I originally built this for a @CodigoPlatform bounty, but couldn’t submit in time. Rather than let it rot in my repo, I turned it into a learning resource for anyone building with @metaplex Core Repo: github.com/Worldkilas/mpl-co… @_Jiibal @A_d_e_m_o_l_a_

Happy 3rd Anniversary, @SuperteamNG I love bringing ideas to life and telling stories through my visuals. While capturing this. What started as a gathering became a story, and this video is my way of telling it. Cheers🥂. @kryptdou_ @_Jiibal

Cohort 4 is done, and the certificates are already landing in our students' inboxes. Congratulations to everyone who made it through! With that, we're officially opening applications for the Solana Rust Security Bootcamp (Cohort 5). A 6-week intensive in Rust and Solana security, built for engineers who want to move beyond writing code to identifying how real systems fail. > Supported by @SolanaFndn. > Free to join. > Only 125 seats. And this round comes with a little bit of spice. We're teaming up with industry leaders you wouldn't expect to see here 🤫 C5 starts June 22. Applications close June 18. We recommend applying early. Application form below (as always) 🦀

Solana's Most Wanted. Just got muppified for this week's Solana Ecosystem Call. Charge: negligent custody of a hardware wallet. It's time to muppify.us!

15 new Solana builders born every hour

This is insane. 19,000 hackers registered for Frontier by @colosseum since April 6, including 16,000 new. That's 15 new Solana builders born every hour.

SuperteamNG Weekly Community Call x.com/i/broadcasts/1dGYljZNg…

Congratulations to the winners of the "Xpend X Solana Video Content Bounty" 🥳🥳🥳 🥇 ($800): x.com/_Curmello/status/20490… 🥈 ($500): x.com/wizzy_nedu/status/2046… 🥉 ($200): x.com/blessedokerekee/status…

Learning & Building with metaplex ? check out this comprehensive repo done by Muhammad Fareed 👇

A training course with a @solana devrel is definitely something solana devs should look forward to. Let's go

Calling all cracked devs We're hiring a high agency Senior Backend Engineer for Solana Mobile - Strong TypeScript, Node.js, or Rust - Scale the Solana dApp Store Seeker - Build maintain REST and WebSocket APIs consumed by Android, Flutter, and Web clients More apply 👇

The winners from our build week hackathon at @blockhubafrica where we had talented builders, building and integrating our API’s into amazing products, in partnership with @SuperteamNG is now live!!!! Congratulations to the winners 🎉🚀 First position: @landryokoye18 Product: Paysted Second position: @GreazeMike Product: OneRaise Third position: @NnadiJoshuaC Product name: @Bushafluent

Open USD accounts, move stablecoins seamlessly, and enjoy a unified global banking experience on @evolutionapp_ 🔥 Now live on Play Store & App Store 📱

I traced your wallet on-chain. Here's exactly what happened to you and where your money went: 93 days ago — The drainer contract 0x612373D7003d694220f7800EeaF8E3924c0951D3was deployed on BSC by 0xA0BEDC61ff0312181B2A4E1aA233Dd1355105C6B. That same deployer wallet was funded by 0x8C826F795466E39acbfF1BB4eEeB759609377ba1 and has activity across 10 different chains. 73 days ago — You unknowingly handed over your wallet. You visited a phishing site disguised as a legitimate token swap and signed what looked like a normal COOKIE → USDT transaction and even received the USDT back so everything felt fine. But hidden inside that same transaction was an EIP-7702 delegation that allows a smart contract to execute transactions on behalf of your wallet. (See SCREENSHOT 1 & 2) Your wallet 0x8d3AaE7D140704cFaeEfe644C8e9C2698Df6C87e was now under full control of the drainer contract. No private key needed. You authorised it yourself without realizing it. My only confusion is that you said your wallet reportedly held $3k few days before the drain and the delegation was already active at that time. Why the attacker chose not to drain you when your balance was significantly higher is something that is confusing. May 14, 2026 09:18 UTC; When your $250 BNB arrived from MEXC the drainer contract executed instantly and sweeping your entire BUSD-T balance in one transaction. Your own wallet obeyed the instruction you unknowingly gave 73 days earlier. Funds were bridged from BSC → Solana via MetaMask Bridge. On Solana, your funds, now 8.2 SOL (~$730) landed at another drainer wallet 46qWcTVCEssE9ScUwProUoK3T3tkPsAD7XB8PhnSHzjy That drainer wallet was set up and funded by this operator wallet Hr1YJpJFwZjX1sxmGvHkqfaXaojdJofuuj9XofP3pXXg. which in turn was funded by B7Rh5ZRLhK7LafZJCGc5ijePu1NbrDMLMye5nMWtgN2w which is an old relay wallet. Unfortunately, the trail goes cold there. The drainer wallet 46qWcTVCEssE9ScUwProUoK3T3tkPsAD7XB8PhnSHzjy Immediately after receiving your funds, used 8 SOL to buy 106,013,446 VICE tokens on Pumpfun. (See SCREENSHOT 3) One second later, a coordinator wallet odinxpR9dju4gDwy7CEbmyTp2wBGVYxWw2HRG6FVaoP distributed SOL to be used as gas fees to 20 wallets including yours. Solscan has already flagged this address as a known spam duster. The remaining 0.2 SOL was used to buy over 2 million VICE tokens later. After much trailing, i discovered that the mastermind behind the whole thing is QVtWcAX3R7Cr51VhAxFSYntoCAmTQzK8Hf4R1TrKNQ4. It is connected to this operation via on-chain interactions with the drainer wallet and currently holds $3,100 in USDC and USDT alongside some meme coins. This wallet was funded directly from OKX hot wallet 50 days ago. (See SCREENSHOT 4). Whoever runs this operation has a verified identity sitting in OKX's database. As of right now this wallet is still actively seeding new drainer wallets every minute. Your stolen funds was used to buy 12% of VICE token supply on Pumpfun, making the drainer wallet the single largest holder. The operator wallet mentioned earlier also holds another 6%. They used your money to pump a memecoin. Check the VICE token on pumpfun; HcwLsRpU1Qgz34ou8vZg7tk8Vbhikrp6J6Qyf1Ywpump To everyone else reading this, check every transaction you sign carefully. EIP-7702 delegations are mostly invisible inside a normal-looking swap. Your wallet can be silently handed over to a hacker without you ever knowing.

A researcher spent three weeks reading a protocol's code. Found a critical vulnerability that could drain $40 million in user funds. Wrote a detailed report. Submitted it through the official bug bounty channel. The response came eleven days later: "We were already aware of this issue and have been working on a fix internally. As this was a known issue, it does not qualify for a bounty under our program terms." The protocol shipped the fix two weeks after that. The researcher received nothing. I want to tell you why this specific response is the most commonly used and least challenged form of dishonesty in the Web3 security ecosystem — and exactly why it works. The claim "we were already aware" is unfalsifiable. There is no public registry of what issues a team was aware of before a submission arrived. There is no timestamp system for internal security tickets that a researcher can verify. There is no mediation process requiring the team to provide evidence of prior awareness. The researcher cannot prove the negative. The team knows this. The economics make it worse. A $75,000 bounty on a $40 million protocol represents real money. The reputational cost of one disputed finding is manageable. The researcher has no platform with sufficient reach to make the dispute visible. The community will not investigate. The team moves on. Some teams genuinely do discover issues internally before external reports arrive. This happens and the timing is real. But when the same response pattern appears across multiple researchers reporting to multiple programs — and it does, with enough consistency that researchers have started documenting it publicly — the pattern becomes impossible to dismiss as coincidence. What protects researchers: timestamp everything before you submit. Screenshot your proof of concept. Document when you first discovered the issue. Use platforms with mediation processes. Publish a disclosure timeline you communicate to the team before submitting, so they know there is a clock running. What would fix this structurally: an industry standard requiring teams to timestamp internal security issues in a way that creates an auditable record prior to accepting external submissions. Not perfect. Significantly better than the current system where the team's word is the only evidence. What actually fixes it: protocols that pay because they understand the researcher's rational alternative, not because they feel obligated. The researcher in this story made a financially irrational choice to report responsibly. They received nothing for it. The protocol is still running. The user funds that the researcher protected are still in the protocol. Those users will never know. This is the Web3 security ecosystem as it currently exists. Most of the people who know it behave this way have decided it is not worth saying publicly.

I put together 1000 Reasons Why You should not Vote for Tinubu in the next election. 1000-reasons.vercel.app/ Good morning Nigerians.

Just remembered a certain oppressed land in the New World. Iykyk

I'll be attending the @solana ecosystem call here in Gombe, Nigeria. Looking forwarrd to connecting with all those attending

just used 9ja Checkr telegram bot to verify my drink's NAFDAC number lol works instantly try it: t.me/NaijaCheckrBot 9jaCheckr.xyz