vine.eth

That liver shot at the start is exactly why you don't neglect body defence. 💀🥊🔥 Coach Joe Vargas is demonstrating that his hand speed remains absolutely lethal while dropping pure facts on ring mechanics. The high guard looks great until someone decides to go downstairs. 🥊 #Boxing

Instagram still hasn't (correctly) patched their AI goop account reset thingy. Accounts are still being stolen and Instagram hasn't said anything about it. Nerds continue to find ways to convince AI to reset accounts for them. People on social media are freaking out because some of these profiles apparently are big sources of revenue for them. Meanwhile, rumors are floating around that a few weeks ago Instagram laid off a large percentage of their Trust & Safety department and had it replaced with AI. Very cool

What the Actual f*ck are these dudes on. Someone just dropped Open Source Palantir on reddit named Osiris. -Real-Time Tracking: -10,000+ commercial, military and private aircraft live on a 3D globe - 2,000+ satellites including ISS - 1,400+ worldwide CCTV camera feeds - Earthquakes, wildfires, nuclear facilities and severe weather Built-In OSINT Tools (no installs needed): Nmap port scanning from the browser - DNS record lookup and enumeration - WHOIS domain intelligence - SSL/TLS certificate transparency - BGP routing and ASN lookup - Threat intelligence and IP reputation All running on a 3D interactive globe with day/night cycle, 20+ live API feeds, and a SIGINT news aggregator.

1/ We are sharing additional details regarding our investigation into unauthorized access to GitHub's internal repositories. Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately.

i spent the morning tracing the whole thing on dune and the story is interesting + worth sharing. drainer wallet: 0xF7cFFC27732a5C9c4E2D592F3E33435F8dDb019A: fresh wallet, first tx ever was today 2026-05-11 at 00:52 utc. by 01:27 utc it had pulled ~$173k of assets + some memecoins from at least 5 different wallets on ethereum, base, and bsc. drained wallets: > 0x62acE10c…EE8A: ~$30k of priced assets (eth + bnb) + memecoins, drained across base / eth / bsc > 0x6131b5fae19ea4f9d964eac0408e4408b66337b5: ~$119k (eth), drained across eth + base it's clear that is not an approval/permit exploit. it's a private-key compromise. at 00:53 your wallet sent 5.8 eth to the drainer. 3 minutes later, the drainer sent 0.02 eth back to you. a few minutes after that, a 157k sat1 erc20 transfer left your wallet to the drainer. that 0.02 eth transfer was the attacker funding gas in the compromised wallet so it could keep signing transfers. the only way to make that happen is to control the wallet directly. so the attacker is signing transactions with your seed. and the part that really bothers me: among the wallets that sent funds INTO the drainer, 3 more share the exact same 8 hex chars at the same positions (62ac start, ee8a end): > 0x62ace0e0ecf70f62399b26e28eaf74cc455bee8a > 0x62ac07ae9242c354f6c307bbd9b36c749a5aee8a > 0x62ac6095d7e9189353bcbf17d439348ab7a1ee8a the 32 middle chars are completely different on each, so these are 4 genuinely distinct wallets. finding 4 wallets that all share the EXACT same 8 chars in the EXACT same positions by accident is statistically impossible. they were generated by a vanity tool specifically programmed to hunt for that shape. only your wallet sent priced assets to the drainer. the other three 62ac…ee8a wallets only sent worthless coins. these 3 don't look like victim wallets at all. looks like the attacker spent a few gpu-hours generating wallets that match the shape of your main address, then routed some of the worthless memecoins through them. why? idk, maybe: > address poisoning > trail confusion where the money is right now: most of it is still in the drainer wallet. the attacker is dumping the stolen memecoins (pod, sat1, fhe, bort, etc) into Kyberswap. but eth and bnb are just sitting there. nothing has been pushed to a cex deposit, bridged out, or sent to a mixer. once those funds hit binance/okx/bybit deposits or a tornado contract, recovery will be near-impossible. how the seed potentially leaked: > infostealer malware on the device (lumma, redline, atomic) grabbing the seed during one of the imports. these are extremely common right now and seeds in clipboard or saved as plaintext are easy pickings. > malicious browser extension intercepting the seed at paste-time into rabby or gmgn > fake support DM earlier tricking you into pasting a seed into a phishing page you didn't remember here is the dune dashboard that summarizes everything i’ve found.: https://t.co/5O3FSlvGDL