![PeckShieldAlert's tweet photo. #PeckShieldAlert The IoTeX[.]io Bridge @iotex_io has been hacked for over $8M worth of crypto due to a compromised private key.
The hacker has swapped the stolen funds to $ETH and has started bridging them to #BTC via #Thorchain. https://t.co/uNWHzahk4F](https://pbs.twimg.com/media/HBrRYbvbcAEfNNE.jpg)
Olivia
Online
strukt
@strukt93
LSR @Spearbit - Triage @Hacker0x01 | ex-@Quantstamp | ex-@HalbornSecurity
Joined May 2024
138 Following
76 Followers
135 Posts
They can’t. Make your own vpn:
1. SSH to a host with:
ssh user@host -D 8081
2. Point your browser proxy settings to localhost port 8081, and mark it as a SOCKS v5 proxy.
3. You now are proxying your browser traffic to where that host is, like a vpn.
Had the pleasure to perform this audit for @sanctumso alongside the great @movebrah 🫡
https://t.co/ZA5AH5s8Ie
Reminder:
msg.sender.code.length == 0 is dead post-EIP-7702.
An EOA can delegate to a contract for the duration of a tx - so it has code while still being controlled by a private key.
Every contract still using codesize as an EOA check is now a bypass.
@Nacitrex Yes very buggy, Android Auto just has to disconnect all the time without reconnection (you have to physically do that), top bar randomly just disappears, brightness rarely correctly adjusts to surrounding lighting and mostly the screen is overdimmed, among others
❗️🚨 BREAKING: Security researchers are now handing Nightmare-Eclipse vulnerabilities for free, in what looks like both a show of support and a reaction to how Microsoft treats researchers. First up: "Bitskrieg," violates Secure Boot trust and fully bypasses BitLocker.
It seems aimed squarely at Microsoft's recent blog, where the company said its Digital Crimes Unit would bring cases against threat actors "and those that enable their criminal activity," language many researchers read as a threat pointed at them.
If you can't explain things well, people are just going to assume you are a slop cannon and you don't understand how your own projects work.
If you can explain things "well," but you don't hold up under probing, people will assume you just memorized a script.
The ability to learn well = the ability to explain what you are learning and to proactively challenge your own understanding.
https://t.co/rLl6ZzmuvY
🚨 Bitwarden CLI 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign after attackers abused a GitHub Action in Bitwarden’s CI/CD pipeline.
We’ll continue updating our coverage as more details are confirmed.
https://t.co/G0aakn8swq
We're looking to hire a Staff Security Product Engineer.
You'll be working on frontier security products: Clarion (an autonomous security operations platform) and Apex (an autonomous bug hunter).
Link below:
https://t.co/AMOicUvnvi
https://t.co/qYBMCup9i6
https://t.co/PRiaBfxQoM
@Al_Qa_qa Yep, generally dynamic vs. static types
Announcing the Solana Audit Arena ⚔️
A free, weekly security competition for Solana security researchers.
Every Monday I drop a new Anchor program, built using the safe-solana-builder tool and real-world DeFi implementation.
Why?
→ Junior researchers have no clear path to prove themselves
→ No practice ground with realistic Solana programs
→ AI is raising the floor; you need to be above it
https://t.co/WPbmlPiR3A
I Saved Injective's $500M. They Pay Me $50K.
I like hunting bugs on @immunefi . I'm decent at it.
- #1 — Attackathon | Stacks
- #2 — Attackathon | Stacks II
- #1 — Attackathon | XRPL Lending Protocol
- 1 Critical and 1 High from bug bounties (not counting this one)
Life was good. Then I found a Critical vulnerability in @injective .
This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk.
I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity.
Then — silence. For 3 months. No follow up. No technical discussion. Nothing.
A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either.
I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten.
I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve.
Full Technical Report: https://t.co/lki2tL9bxw
How is it possible that a call to address(1) returns data?
Precompiles
address(1) = call to ecrecover
transaction
https://t.co/oL2SOCuqUF
✨Introducing evmresearch✨✨
A knowledge graph of nearly everything I've learned about the EVM in the past six years
The graph structure emulates the brain, exponentiating research speeds for both humans and agents
https://t.co/974InOGRmw
I audited an OTC escrow protocol on @solana
3 Criticals + 4 Highs
Every single critical came from a different root cause
But they all shared the same origin:
the program made assumptions about accounts
it never actually enforced
#PeckShieldAlert The IoTeX[.]io Bridge @iotex_io has been hacked for over $8M worth of crypto due to a compromised private key.
The hacker has swapped the stolen funds to $ETH and has started bridging them to #BTC via #Thorchain.
![PeckShieldAlert's tweet photo. #PeckShieldAlert The IoTeX[.]io Bridge @iotex_io has been hacked for over $8M worth of crypto due to a compromised private key.
The hacker has swapped the stolen funds to $ETH and has started bridging them to #BTC via #Thorchain. https://t.co/uNWHzahk4F](https://pbs.twimg.com/media/HBrRZvKbgAAkRaA.jpg)
@Krevetk0Valeriy Goodness gracious
Last Seen Users on Sotwe
حصريات خليجية
Seen from United Kingdom
Mazhabi
Seen from Austria
Karımla Fanteziler.
Seen from Turkey
ROY AND DANA CPLZ
maaadre
Seen from Mexico
SERT SİKİCİ
Seen from Switzerland
やるっつえぶらっきん
Seen from Japan
homemade reposts (18+)
Seen from Brazil
I Love my Madure Dad
Daddy Leooo BKK
Seen from Thailand
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.3M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers