Technical details on how we made $10k/hr by mining $ORE via @bloXrouteLabs @jito_sol and GPUs.

[1/8] 🧵 @bloXrouteLabs @jito_sol [2/8] WTF is $ORE

ORE is a token on Solana with a mining program. One can claim ORE from the mining program by sending correct nonces (calculated by trying hashes) to it.

A mining tx looks like this:

😝 Here is the full disclosure of the Twitter XSS + CSRF vulnerability.

Clicking a crafted link or going to some crafted web pages would allow attackers to take over your account (posting, liking, updating your profile, deleting your account, etc.) On 12/11, @rabbit_2333 posted details about an XSS on the Twitter subdomain .

analytics.twitter.com

https://twitter.com/rabbit_2333/status/1734185386795205086

How to make $800k every day by rug pulling?

A tutorial 🧵[1/7] Create an ERC20 token, preferably with some funky names.

Some examples 👇

[2/7]

gg! Our fuzzer can solve all challenges automatically in <16hrs on single core with some fine tunings 🔥🔥

Will share the writeup

Try it out: github.com/fuzzland/ityfu…

https://twitter.com/dragonfly_xyz/status/1655366504626438144

And kudos to @publicqi for solving even faster than the fuzzer and using less gas

🈹 Stop buying #pepedao / #pipipump / #bobcoin, owner can rug you.

Scammer deployed >67 malicious tokens. These contracts are obfuscated and designed to bypass @GoplusSecurity & @Token_Sniffer's rugpull analysis.

~$300k funds have already been rugged.

#ScamAlert #rugpull twitter.com/i/web/status/1… @GoplusSecurity @Token_Sniffer So, what's going on?

1. The attacker uses "oowner" to define the owner so that analysis considers the contract has no owner -- really benign in the eye of static analysis! twitter.com/i/web/status/1…