Web3 Native Threat Intelligence.
Joined December 2022
- Tweets 266
- Following 152
- Followers 1,281
- Likes 390
16 Photos and videos
Mar 17
Earlier today, we flagged a VS Code extension (rphlmr.vscode-drizzle-orm) based on 21 critical YARA hits from vsix-audit.
After manual inspection and deeper analysis, inspecting the .vsix, and reversing the WASM binaries, we’ve confirmed this is a False Positive.
1
238
Mar 17
- The SOL wallet identified was actually a character property table in the Oniguruma regex engine.
- The "Dropper" patterns were standard Emscripten/LLHTTP boilerplate.
- The "Stealer" hits were bundled dotenv and undici dependencies.
1
119
Mar 17
Takeaway: Automated scanners are essential for flagging capabilities, but manual verification is the only way to determine intent.
We acted quickly in hopes of preventing harms, but in this case, we were mistaken.
We've removed the post to avoid any confusion (sorry!).
1
100
BLOCKMAGE retweeted
7 Aug 2025
1/ I've been doing some research into how Unity Packages (similar to Node or Pip packages) could be weaponized for malware delivery
Let me tell you, it doesn't exactly look good... 🧵
4
3
19
4,081
BLOCKMAGE retweeted
17 Apr 2025
Links:
CVE-2025-31201: Apple
CVE-2025-31200: Apple and Google Threat Analysis Group
macOS Sequoia 15.4.1:
support.apple.com/en-us/1224…
iOS 18.4.1 and iPadOS 18.4.1:
support.apple.com/en-us/1222…
visionOS 2.4.1:
support.apple.com/en-us/1224…
1
2
3
686
BLOCKMAGE retweeted
17 Apr 2025
No excuses.
These are live use, not theoretical CVEs.
Apple doesn’t push same-day cross-platform updates and delete vulnerable code unless the stakes are real.
Stay sharp. Patch everything. Watch your traffic. 🧙♂️
1
1
3
345
BLOCKMAGE retweeted
14 Dec 2023
July 2023 #TornadoCash exit worth 1,400 ETH ($2.6M)
Exit via 100 ETH Contract, swaps for USDC, heads out over the Synapse bridge, to Polygon 0xc09d3c2 and get gambled away at @Stake. I see this fairly often when analysing TC.
Tool: @MetaSleuth
4
5
21
6,871
Community Alert: There is currently a fake @Ledger Live app on the official @Microsoft App Store which was resulted in 16.8 BTC ($588K) stolen
Scammer address
bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q
334
1,524
3,887
1,087,882
BLOCKMAGE retweeted
19 Oct 2023
This is another MakerDAO deposit. Now, I dont understand the exact mechanics of this, but after a bit of digging, funds seem to get withdrawn from Maker as USDC and deposited into Coinbase
x.com/0xFantasy/status/16977…
2 Sep 2023
seems that it was a deposit into maker. call trace and debank show it properly, but etherscan doesnt for some reason
docs.makerdao.com/smart-cont…
3
2
6
2,268
It's release time 🎃
- Responses can now be intercepted and modified
- Delete requests from HTTP History
- [Pro] Import/export your projects using our new "backups" page
- [Pro] Add shell commands to your convert workflows with the new "Shell" node
github.com/caido/caido/relea…
1
10
77
11,514
BLOCKMAGE retweeted
15 Sep 2023
GM GMers! Tagging people who do great work in this space but I feel are not shown enough love!
Go follow ⬇️
@CryptoaaService @WoAS_Necksus @0xFantasy @0xSaiyanElite @1c4m3by @Plumferno @BlockMageSec @boringsecurity @brookejlacey @ManicalEngineer
Who did I miss? Tag them!
6
4
17
2,004
BLOCKMAGE retweeted
18 Aug 2023
Introducing the Pocket Guardians
They've already saved *hundreds* of you from dangerous websites
Here's a quick intro ⬇️
24
52
178
16,930
BLOCKMAGE retweeted
18 Aug 2023
3/
- @1c4m3by is a security researcher who's already blocked hundreds of scams
- @OxSaiyanGod is a security researcher from @BlockMageSec
- @plumferno works at @opensea's trust & safety team and founded @Server_Forge
5
3
33
4,429
dprk once again rekting you via the platforms you use: github, slack, tg, npm.
not checking email won't protect you anymore. 😭
admin keys and build/deploy systems gunna end up pwnd by this campaign.
gl & rip.🪦
github.blog/2023-07-18-secur…
12
59
186
51,729
Announcing The Arkham Airdrop: a distribution of rewards to our early users!
Users can now convert their points exclusively on the Arkham Invite Dashboard.
Beware of scammers: Only trust info from @arkhamintel verified on Twitter, only claim via Arkham, and double check URLs.
546
868
2,747
2,022,993
BLOCKMAGE retweeted
9 Jul 2023
Yesterday, we received reports of people seeing unknown approval transactions in their transaction history.
It turns out that this is a new scam where scammers use so-called gas tokens to steal money when victims revoke these "fake approvals".
175
1,922
3,597
1,486,021