Olivia
Online
Julia
@julia27eth
co-founder @zeroshadow_io and SEAL911 volunteer, previously @chainalysis
Joined July 2021
145 Following
256 Followers
29 Posts
Thank you for including me in this group, I will continue working hard every day to make crypto a safer place.
The final 100 ETHSecurity Badge holders are in!
That brings us to 200 security experts, guiding how TheDAO allocates its funds and also coordinating behind the scenes to make Ethereum safer.
Big thanks to everyone who engaged with the process and helped shape it, and to @bonfiresai for building the tooling that made it possible.
9 months later, let's see if the changes coming through the Coalition to Change Crypto Freezes & Recovery can show some results. We can stop so much of this laundering through Hold Harmless Agreements and data sharing, and that's just the start. DM me if you want to get involved in this work against illicit crypto.
What are you going to do to stop North Korea ending up with $285M more to build nukes?
If crypto does to @DriftProtocol what it did to Bybit - pseudo-decentralised protocols hiding behind "can't", exchanges don't care, always asking for LE - that's exactly what will happen.
I asked @julia27eth, Co-founder, Investigations at @zeroshadow_io a simple question: you've seen more crypto exploits than almost anyone.
If you were deploying on-chain for the first time, what would you build on the proactive side?
Her answer was two things. 🧵
Most teams are defending their protocols with yesterday's news.
That’s because today’s available data forces a choice you shouldn’t have to make. The data is either "fast" but lacks real depth, or is "deep" but arrives far too late to matter.
In reality, most of what’s available today isn't fast enough to stop a nation-state actor at the moment of impact, and it’s not as deep as the marketing claims. In this space, if your intelligence doesn’t move at block-speed and isn’t defensible under scrutiny, you’ve already lost.
We aren't just pointing out the gap; we’re closing it.
Starting today, we are offering access to our real-time Threat Intelligence Platform — free for one year. (sign up by March 15th with the link in the comments)
For the first time, you can plug directly into a secure, live stream of zeroShadow intelligence. It is the same human-vetted data our investigators use to track illicit activity and persistent threats, delivered through an architecture that actually moves as fast as the attackers do.
Here is the value we’re bringing to your stack:
• True Block-Speed Intel: Real-time attribution delivered while it’s still actionable, not hours after the bridge is crossed.
• Regulator-Aligned Screening: OFAC+ and OFSI+ extend official lists by tracing sanctioned assets beyond common obfuscation, aligning your screening with investigative methods used by regulators and law enforcement.
• Active Investigative Depth: Direct output from our investigations into nation-state actors (DPRK), drainer networks, and laundering infrastructure.
• Uncompromised Privacy: A secure way to query threat intel without ever exposing your raw data or your strategy.
• Compliance Precision: Dedicated tools that allow CCOs to manage Web3 risk with the rigor of traditional finance.
We are proud to go to market with @lifiprotocol, @1inch, and @megaeth, who are already using this intel to secure their ecosystems.
Register with the link in the comments before March 15th to receive our “Core Data Cars"—including our proprietary zS Investigation leads and OFAC+/OFSI+ tracking—free for one full year.
1/ oh boy, this past year at @SEAL_911 has been absolutely brutal ngl. After dealing with an insane volume & severity of incidents, it's hard to overstate how fucking broken the overall security still is across this space. The numbers tell the story better than any rant ever could - so here they are:
- Handled +1,800 tickets (we're now at over ~3,300 tickets since SEAL 911 was launched)
- Actively managed +125 war rooms
- ~$95M USD saved (guesstimate incl. proactive prevention measures)
- Most common tickets:
1) Private key/seed leaks (guys, the amount of leaked keys is insane!)
2) Malware/RATed devices (over 45 tickets - at least - related to NimDoor (fake Zoom calls) only)
3) Phishing (can be approval phishing but also account access phishing)
4) Phishing URL reporting
5) Pig Butchering/Sha Zhu Pan (the saddest tickets and these scammers have infinite creativity)
6) Smart contract hacks
7) Frontrunning/white hat rescue of compromised wallets
8) Vulnerability disclosures
9) Social media account (incl. TG) takeovers
10) Physical attacks (do _not_ flex your wealth guys)
obviously, if we continue at this rate the future of finance will not be built on a decentralised ledger with asymmetric cryptography… because people will simply lose their assets sooner or later
@l2beat @ethinteroplayer Thanks for sharing! Will there be any considerations to prevent stolen funds from using the bridge?
Great being on the DeFiConnect panel today discussing the future of zero-knowledge proofs + compliance.
tl;dr: we need more builders and better policy for real-world adoption — the tech is (mostly) ready!
Thanks @buzea200, @criptolawyer, @pumpernikhil, @valkenburgh, @julia27eth + @partyactionppl!
@BillHughesDC raised an important topic today on what it means to freeze funds in crypto, and as a “fund chaser folk” I wanted to add some thoughts. The basis of the lawsuit is that an informal request to freeze funds at Tether by Bulgarian law enforcement harmed a company. Bill ponders whether freezing funds on an informal basis is sustainable. But I would argue there is sustainability to informal requests if it is followed by a formal request. Some important points:
1) Freezing on an informal basis is THE ONLY WAY to actually stop illicit funds. In nearly all of our cases, especially with organized laundering networks, funds are in a centralized stablecoin or held on an exchange for under 30 minutes. No court order is coming within that time. Many services outline in their terms of service that they will freeze on the suspicion of money laundering, so they have some basic protection to do this. Crucially this informal freezing is NOT the end of the process.
2) The informal freeze is followed up with a legally backed freeze request. There is a misconception that legally backed freeze = law enforcement request only. This does not have to be the case. There is already success with civil requests, indemnity agreements, and we hope in the future with an arbitration process that is entirely outside of the confines of a single jurisdiction’s laws. These are all legal agreements that, alongside clear terms of services, should provide the protections against any claimants that try to come forward. There is a legally binding ruling that these funds are illicit and belong to the victim in question. No real victim or no real trace, no legal backing.
3) Nothing technically stops Tether from unfreezing a wallet that does not have proper legal documentation. Nothing technically stops an exchange from releasing funds that were informally frozen. The informal freeze is not the end state.
4) How does a service like Tether comb through the noise of all of these informal requests? What stops them from growing? This is where we can define a more uniform process within the crypto ecosystem. We can establish the standards for what evidence is needed within what timeframe for a freeze, and signal outwardly which organizations are meeting those standards. To me, being law enforcement from any jurisdiction is not enough basis to get a freeze - and the quality proof of the full flow of funds is more important.
This issue of what it means to freeze and recover funds in crypto has become a forefront issue. It is by no means solved, but I would caution that the solution of only allowing US Delaware law enforcement requests (like Circle) for a global ecosystem with global victims is not working. Instead of ending informal freezes, we should flush out how to get to the formal request more efficiently.
This is an interesting conversation between Bill Hughes, ZachXBT, julia27eth, and Mike Mosier. However, I don’t think the https://t.co/3V9SrTRAt1 UI will let you follow the conversation (Xdotcom is busy trying to enrage you for clicks), so read all these links in order:
@BillHughesDC raised an important topic today on what it means to freeze funds in crypto, and as a “fund chaser folk” I wanted to add some thoughts. The basis of the lawsuit is that an informal request to freeze funds at Tether by Bulgarian law enforcement harmed a company. Bill ponders whether freezing funds on an informal basis is sustainable. But I would argue there is sustainability to informal requests if it is followed by a formal request. Some important points:
1) Freezing on an informal basis is THE ONLY WAY to actually stop illicit funds. In nearly all of our cases, especially with organized laundering networks, funds are in a centralized stablecoin or held on an exchange for under 30 minutes. No court order is coming within that time. Many services outline in their terms of service that they will freeze on the suspicion of money laundering, so they have some basic protection to do this. Crucially this informal freezing is NOT the end of the process.
2) The informal freeze is followed up with a legally backed freeze request. There is a misconception that legally backed freeze = law enforcement request only. This does not have to be the case. There is already success with civil requests, indemnity agreements, and we hope in the future with an arbitration process that is entirely outside of the confines of a single jurisdiction’s laws. These are all legal agreements that, alongside clear terms of services, should provide the protections against any claimants that try to come forward. There is a legally binding ruling that these funds are illicit and belong to the victim in question. No real victim or no real trace, no legal backing.
3) Nothing technically stops Tether from unfreezing a wallet that does not have proper legal documentation. Nothing technically stops an exchange from releasing funds that were informally frozen. The informal freeze is not the end state.
4) How does a service like Tether comb through the noise of all of these informal requests? What stops them from growing? This is where we can define a more uniform process within the crypto ecosystem. We can establish the standards for what evidence is needed within what timeframe for a freeze, and signal outwardly which organizations are meeting those standards. To me, being law enforcement from any jurisdiction is not enough basis to get a freeze - and the quality proof of the full flow of funds is more important.
This issue of what it means to freeze and recover funds in crypto has become a forefront issue. It is by no means solved, but I would caution that the solution of only allowing US Delaware law enforcement requests (like Circle) for a global ecosystem with global victims is not working. Instead of ending informal freezes, we should flush out how to get to the formal request more efficiently.
Notable lawsuit against @tether just filed in the SDNY days ago. This was brought by a company that used Tether and woke up one morning to find $45mm in funds frozen, allegedly due to an informal request by Bulgarian law enforcement.
Riverstone alleges that Tether falsely markets USDT as a reliable and liquid stablecoin, while maintaining centralized control over user funds through smart contracts that allow Tether to freeze or blacklist wallet addresses. Despite advertising USDT as fast, stable, and free from banking delays, Tether allegedly exercised unilateral control inconsistent with these claims.
(Ed. note: These "false marketing" allegations seem dubious. It isn't exactly a secret that Tether has complete control over the use of Tether. But maybe some of their marketing is misleading (?). Anyways . . . )
Riverstone claims eight of its wallets were frozen on April 4, 2025, after Tether received a request from a Bulgarian police department. Tether did not provide the plaintiff with legal documentation justifying the freeze and instead directed Riverstone to contact Bulgarian authorities, who allegedly failed to respond.
Curiously, and possibly relatedly, I found this article (date unknown) from a Bulgarian law firm (https://t.co/T8aTDTIfla, which focuses on immigration issues of all things) talking about how to get your Tether unfrozen after Tether responds to an informal request to freeze. https://t.co/CybllUAmT4
"So why is Tether blocking USDT addresses? Most often, the ban is requested by law enforcement agencies from around the world. In the last months, for example, we are receiving huge amount of reports that the Chinese authorities have been requesting many of the USDT freezes. Traditionally, the FBI is also requesting USDT bans to be put on addresses with suspicious (according to them) activities. Many other state security agencies from around the world are also requesting Tether to freeze addresses. The problem is that many of these requests are not legally justified. Additionally, Tether is not able to justify the authority of each foreign security agency and their legality. This leads to the overwhelming amount of requests to be honoured by Tether." A pretty thorough and thoughtful article for an immigration law firm!
Now back to the complaint, which asserts that Tether:
i) Violated international legal protocols by freezing assets solely based on a local Bulgarian police request without proper judicial or diplomatic process;
ii) Failed to act in good faith or provide due process before restricting access to Riverstone’s funds; and
iii) Earned interest from the reserves backing USDT during the freeze, enriching itself unjustly.
Causes of Action include (i) Breach of Fiduciary Duty:
(Tether allegedly owed a fiduciary duty as issuer and custodian of USDT, including safeguarding Riverstone’s assets, ensuring liquidity, and maintaining transferability); (ii) Unjust Enrichment (By profiting from reserve interest while denying Riverstone access to its assets); and (iii) Conversion (Tether allegedly exercised unauthorized control over Riverstone’s property by freezing its wallets and restricting transfer of funds).
How to freeze stablecoins is a really important issue if we are entering the era of stablecoin proliferation! Many in the crypto security community are highly critical of @circle for failing to stop laundered funds of which they may have full awareness because they have yet to receive legal process. @tether appears (by all reports I've heard) to be much more accommodating to law enforcement requests received on the fly - which the security/fund chaser folk love frankly - but this is all done with the risk that they are overinclusive and block someone's funds who aren't scammers/hackers. Kudos to Tether for being more aggressive with stopping illegal flows (and who can blame them given how much bad guys use Tether) but this just seems frankly unsustainable to do it informally.
Banks/financial services will block/seize only pursuant to a prescribed legal process, and only because the law affords them protections against customer complaints when they follow that process. That's why its slow but at least the banks aren't risking liability all the time. There is nothing similar in crypto. Maybe you simply can't stop laundering if there was something similar in crypto. Maybe some new approach is needed.
This is one to watch! I think Tether just hands over the funds and moots the case assuming Bulgaria backs down - or the Bulgarian authorities paper over this with process to make it above board. We shall see.
If you recognize any of these faces or names as past employees you have had, please reach out to SEAL911 immediately!
North Korean developers are eager to work for your company, but it's important to not get scammed by imposters when hiring. We built this portfolio to help you pick out the right North Korean IT worker for your company.
I just took the @cyfrin wise-signer quiz and learned so much about practically applying crypto wallet security. Great work to this team! Try it at
https://t.co/gLEMzzIwUG
1/ Join us on June 4 for a DeFi Security X Space
Our Head of Security, @rpolysec, hosts leaders from @HypernativeLabs, @_SEAL_Org, and @zeroshadow_io to discuss building an institutional-grade DeFi security practice, emerging threats, onchain monitoring, and more.
1/ Very pleased to have played a small role in finally taking down @exchcx – one of the most prolific services used for money laundering in the past year. eXch was a hub for DPRK, CSAM vendors, script kiddies, scammers, and many more bad actors laundering the money.
What did they do with their "tip"? Funds are currently unspent on Base, top 3 wallets:
0xcf6825500301A8Fd6687DB0A37e1ec9B1F5dfc46 13.5 ETH
0xC9A4E5Dffe1E69E6db603D39a86C21b60Cef87Dd 13.97 ETH
0x08fA1f21f9F6EAfCc5AaD0a169720e2b6636caB0 14 ETH
Investigation report
At 2AM UTC, a hacker accessed a secure dashboard for @aixbt_agent autonomous system, queuing 2 malicious replies that led to 55 eth taken from a simulacrum wallet. Those funds don’t affect core systems or development, no impact on us.
Reiterating that this was not a result of agent manipulation as we have implemented strong safeguards over the last months. The AI and X account are fine.
We’ve migrated servers, swapped keys, paused dashboard access for security upgrades, and reported hacker addresses to exchanges.
1/ Guys, what a fucking insane year at SEAL 911. It's been a hell of a ride—showing just how fucking far behind we are in securing our industry, but also proving why SEAL 911 matters so damn much. Alright, I know, I know you want some stats for 2024, and here we go:
- Handled +1400 tickets
- Actively managed +75 war rooms
- Blocked over +150k phishing domains
- ~$75M USD saved (guesstimate including phishing prevention measures)
- Most common tickets:
- 1) Phishing
- 2) Private key leaks
- 3) Malware/RATed devices
- 4) Social media account takeovers
- 5) Smart contract hacks
- 6) Pig Butchering/Sha Zhu Pan
- 7) Vulnerability disclosures
- 8) Phishing URL reporting
- 9) Frontrunning/white hat rescue of compromised wallets
- 10) Domain hijacks
1/ An investigation into how Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) stole $243M from a single person last month in a highly sophisticated social engineering attack and my efforts which have helped lead to multiple arrests and millions frozen.
@business cOdE iS lAw
Today the Crypto Incident Response team at @chainalysis spins off to become a new company @zeroshadow_io. We are creating wholistic web3 security solutions to enable crypto companies to enhance their security and incident response capabilities. Check out https://t.co/rx3gkeO3wu
With users' funds returned, we wrote a post-mortem of the exploit of Dolomite's legacy smart contracts. We're happy to officially put this situation behind us
https://t.co/PeyCNSN2sD
Last Seen Users on Sotwe
Khan Khoshal
Seen from India
อยากดูควยผู้ชายตอนอาบน้ำ🤤🤤
Seen from Thailand
playful_Innocence 
Seen from United States
Malik Aqib
Seen from Pakistan
Gabriela Santoyo
Seen from Spain
فحل سوداني🔞🔞🩷
Seen from Germany
hào
Seen from United States
Kamasutra 💗
Seen from Indonesia
KneadyBoys
Seen from Turkey
العنتيل العربجي
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers