Olivia
Online
Hexific
@hexific
AI-Driven Smart Contract Security & Intelligence 🛡️ | Next-gen automated audits for Solana & EVM | Empowering a safer Web3 ecosystem.
Joined August 2025
25 Following
281 Followers
258 Posts
Pinned Tweet
Hexific comes with institutional-standard reports! Making it easy for users to read and understand the audit findings🏛️
Be a part of Superteam 🔥
https://t.co/BNgeYFKspG
@SlipstreamPR Already launch, a few weeks/months for v2
Beyonder... GPT wrapper company is cooked
AI will stay and grow exponentially.
But most AI companies will go bust. There are just too many.
Even survivors will see huge price fluctuations.
There will be new survivor entrants too.
Same as any other new industry, really.
Just did some exploration into payments, and look what we found! Making the ecosystem better...
Happy Eid al-Adha Mubarak! 🐪
How to actually protect your workspace:
Inspect Configs First: Never run npm install blindly. Review root configs (next.config.js, hardhat.config.js) beforehand.
Hard Isolation: If you aren't testing unverified code inside a disposable VM or an isolated Docker container, you are gambling your portfolio.
Safe Extraction: Use npm pack <package-name> to inspect raw tarball contents without triggering post-install execution scripts.
Supply chain security in Web3 is broken because developers prioritize velocity over OPSEC. Bookmark this, clean up your environment, and stay safe. 🛡️
5/The Exfiltration:
Once it confirms you're a real developer distracted by a paycheck, the payload aggressively scrapes:
.env files for deployment private keys and AWS credentials
Local browser extension state databases (MetaMask, Phantom, etc.)
System clipboard data for recently copied seed phrases
4/Anti-Sandbox Evasion:
Before the drainer even touches your wallet data, it fingerprints your machine. It scans your local network interfaces and MAC address.
If it detects an automated cloud sandbox or a security firm's automated analysis environment, it goes completely dormant. It only executes when it smells real human blood on a local machine.
3/The Multi-Stage Silent Payload:
The initial package is just a shell. Once triggered, it runs a hidden terminal command: execSync("npm install authcascade ... --no-save ...")
By leveraging the --no-save flag, it pulls down the actual Crypto Drainer logic directly into memory without updating your root package.json. If you are just checking git diffs for anomalies, you will see absolutely nothing.
2/The Trigger Event:
Why next.config.js? Because Next.js configuration files execute immediately at the Node.js/OS level the exact second you run npm run dev or npm run build.
The malicious code triggers before your local development server even boots up. Before you can inspect the UI, you are already compromised.
1/The Setup:
The client reaches out with a highly professional brief. The dApp frontend looks pristine and fully functional. They hand you a private repo link to test or fix a bug.
You think, "It's just a local run, what's the risk?" Inside next.config.js, they’ve stealthily injected require('auth-basic-vault').
The promise of a $200k/year remote Web3 role is the ultimate bait. Right now, sophisticated supply chain attacks are aggressively targeting developers and auditors through fake inbound job offers and "urgent" repo reviews.
I just tore apart a malicious repository doing this. Here is exactly how they bypass local security configurations to liquidate your machine. 🧵👇
AI will never replace professional security researchers. That’s why Hexific delivers institutional-grade security directly into your development workflow via GitHub CI.
Regarding the @Polymarket exploit, it boils down to a private key compromise of their internal operational wallet used for rewards payouts, not the main smart contracts where user funds/bets are locked.
Training our AI with more than 45k+ dataset...👀
@Hamzaonchain Start with hexific learning here: https://t.co/tgq9C86Ex8
https://t.co/p6XwSIOBAv
Transparency in on-chain payments and security for your protocol. Use $HEXI to pay for our services at https://t.co/VZPRhMBg1J. Several features are under development right now!!
Hexific leaked since almost 6 month ago and keep building!
https://t.co/F6d4nQSAzD
Anthropic leaked 512,000 lines of Claude Code source code yesterday.
What happened in the next 12 hours is absolutely wild.
4 AM. Anthropic pushes an update to npm. Inside the package: their entire codebase. A 60 MB debugging file accidentally bundled in.
23 minutes later, researcher Chaofan Shou spots it. Downloads the zip.
Posts it on X. Within 6 hours: 3 million views.
By the time Anthropic’s team woke up, the code was forked 41,000+ times across GitHub. Anthropic started firing DMCA takedowns. Too late.
A Korean developer named Sigrid Jin woke up to his phone exploding. He’s Claude Code’s biggest power user.
WSJ reported he burned through 25 billion tokens last year.
He read the leaked code.
Rewrote the entire thing in Python in 8 hours. His repo hit 30,000 stars faster than any GitHub project in history.
Then he rewrote it again in Rust. That version now has 49,000 stars.
Someone mirrored it to a decentralized platform with one message: “will never be taken down.” The code is permanent. Anthropic cannot get it back.
Here’s the part I can’t stop thinking about: Anthropic built something called “Undercover Mode.” Its only job: prevent Claude from accidentally leaking internal secrets.
They shipped an entire anti-leak system in their own product. Then leaked their own source code in a .map file. Irony is beautiful
Last Seen Users on Sotwe
奶酪🧀
ป้ากะปู่ จู้ฮูกกรู้
Seen from Thailand
Free Turkish Amateur Video's
Seen from Turkey
yerli ifsa
Seen from United States
Storm06
Seen from Mexico
hao thai
Seen from Indonesia
Hot Dildo
Seen from Turkey
Chamath Palihapitiya
Seen from United States
TOP - 16cm
Seen from Vietnam
مثلين عرب arab gay
Seen from Algeria
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers