every founder up at night.. The people who showed up at those conferences weren't even North Korean.. DPRK threat actors use third-party intermediaries for face-to-face meetings.. The people you shook hands with were hired to be trusted.. Six months of fake identities.. Real conferences.. Real meetings.. Real money deposited.. All for one moment.. The bug is patched.. But the real attack vector was never the code.. It was the handshake.