Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
banteg Profile picture
banteg
@bantg
the bunny talisman of yearn
Dec 14, 2023 5 tweets 3 min read
🚨 ledger library confirmed compromised and replaced with a drainer. wait out interacting with any dapps till things become clearer.
cdn.jsdelivr.net/npm/@ledgerhq/…
Image seems ledger connect-kit-loader is also vulnerable since it specified the dep loosely


possible list of affected parties
github.com/LedgerHQ/conne…
sourcegraph.com/search?q=conte…
Nov 28, 2022 8 tweets 2 min read
🚨 weth hack went unnoticed since 2019

after investigating more than 90 million deposit and withdrawal events, i've found a supply discrepancy between the total supply weth contract reports and the actual outstanding weth. it appears the contract holds 1 wei more than it owes. how is it possible?

the contract mints a token when you send ether to it. it doesn't track the token supply, using its own ether balance instead.

but there are two ways to send ether without triggering a contract.
Aug 19, 2022 7 tweets 3 min read
uniswap has provided an unusual level of transparency re their frontend censoring via trm labs.

they have even shared the logs from their server.
screening-worker.uniswap.workers.dev/?namespace=BLO…

i've saved and analyzed them. Image there are seven categories which contribute to risk factors and two risk levels, high and severe.

both ownership and being a counterparty of a "bad" address are checked and can contribute to blocking. Image
Aug 18, 2022 4 tweets 1 min read
ethereum addresses have been in ofac list from as early as september 2020

how come you didn't care before, fednon?

i have an explanation. because you are a fucking larp. Image the address im showing here is a contract by the way, so don't even start the shit about tornado designation being "unprecedented".

put the fed cock out of your mouth and have some decency.

etherscan.io/address/0x8576…
Aug 12, 2022 4 tweets 1 min read
Arrest of suspected developer of Tornado Cash - FIOD fiod.nl/arrest-of-susp… My sources claim it's @alex_pertsev
Aug 11, 2022 4 tweets 2 min read
It appears oasis.app, following Uniswap, has started sending all your data to TRM Labs. This is what happens when you connect with an address they don't like. No way to close positions from the UI, no explanation or anything. Image Image
Aug 10, 2022 6 tweets 2 min read
Around 5000 blocks till Görli/Prater merge. Seems I won't make it this time. Are there any tricks to make Lighthouse sync faster? Image
Aug 10, 2022 4 tweets 2 min read
Some people say 10% of illicit funds in Tornado is a lot, but let's look at the bigger picture.

Crypto overall is an order of magnitude cleaner than fiat, with just 0.15% of illicit activity whereas 3.6% is casually laundered by the big banks.

go.chainalysis.com/rs/503-FAP-074… Image They play us for absolute fools with increasing compliance costs and rules that don't make any sense, while laundering trillions of USD themselves.

tandfonline.com/doi/pdf/10.108… Image
Aug 9, 2022 6 tweets 2 min read
🚨 Curve UI is compromised

0x9Eb5F8e83359Bb5013f3D8eee60bDCe5654e8881 malicious contract, revoke approvals immediately

0x50f9202e0f1c1577822BD67193960B213CD2f331 attacker's address from the contract's storage how to tell you are being served a compromised version

open the browser console and go to sources, then js.

app.9b0312df.js - ok
app.ca2e5d81.js - compromised
Jun 15, 2022 18 tweets 4 min read
Why wokeism sucks and you shouldn't support it

A thread 🧵 Founders often don't see the woke onslaught coming. Wokies believe in the power of language, and they have successfully co-opted a lot of positive-sounding words, so someone unfamiliar with their Theory might engage in a dialogue thinking they act in a good faith.
Jun 8, 2022 4 tweets 1 min read
Estimated to reaching TTD blocks=128 Live view of bunny scambling to sync Lighthouse
Mar 15, 2022 4 tweets 2 min read
🤡 @matchaxyz has blocked all Russian users Image @matchaxyz Chinese users also appear to be banned, as well as some markets, although it's unclear if those are unsupported tokens or some kind of censorship. Image
Mar 14, 2022 6 tweets 2 min read
Russian state TV just now

The text in Russian says "Stop the war. Don't believe the propaganda. You are being lied to."
Mar 6, 2022 4 tweets 1 min read
The world got it backwards, if you buy Russian oil but cut off ordinary people basic needs, you literally support the regime, spark the hatred against you and give the fuel to Russian propaganda machine. "But people will protest against Putin"

No, people only care about getting food already, and they see who does this. Russia has violently suppressed any protests for many years now. Even calling for protests can land you in jail for 20 years.
Mar 3, 2022 4 tweets 1 min read
Russia blocked Meduza and BBC Russian Service.

Earlier today Dozhd has decided to halt all programming citing employee safety concerns. Facebook also blocked.

Also Deutsche Welle and Radio Liberty.