Maksim Hapeyenka

@pashov smart users could never fully trust upgradable contracts anyway 😄 But yea, this is scary af, AI is too disruptive.

Web3 Security Horror Story Time A protocol gets reported a Critical vulnerability. They immediately patch it with a code fix and push it on-chain to their upgradeable contracts. A MEV bot picks up the "code fix" transaction before it is validated into a block, re-engineers the vulnerability with AI and front-runs the upgrade patch with an exploit. Upgrade passes successfully, the exploit before it as well. You just exposed the fix of a Critical vulnerability to an untrusted actor. AI allowed seconds to be enough to deduct a vulnerability from a patch. You can argue AI is dumb, sure. But you can't argue AI is not fast - and that it can't be even faster. Upgradeability and MEV bots become an attack vector with time. I challenge you to say how this can be safely secured.

@karpathy Why can't package managers (cargo, maven, npm, pip, nuget) integrate AI to do a quick dependency tree check automatically on every dependency update? Or is AI too expensive for that as of now?

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

@CheetahAi Not linux related, but would be cool if after AI changes during Diff review (red Reject and Greed Accept) the red text would wrap to fit into the window, just like green text. Sometimes have to click "Reject" to see full red text, then CMD+Z to undo.

Linux build will be out soon, any specific features request below 👇

Every retweet of this post will equal a dollar given to children with Leukemia.

@CheetahAi mac

What is your primary machine mac or linux ?

@CheetahAi nice, congratz!!

Cheetah AI is thriving !! Road to 1K+ users and $1k+ MRR

$NAT FAQ ➡️All in one place. Key questions around $NAT, with links to detailed threads. We’ll keep adding new links in the comments. Feel free to point out anything we’ve missed. Bitcoin & Security • Bitcoin’s security trilemma, influenced by $NAT 🟰 x.com/MrRosc/status/… • Can a single billionaire buy >50% of Bitcoin’s hashrate and sabotage the network? • And if so, why stop playing by the rules if honest mining is already profitable? 🟰 x.com/MrRosc/status/… • Do you really think a Bitcoin system that depends on a secondary token can work? 🟰 x.com/MrRosc/status/… Mining, Incentives & Supply • Why does a mining pool selling $NAT push the price up, not down? 🟰 x.com/MrRosc/status/… • Inflation of the $NAT token. Is it really a problem? 🟰 x.com/MrRosc/status/… Demand & Value • Is there any real point in holding $NAT? • If miners sell anyway, why buy? • What about distribution, insiders, and “premine” concerns? 🟰 x.com/MrRosc/status/… • Where does that durable external demand come from? 🟰 x.com/MrRosc/status/… Criticism & Skepticism • “$NAT has no utility. It doesn’t secure #Bitcoin. It’s created out of thin air.” • “It just subsidises miners and needs constant new buyers.” 🟰 x.com/MrRosc/status/… • “This is just an experiment, not a finished product.” • “Until real demand appears, miners only add sell pressure.” 🟰 x.com/MrRosc/status/… • The core point of divergence: “No utility. No demand driver. Just another token or a memecoin.” 🟰 x.com/MrRosc/status/… • “Why buy $NAT at all if #BTC already solves everything?” 🟰 x.com/MrRosc/status/…

Join us tomorrow for a frank and level-headed discussion/debate about dmt/ordinals/art/BTC and where it’s all headed. Featuring @BirthCreator and I trying to DMT pill @vivid_ordinals. Set a reminder for my upcoming Space! twitter.com/i/spaces/1vOxw…

Happy birthday Ordinals.

@oldschool711 Happy Birthday!!!

King @kingpunkape got a bad food poisoning, but I still decided to host a short one alone! Feel free to jump in! :) Co-hosts welcome. x.com/i/spaces/1BRJj…

Trac Doom is now listed on itch.io for download - easy installation available now! "It's like a good old LAN party, but without all the cables" -- The Doom Guy, 2026 tracsystems.itch.io/trac-doom

@bluntyzombie @kpmoon 🍊

Bitmap maps it into a digital landscape. One block = one district. It’s a simple, elegant standard for a truly interoperable metaverse. The metaverse doesn't need to be complicated. It just needs the right foundation. No walled gardens. Just pure, decentralized ownership. The base layer is orange. 🟧

Ordinals convert blockspace into memory. Memory is what civilizations protect first. ₿itcoin protects memory economically. This is unprecedented.

@TRACaveMan I need to get deeper into DAGs and TRAC network. They are really interesting, but maybe they are even more, than visible from the surface.

Ethereum hasn't fully cracked the blockchain trilemma yet—even post-Fusaka (live Dec 2025), PeerDAS boosts short-term DA via sampling & erasure coding, but permanent monolithic on-chain storage remains expensive & unscalable. Vitalik's been on DA since ~2015, but real fixes took time. Solana's a prime example: insane TPS = massive data growth (TB/month), archive nodes cost tens of thousands $/mo, rent/experiments help but don't solve long-term permanence. More hardware (Earth or space 🌌) just delays the inevitable—data explodes faster than Moore's Law. Real solution? Architectural rethink. Enter $TNK — Trac Network's token for a headless crypto L1 revolutionizing p2p/local-first apps (check their Doom multiplayer demo: fully decentralized, no subs/servers). No heavy ledger burdens, efficient validation/distribution without monolithic costs. Ethereum (and others) could run way more efficiently layered on Trac's foundation. Deep tech? Google "headless architecture" 👀 @tracnetwork #Crypto #Blockchain #Solana #Ethereum #Web3

@bluntyzombie @dmtnatcats @TheRoyals_DMT @OUTRstudios @natgmi lol

The reports of Ordinals death have been greatly exaggerated! Some people do #NAT know better. Blue's Comedy Show - Episode 1: TEST @dmtnatcats @TheRoyals_DMT @OUTRstudios @natgmi

@bluntyzombie @TheRoyals_DMT Thanks Bluntie, happy new year!

Happy New Year! 🎆 Wishing you all the best for 2026. No matter what, up or down. Keep it ROYAL. Stay LOYAL. 👑 @TheRoyals_DMT

@TracNetwork @NeonLotts that's awesome

This is very cool! A visual explorer for @TracNetwork built by @NeonLotts 👏

@TracNetwork oh!

Every answer to yesterday’s post missed the point 👀 Users don’t execute their own transactions. They’re forced to grant permission to validators they don’t know, who execute them on their infrastructure. P2P Trac apps let users execute transactions themselves on their device.

@MrRosc happy holidays!

I’m dialling down the seriousness of my X account a bit. Less than two weeks until the New Year, and we’ve finally had our first real snowfall❄️ You can’t really tell from the photo, but the cat is genuinely happy about the snow😆 OP_CAT has already been activated At least for him🤓 Wishing everyone a nice end to the year🥳