im waiting for the craziest new iteration of click fix to pop up based on this

@NeerajKA keeps deleting his replies so here’s my response to his series of excuses for Circle. CIRCLE is responsible for the things it builds and the decisions they make and the people they provide services too. Just like every other person and company in this space. In this situation EVERYONE ELSE ACTED to the respond to the incident and take the steps THEY COULD to mitigate the harm. Not because they were forced to. But because they could and they don’t want the hackers to fucking win. That’s the fucking difference and why Circles actions are fucking unacceptable. They could. Not only can they—they have a bigger staff and more money than every other one of these teams. And they chose not to. A lot of bridges can’t freeze. But they can block on the frontends or APIs. They can refuse to process transactions that are 100% stolen funds. AND IN THIS CASE EVERYONE DID EVERYTHING THEY COULD. EXCEPT CIRCLE. The frontends blocked. The bridges limited the SOL->ETH routes temporarily. The people who could freeze froze. Drift and Squads and security experts worked instantly to identify and contain the threat and ensure no further loss could be realized—to Drift AND to others. The only ones who sat and did NOTHING was Circle. They watched. As people alerted and worked together and said FUCK YOU to the hackers and tried to stop them, Circle sat in their ivory tower and said FUCK YOU to all the innocent people impacted. CIRCLE has decided that they don’t want to work together to make the world better. Fuck that. CIRCLE fucking CHOSE to keep servicing blatant fucking stolen funds via their stablecoin, their bridge, their frontend, their apis, their servers. For fucking HOURS. And then they made excuses for not acting after. No. That’s unacceptable. You are responsible for your actions. You don’t get to make excuses when you fuck up. Own it and be better or literally get the actual fuck OUT.

1/ Welcome to the Circle $USDC files. $420M in alleged compliance failures since 2022, including fifteen cases of the US-regulated stablecoin issuer taking minimal action against illicit funds.

Drift has been hacked. Lots of confusing information going around. I've taken a look at what's actually happening. The core attack sequence is just 3 transactions: 1. Create a new Drift User Account: solscan.io/tx/4xzb1AXSw45Q8S… 2. Deposit 500 Million "CVT" into Drift as collateral: solscan.io/tx/5V72ZK1WejP5Mh… 3. Withdraw Millions of real assets against the provided collateral: solscan.io/tx/2jCAE2SakEHtaZ… (and later transactions) Now, as it turns out, this CVT token was just created a few weeks ago. The core question: How did it become accepted collateral within Drift?

Cantina found a silent privilege escalation bug in @AnthropicAI Claude Code. No user interaction. No warning. Just clone a repo, and it's already too late. CVE-2026-33068 | CVSS 8.8 HIGH | Patched in 2.1.53 Breakdown below:

Proud to be a partner behind the @RevokeCash Extension, powering its coverage. Real-time transaction simulation, security warnings, and wallet theft reimbursement, all built in. A lot more to share soon.

full write up: vmfunc.re/blog/persona

Does @ProtonMail have an unpatchable email spam filter bypass by using an account's public PGP key? Every account has a public PGP key that can be used to encrypt emails. This prevents the service provider from reading the content, straight forward. But, this also means that spammers can use the same encryption to bypass content-based spam filters. I've never considered weaponizing PGP like this before. Am I missing something? - proton[.]me/support/download-public-private-key#how-to-download-your-public-key - proton[.]me/mail/privacy-policy#:~:text=We do NOT,Services and users

This involves $300M in stolen funds from a Trezor wallet victim, compromised through social engineering attacks. $100M in BTC $200M in LTC H/T to @zeroshadow_io, @tanuki, and @Bitcoin_Vietnam. They were able to trace, flag, and attribute the attack, so far $1M.

Solidity v0.8.31 is out! ✨ This latest version makes Osaka the default target for the compiler, extends storage layout specifiers, brings new deprecation warnings, Linux ARM builds, and more! Highlights in the thread! ↓🧵

Navigating relationships between contracts has always been way too hard and slow (dozens of tabs and chats). Not anymore, with the Herd contract visualizer - take any contract/transaction page and click "visualize" to see all the function and variable relationships.

I never really thought about it, but 3DNS isn’t its own registrar, it *partners* with Namesilo for registrations All the multisig and tokenization is just fancy account controls for what is a normal domain reseller. All the “security controls” can be bypassed since Namesilo actually controls everything under the hood Can high value projects use actual corporate domain registrars (Markmonitor, CSC) instead of whatever this is?