This morning I was HACKED!
I’m a blockchain developer with over 8 years of experience. I’m familiar with many of the techniques hackers use, but they are often one step ahead. They strike when you are most vulnerable.
What happened:
- A few days ago, I was contacted on LinkedIn by Kostiantyn Pustovyi. They offered me a collaboration opportunity on a Web3 game.
- I immediately suspected they would send me a suspicious link, ask me to download some software, or something similar. But they didn’t.
- This morning, I started the interview. The person explained the role, how I would be expected to help manage the team, and other details.
- They showed me the repository I was supposed to work on.
- I cloned it and ran yarn install. That’s when they got me.
- An obfuscated script sent the credentials stored in process.env to their server.
- They also asked me to test their online game and connect my wallet. They almost certainly intercepted my wallet password as well.
I’M DESPERATE!
I haven’t finished investigating yet, and I still don’t know exactly how many wallets were drained. I’ll continue posting updates as I learn more.
BTSG, the bridge, and other related systems do not appear to be affected.
3/3
Agentic RAG adds a decision-maker. It checks if it has enough context, and goes back for more if not, sometimes across multiple sources or tools. Whether you build AI tools or just rely on them daily, this is the difference worth understanding.
2/3
Traditional RAG: your question becomes a vector (a list of numbers). It's matched against a knowledge base. Closest matches get pulled in as context. One lookup, one answer.
Ask an AI for a birthday message with no details. Generic reply.
Add who it's for, their age, what they love, when the party is. Totally different output.
Same model. Only difference: context.
RAG exists to automate exactly this.
1/8
GPT-5.6 went General Availability (GA) on July 9 2026. Fable 5's been live since July 1. Both are calling themselves State Of The Art (SOTA) on coding. Depends which benchmark you read.
7/8 Three models, three different bets: composite coding score, real-repo bug fixing, or open-weight price efficiency. Which one are you actually routing to?
5/5
If you maintain a library, mark every October for Alpha testing. If you track LTS in prod, mark every October for promotions.Full multi-year breakdown in the image. h/t @NodeSource for the release schedule breakdowns.
Learn more at:
https://t.co/1AoPsrnIOF
1/5
Node.js ( @nodejs ) just retired a release model it's used for 10 years.
Old system: two majors a year. Even numbers got 30 months of LTS, odd numbers lived 6 months and died.
....
4/5
Why: a decade of data showed near-zero adoption of odd releases, and backporting security fixes across 4-5 concurrent lines was breaking the mostly volunteer maintainer team.