Every attack was designed to eliminate the inspection step.
The credible pitch, the polished docs, the live call — all of it exists to make running the code feel like the obvious next step.
It wasn't. It was a trap.
Inspect before you execute. Every time.
https://t.co/zTTEjFtFJd
In the past month, 5 separate actors posed as blockchain clients or recruiters and tried to compromise my machine.
3 were confirmed malicious by Upwork Trust & Safety.
2 came through LinkedIn with zero platform detection.
All 5 used the same playbook. 🧵
How to protect yourself:
unzip -l https://t.co/7vJNlZrYTr — read-only, no extraction
Read package.json scripts first — prepare fires on npm install
npm view [package] — check publish date and maintainer
Don't share your screen with unverified contacts.
My degree didn't teach me to code.
But it taught me things that made me a better engineer than I would have been without it.
That's not a liability. That's leverage.
Full breakdown:
https://t.co/sjwSor5Jmu
I spent four years studying how humans think.
Then twenty years writing software.
For a long time I kept those two things completely separate. My degree was a curiosity. Maybe a liability.
Then I hit a bug I couldn't find. And something shifted. 🧵
When I inherit a codebase I'm not just reading code.
I'm reading the archaeology of a team.
I can tell where decisions were made under pressure, where someone left mid-project, where disagreement never got resolved.
That's useful information. It tells me where the risk is.
In blockchain, foundational mistakes are permanent.
You can't quietly patch a broken authorization model. The exploit gets forked. The bad state gets indexed. The post-mortem goes on chain.
Full breakdown on token security architecture:
https://t.co/sNz6OnVr5g
Most blockchain projects make the same foundational mistake.
They build their token to move value. Full stop.
Then 6 months in, someone asks: "How do we prove a holder is authorized to receive a distribution?"
And the answer is: "We'll figure that out later." 🧵
If you're evaluating blockchain architecture, ask any dev:
"Where does authorization logic live in your token design?"
If the answer is "in the token contract" — that's the conflation pattern. Works for simple cases. Breaks for complex ones.
That difference matters at failure.