Damian

appreciate you calling it a great OG wallet. big fan of your mycelium concepts, framing, and thought exercises. just wanted to add: the team didn’t just use the word...they built one of the earliest secure mobile bitcoin wallets explicitly inspired by those same decentralized, resilient network principles (they started as a mesh networking project in 2008). when writing about symbiotic mycorrhizal networks, giving the early builders who tried to embody it some recognition feels like proper mycelium behavior.

he was there one time he found a tshirt he rocked the tshirt he started tshirt store he gave away the tshirts he burned tshirt store to the ground he walked away started chopping down trees he now lives in forest and flys from mountain to mountain he can be seen if you look at the sun long enough kek

‼️Hacker group TeamPCP stole 4k GitHub private repos & listed them for $50k sale. They didn't breach GitHub servers—they poisoned a VS Code extension. One employee installed it, letting attackers enter via legit creds. TeamPCP (naming malware after Dune sandworms) ran the most advanced supply chain attack ever. Timeline: - Mar: Poisoned Trivy (trusted scanner used in 10k+ workflows). Injected cred-stealer in GitHub Action; ran before scan, stole AWS/SSH/DB/K8s tokens. Aqua took 5 days to remove. - Used creds to breach Cisco, clone 300+ priv repos (incl. unreleased AI code, banks, gov agencies). - Apr: Hit Checkmarx, poisoned 5 Docker imgs in 83min; silently exfil secrets. Cascaded to Bitwarden—poisoned npm CLI pkg via CI/CD. - May: Hit TanStack (millions downloads/wk) w/84 malicious pkgs across 42 libs. Malware scraped build server memory, extracted tokens, bypassed 2FA, & signed pkgs w/ valid keys. All verifiers showed legit. Also hit Nx Console (2.2M installs) targeting Claude AI creds. May 19: Revealed GitHub breach. Malware is self-propagating across npm/PyPI, auto-infecting dev pkgs & selling creds to ransomware gangs (e.g., Cisco leak threats w/ FBI/NASA data). They exploited blind trust in build tools—no zero-days needed. Every scanner, Docker img, VS Code ext, GitHub Action is a potential weapon if poisoned upstream. Valid sigs make compromised builds indistinguishable.