Jack Xu @headcpx - Twitter Profile

27 days ago

Our LZ receiving libraries have been pinned. Thanks for the heads up @EbisuEthan. Also, the same pinning should be done for every network that the OFT supports, not just Ethereum. Lost aura, gained security, A-OK. Updated our tooling to detect pinning. https://t.co/vR1AJq3zdD

banteg

@banteg

29 days ago

layerzero solosig dependency check in if you haven't hardened your config, you are sitting on an unnecessary dependency on layerzero 3/5 solosig. if it gets compromised, it could instantly drain all the adapters that rely on the default receive library. after the kelp exploit, the vulnerable adapters tallied to $3.13 billion. after some outreach, the number has dropped to $178 million. good progress, but still not enough. there is still a long tail of projects that have ignored this advice. i will make this simple for you. here is a full list with exact calls for how to pin the default library. https://t.co/diEyhgheRB

21

277

45

55

42K

3

10

5

1

1K

headcpx retweeted

Sign @Sign

28 days ago

https://t.co/4IKLF9J8rL

21

131

41

4

8K

headcpx retweeted

Michael Saylor

@saylor

over 12 years ago

#Bitcoin days are numbered. It seems like just a matter of time before it suffers the same fate as online gambling.

2K

12K

3K

0

Jack Xu

@headcpx

about 1 month ago

Today, we are open-sourcing a toolkit ported in Go that parses and writes SWIFT MT messages as a part of our ongoing CBDC work. Aside from being used for international wire transfers, the MT format is also core to certain RTGS systems in central banks. https://t.co/m3z73699Q4

4

19

10

0

1K

Who to follow

ceo @InteguruAI 🛠️ @ycombinator @columbia @usc

about 2 months ago

Yes, $SIGN also uses LayerZero. Our old setup was 2/2 required DVNs across all supported networks. It has since been bumped to 2/2 required + 2/3 optional.

2

11

0

342

Jack Xu

@headcpx

about 2 months ago

In light of recent events, we are open-sourcing a local web tool that helps projects easily manage their LayerZero OFT wiring configurations, when the OFT delegate is a Safe multisig. Configurations can be imported or exported as JSONs for convenience. https://t.co/vR1AJq3zdD

4

34

13

0

2K

headcpx retweeted

Talfao

@talfao1

about 2 months ago

This weekend KelpDao lost $292M. @LayerZero_Core just published their incident report. The protocol worked as designed. The smart contracts were fine. The money left through an RPC poisoning attack on a single-DVN configuration that multiple parties had warned against. A thread on what this teaches us about every attack surface. 🧵

1

11

6

0

925

headcpx retweeted

Kraken Listings

@krakenlistings

about 2 months ago

Now live: $SIGN @Sign empowers nations to adopt blockchain and unlock crypto for all. Start trading today → https://t.co/fGblMQzwuo

krakenlistings's tweet photo. Now live: $SIGN

@Sign empowers nations to adopt blockchain and unlock crypto for all.

Start trading today → https://t.co/fGblMQzwuo https://t.co/c1inc5iKKX

23

108

25

3

28K

Jack Xu

@headcpx

about 2 months ago

@realyanxin Yeah, this was built to deploy our own HL spot token. It’s a fair bit more complicated than their documented deployment due to the token being bridged, EVM decimal vs. HL decimal mismatch, etc..

1

8

0

147

Jack Xu

@headcpx

about 2 months ago

It's open-sourcing time. This week, we are dropping a web tool that helps projects deploy tokens to Hyperliquid spot (progress detection, error handling, etc.), as HL's existing UI omits advanced configuration options only accessible through their API. https://t.co/Sa06fvgb0o

5

35

9

4

9K

headcpx retweeted

Sign @Sign

about 2 months ago

https://t.co/pVwPCq2Pkj

11

112

35

4

6K

headcpx retweeted

Coinbase Markets 🛡️

@CoinbaseMarkets

2 months ago

Spot trading for Checkmate (CHECK) and Sign (SIGN) will go live on 2 April 2026. The opening of our CHECK-USD and SIGN-USD trading pairs will begin on or after 9AM PT, if liquidity conditions are met, in regions where trading is supported.