525 Photos and videos
Upgrade your hardware security this #WorldBackupDay.
Save $70 on the Lattice1 and get 7 FREE SafeCards. Each swappable card backs up and signs for a different seed phrase. That's 8 wallets for $329!
🗓️7 days only
🌏Free shipping
🤑No code needed
Only @ gridplus.io
7
3
13
999
Another supply-chain compromise is unfolding tonight, this time affecting Axios on npm.
If Axios is in your stack, audit your lockfiles now for axios@1.14.1, axios@0.30.4, and plain-crypto-js@4.2.1. Read the thread below and pin or roll back immediately if found.
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios has 100M weekly downloads. Every npm install pulling the latest version is potentially compromised right now.
Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that:
• Deobfuscates embedded payloads and operational strings at runtime
• Dynamically loads fs, os, and execSync to evade static analysis
• Executes decoded shell commands
• Stages and copies payload files into OS temp and Windows ProgramData directories
• Deletes and renames artifacts post-execution to destroy forensic evidence
If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.
1
4
16
2,375
The #WorldBackupDay (March 31) is a reminder that backing up data is crucial. Beyond crypto, it’s about protecting your digital keys, files and priceless memories.
Our hardware is resilient - make sure your backup strategy is too.
👀Stay tuned for our special offer on March 31!
2
8
596
🚨Security alert: widely used AI software LiteLLM, was hit by a supply chain attack.
The malicious code steals crypto wallet data, including Ethereum keystores, plus API keys, cloud credentials, SSH keys, and other sensitive files.
Installation alone can trigger it. 1/4
1
7
18
1,668
Today's AI tooling often sits on machines also touching money, infra, and sensitive credentials.
If your computer holds keys, everything on it impacts you crypto security.
Detail and sources:
github.com/BerriAI/litellm/i…
endorlabs.com/learn/teampcp-…
futuresearch.ai/blog/litellm…
4/4
5
520
A seed phrase is not a password you can reset.
If someone gets those 12–24 words, they can recover your wallet and move your funds. No legitimate service will ever ask for it.
Store it securely.
Keep it offline.
Treat it like the most sensitive credential you have.
3
15
890
Stop relying on words scribbled on a piece of paper - your wallet backup should be just as secure as the wallet itself.
GridPlus SafeCards are the safest way to store your seed phrase thanks to physical unclonable function (PUF) chips that provide the strongest secret storage mechanism available.
1
11
910
GridPlus retweeted
Feb 26
Gas abstraction is currently available for hot wallet and @gridplus hardware users.
The work is underway to enable these amazing features for all users, as @Ivshti recently highlighted on the community call.
We're looking forward to @Trezor @Ledger and other hardware wallets supporting EIP-7702 💜
1
1
14
771
Final hours to save $100 on the Lattice1! 💰
The sale ends tonight.
Grab yours at gridplus.io.
✨LUNAR NEW YEAR SALE IS LIVE 🧧
To celebrate new beginnings in the Year of the Fire Horse, we’re dropping a $100 discount on the Lattice1.
🎁 Each Lattice1 pack includes 3 free SafeCards.
⏳ 7 days only.
Shop at gridplus.io. No code needed.
4
10
1,084
GridPlus retweeted
Feb 20
Live now with the CEO of the best hardware wallet company around - Lattice1 by @gridplus
@0xMidnight on @leviathan_news
Enjoy!
x.com/i/broadcasts/1DxLdvveZ…
4
4
20
908
✨LUNAR NEW YEAR SALE IS LIVE 🧧
To celebrate new beginnings in the Year of the Fire Horse, we’re dropping a $100 discount on the Lattice1.
🎁 Each Lattice1 pack includes 3 free SafeCards.
⏳ 7 days only.
Shop at gridplus.io. No code needed.
1
1
11
1,957
A major campaign is targeting @SafeLabs_ multisig signers. The Lattice1 was created to protect against this.
Address labels on secure hardware can't be replicated remotely by attackers. A poisoned address shows up without your trusted label; with a glance you know not to sign.
Feb 6
🚨 Security update: large-scale address poisoning social engineering campaign targeting multisig users
We’ve identified a coordinated effort by malicious actor(s) to create thousands of lookalike Safe addresses designed to trick users into sending funds to the wrong destination. This is social engineering combined with address poisoning.
Important: this was not a protocol exploit, not an infrastructure breach, and not a smart contract vulnerability.
That said, we take reports like this extremely seriously, because the end result is the same: users’ funds may be at risk.
Etherscan reference (attacker factory used to deploy malicious Safes): etherscan.io/address/0x8b770…
With the help of SEAL911, Hypernative, and Blockaid, we investigated the attack pattern and identified ~5,000 malicious addresses. These addresses have been flagged as malicious via SafeShield (powered by our security partners) and are being removed from Safe Wallet’s UI, reducing the risk of accidental interaction.
Please note: similar schemes are easy for malicious actors to reproduce. It’s therefore critical to follow secure signing procedures, especially for high-value transfers (e.g., verify the full address, use an address book/allowlist, confirm recipients out-of-band, make a smaller transfer first).
Address poisoning and social engineering, like phishing, are evolving and persistent threats in crypto. Defending against them requires continuous investment in both detection and UX improvements that reduce human error.
For anyone unfamiliar with this attack pattern, we strongly recommend reading more here:
help.safe.global/en/articles…
Using address book in safe: help.safe.global/en/articles…
Using address book in spaces: help.safe.global/en/articles…
Stay vigilant: don’t trust—always verify full addresses, not just prefixes and suffixes. 🛡️
Huge thanks to SEAL911, Hypernative, and Blockaid for their rapid support.
5
2
11
1,019
We covered how the Lattice1's secure address verification could have helped prevent the $1.5B Bybit hack, which relied on the same fundamental weakness: signers unable to verify what they were approving on a trusted display.
gridplus.io/blogs/blog/how-t…
1
1
7
513
GridPlus retweeted
Feb 3
Teams appreciation post:
@ethereumfndn = lord's work
@gridplus & @Trezor = HW wallets
@ensdomains = usernames
@fileverse = private docs and sheets
@walletbeat = L2Beat but for wallets
@Dune = love them dashboards
@pimlicoHQ & @biconomy = beloved bundlers
@lifiprotocol & @SOCKETProtocol = powering swaps
@goodmorningdevs = amazing web3 builders
@swissknifexyz = tools & EIP-7702 support tracking
9
14
58
3,502
🚨 The website for Notepad , a code editor used by millions of devs, was compromised last year and has since directed some users to compromised installers.
Action: Manually install v8.9.1 from the official site.
Don't use auto-update on old versions.
notepad-plus-plus.org/news/h…
2
1
8
994
AI agents unlock countless possibilities for building on @Ethereum, but handing a bot private keys requires a hardened security posture.
Follow practical @OpenClaw security tips from this guide to minimize risk before deploying. Building is more fun without the worry! 🦞
Feb 2
We spent 48 hours researching security-first OpenClaw setups.
By the end of this guide you'll have:
- OpenClaw on a Pi via Tailscale
- Matrix E2E chat
- Prompt injection hardening
- No-log LLM provider
- Firewall habits for damage control
It's long but totally worth it.
2
2
13
1,958
