Olivia
Online
Ethnical
@EthnicalInfo
Sec Engineer at @OPLabsPBC 🔴
MemPool
Joined June 2014
588 Following
1.4K Followers
1.4K Posts
Pinned Tweet
📢 Exciting news! Check out our latest blog post on the MevSec website where Fadam shares his experience finding a Denial of Service vulnerability in Geth (running GraphQL node).
Happy reading hunters! 🔥
https://t.co/zNZXMWnX6n
#GraphQL #Geth #CVE_2023_42319 #DoS
it's really crazy that layerzero doesn't have some redundant sanity check and allows to bridge 116,500 rseth from a chain with a supply of 49
anyway here is my investigation https://t.co/4J0f7fscck
@UltHackKeyboard when a v3?!
@nasm_re @d0llcorps3 Oh meeerci! Ca date :)
Super happy to be there!
Let’s continue to make this space safer!
Now, the moment you've been waiting for, the new ETHSecurity Badge recipients:
@tjade273
@thebensams
@ethzed
@vwuestholz
@alexberegszaszi
@julianor
@tomer_ganor
@infosecual
@ethnicalinfo
@bax1337
@trooocher
@devtooligan
@0xRajeev
@k_besic
@feliam
@Mudit__Gupta
@alcueca
@LewellenMichael
@vnmrtz
@jgorzny
@kirkthebarid
@kelvinfichter
@btchip
@soispoke
@terencechain
@isaacpatka
@merkleplant_eth
@DicksonWuML
@Buda_kyiv
@JoranHonig
@Montyly Just tried and found 2 0day in 7 seconds in solidity compiler thank you for sharing this! 🚀
Claude code source code has been leaked via a map file in their npm registry!
Code: https://t.co/jBiMoOzt8G
We are extremely excited to announce Vision Chain in collaboration with Bitpanda - A regulated European exchange with 7 million users, powered by the OP Stack!
🚨‼️ We're in contact with the actor behind the Trivy and LiteLLM hack. They told us they are currently extorting several multi-billion-dollar companies from which they've exfiltrated data.
They've obtained 300 GB of compressed credentials and are working their way through them as we speak.
The LiteLLM compromise alone led to half a million stolen credentials, according to the threat actor.
Their message to the world: "TeamPCP is here to stay. Long live the supply chain."
They've sent us their new logo (see image) and also teamed up with several threat actors, including Xploiters and Vect.
Software horror: litellm PyPI supply chain attack.
Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords.
LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm.
Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks.
Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages.
Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.
@kualts Gm, can you dm me?
BREAKING 🚨: Commercial Real Estate
Office CMBS Delinquency Rate jumps to 11.8%, the highest level in history 👀
Nothing more to add here, keep building lads!
Is crypto dead? It feels dead.
It felt dead in 2014 when Mt. Gox happened and I was already the “weird bitcoin person” on campus. But it didn’t die, legit companies like Coinbase got formed.
It felt dead in 2017 after getting pilled on the world computer, only to see the most horrible scams as the first wave of adoption. But it didn’t die, it tripled the talent market in crypto.
It felt dead in 2021, because technology didn’t matter when the casino ruled all. But it didn’t die, it flooded the ecosystem with capital.
Now it’s 2025.
With every hype cycle there’s been a comedown. It weeded people out, and provided the necessary focus to prepare the infrastructure for the next wave of adoption.
Global finance will settle on crypto rails. The world computer is effortlessly handling trillions in value and the OP Stack processes more than half a billion transactions every month.
I’ve returned to OP Labs as the CEO to take us into this new chapter. We have made a ton of changes - both bittersweet and exciting. For years, we've operated as a fragmented ecosystem, crippling our ability to move quickly. Now, we are re-unifying our GTM and Engineering teams under one roof. Our Foundation remains focused on decentralization.
And, after 3 years in Mexico City, my cofounders and I have finally returned to the US and we've opened up a new office in NYC.
We’re rounding out year 7 of scaling Ethereum. None of us are going anywhere. This isn’t the last storm we’ll weather, and we’re still fighting like hell.
And you know what, Crypto isn’t going anywhere. Stop taking so much adderall and buying extra strength Zyns, it’s making everything feel worse. Go to the gym, drink some water, and I’ll meet you back at the office.
We’ve been cooking & I can’t wait to share more with y’all.
Anon, What bubble
Stage is that?
🚨 Le fonds souverain du Luxembourg investit 1% de ses actifs en Bitcoin.
« Comme l’a dit Michael Saylor, ‘there is no second best’. Permettez-moi d’être clair : Le Luxembourg hodl »
- Ministre des finances
@anti_fragile @glassnode Kinda of crazy times..
multiples indices at all time high but capitulations around the corners for some sectors..
Ca c’est la dinguerie de l’année!
Sur son site, le Louvre a supprimé son slogan "évadez-vous au Louvre".
Avant/après
Last Seen Users on Sotwe
kalaisexy
Seen from Malaysia
chudai hijab
Seen from Singapore
TÜRK HUB VİP İÇERİK
Seen from Turkey
Public use whore~
Seen from Indonesia
アニメージュプラス 
Seen from Oman
Jacko 19
Seen from Indonesia
TELEGRAM TÜRK İFŞA KANALI GRUBU
Seen from Turkey
부리부리마왕
Seen from Korea
Hasan
Seen from Saudi Arabia
Meerut Ka chora/use VPN for my content😈
Seen from Netherlands
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers