Olivia
Online
feliam
@feliam
Defending Web3 from scams and exploits @Bitfinding
Did binary hacking. Kind of skip web/cloud hacking.
Doing blockchain hacking now.
Argentina
Joined March 2009
1.1K Following
1.4K Followers
1K Posts
To wallet developers:
We are investigating weak seed generation associated with a wallet supporting EVM, Bitcoin, and other chains since 2018.
Evidence points to a JavaScript/React Native/Expo mobile wallet.
It does not appear to be a widely used wallet, based on observed scale, but users could still be at risk.
If your wallet matches this description, please contact us.
Boa sent a replacement kit for my old gear. I'm not used to this kind of magic. Outstanding customer service.
+10 years 👞🚴♂️🚴♂️🚴♂️🚴♂️
Huge thanks to @giveth and everyone involved to make this happen.
Thanks to this initiative we can spend more time in public good projects that benefit the whole ecosystem.
🚨 Attackers are exploiting a flaw in wallet generation to drain addresses created as far back as 2018, even if completely dormant.
Unexplained missing funds? Treat your recovery phrase as compromised.
Move remaining assets to a new wallet and recovery phrase.
Check all chains!
Who to follow
Piotr Bania
@PiotrBania
The world needs bad men. We keep the other bad men from the door.
Stephen Fewer
@stephenfewer
Senior Principal Security Researcher @rapid7. Specializing in software vulnerabilities and exploitation.
Kostya Kortchinsky
@crypt0ad
🇫🇷 grep'ing for memcpy() since 2002AD. Currently @ Databricks. Formerly GOOG, MSFT. Tweets are my own, and sometimes attempts at being funny.
🚨 Exploit Alert:
Bad error handling attack
Chain: Ethereum
Loss: 17 WBTC ($1.3M)
TX: 0x770bc9a1f7c32cb63a5002b9ceb5c7994cd3af0fc6b2309cb32d3c46f629daa0
https://t.co/UP0JiQFKcY
We’re happy to share that @Quantstamp is contributing $50,000 to the Ethereum Security QF matching pool 🛡️
A global leader in blockchain security, Quantstamp has conducted 1,300+ audits and secured $500B+ in digital assets since 2017, working across smart contracts, L1s, and web infrastructure.
This contribution strengthens the round at its core, increasing the matching pool and helping every community donation go further.
The round launched with 500 ETH from @thedaofund to fund Ethereum security. With Quantstamp’s support, the impact of that funding grows even further.
Explore the round and support projects 👇
https://t.co/IlryUemfIJ
Help grow the matching pool 👇
https://t.co/qu7OrJfEEX
I present TAINT.
A bug bounty pays for a report that someone must review. TAINT pays for a demonstration.
Software is built from thousands of components written by strangers.
TAINT asks: Can someone get arbitrary bytes into the artifact I trust?
TheDAO Security Fund’s first round is out!
We’re kicking things off with a broadly scoped Ethereum Security quadratic funding round on Giveth as the first move in our bottom-up distribution strategy.
Why QF?
Because we wanted the first round to do more than just allocate funds.
QF is still one of the most powerful funding mechanisms Ethereum has produced. It gives the community a real voice, helps projects build awareness around their work, and creates extra upside for the Ethereum security space beyond the funding itself.
That felt like the right energy for a first round.
Not to mention, QF could also bring in meaningful donations on top of the pool. Extra funding for security is always good!
Why keep the scope broad?
There are so many projects out there building tools, standards, infrastructure, response systems, and protections that make Ethereum safer every single day, but this work is easy to miss if you’re not deep in it already.
This round gives that work a chance to gain better adoption.
We hope the many projects, tools, newsletters (and more) that join the round will become more widely known by everyone who participates, especially the ETHSecurity Badgeholders. This new awareness around what is already out there will, in itself, improve Ethereum security.
Why Giveth?
Because Giveth is already working closely on TheDAO Security Fund’s operations, including standing up the ETHSecurity Badges program, and going forward, they’ll also be working with all of our round operators.
That made them the natural choice for running the first round.
This first round is not just about getting funds out the door. It’s also about getting a real process in motion, learning from it, and making the next rounds better because of it.
And on a practical level, Giveth is also the only Ethereum-focused team still actively running QF rounds at this scale.
Read all about the round here 👇
Many ecosystems treat major incidents as something to downplay and forget.
The good ones turn them into security budgets:
@PatrickAlphaC 🖐️ I got pretty close to that one. It is _normal_ to trust whatever web2/dns/browser/3rdparties-yamls presents to your eyes.
@coinspect Got it ✅
Registering a .org does not make you more neutral
🚨Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss
cbETH asset's price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude - Is this the first hack of vibe-coded Solidity code?
Preparing for my company’s Paper Friday: "A History of Greed: Practical Symbolic Execution for Ethereum Smart Contracts"
https://t.co/O6kthH8hTB
Not 100% you need an external tool to give you a CFG that you can build while SE. :shrug:
New on Learn EVM Attacks: 4 new real DeFi exploits reproduced with write-ups, runnable Solidity PoCs, and more:
• Futureswap fee bug
• 1inch calldata corruption
• Bunni rounding drift
• LyraDepositWrapper validation flaw
Explore, run the code, learn to defend. 🔎👇
For anyone interesting in learning zk proofs, I built a web app that lets you "debug" STARKs end-to-end. You can write simple programs, generate/verify STARKs, and explore the execution traces and constraint polynomials. Link in 1st response.
Ahhhh la botellita…
Another W for web3 security!
@rheo_xyz just adopted SEAL's Whitehat Safe Harbor, adding legal protection for whitehats who step up to rescue funds during active attacks
this is how we build trust & make web3 safer for everyone
https://t.co/mlELxBsQ4k
What a Devcon for us. Only during the @summit_defi , we had 4 shoutouts including the closing panel
We hope to inspire more teams to participate in whitehats and that protocols realize there's a real last line of defense for them.
Thank you @iphelix, @0xJuani, @coconuthaxor
TIL: Do not turn on an internal combustion engine if you don’t have a plan for how to turn it off.
(I should have learned that from the Pink Panther
https://t.co/5EByQXqrOa)
Last Seen Users on Sotwe
💄Femme❤️🔥FEMiNiZER 👠 500k+ 🔞 
Seen from Turkey
fox gumie🔞 :p CRAFTING COMMS
Seen from Saudi Arabia
X-P-T
Seen from Thailand
Saya
Seen from France
JJ Bae
Seen from India
Free Turkish Amateur Video's
Seen from Turkey
لينا
Seen from Oman
Pandawa
Seen from Malaysia
🫦🫦💦chuddakd maa ka सौतेला beta💦🫦🫦
Seen from United States
shah noty boy
Seen from Malaysia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers