Anti-Spasti

So, something funny happened last night: First, I got a bunch of DMs from friends about how BIP 360 / P2MR wound up being cited in a major cryptography research publication by Google. Very cool! I post a tweet about it, go to sleep, then wake up and see it's already got a hundred likes. Nice! Then I check my X DMs. Apparently someone launched a Solana memecoin for #BIP360. So far I can tell they didn't allocate tokens, and then just kind of gifted me with some kind of fee reward mechanism on Pump.fun that I can claim using GitHub. I triple checked all domains and OAuth permissions, and consulted with my Solana dev friend @AdamBorco who runs a great service called @atomiqlabs to easily swap Solana ... sols? and real Lightning sats. I asked Grok about it and it was kind of impressed; how it was done was pretty clever. It says it's one of the cleaner, fairer launches of a memecoin on @Pumpfun, no massive insider distribution or allocation, so at least we got that going for us. This was actually pretty timely because I've been dealing with an illness that really knocked me out of commission for a good three weeks, and I'm just a contractor so I didn't get to bill for many hours at all. I have some savings for bills of course (all in on Bitcoin), but this does help a lot. I discussed this with @isabelfoxenduke and @Ethan_Heilman. Isabel thought it was funny, Ethan pretended I was joking, but we just kinda agreed to roll with it. I just figure, when something like this happens, you can either be a toximaxi and reject it as outright scammy, which certainly would be more principled, or I can just shrug and say, alright, well, there's now an army of degens who can incentivize themselves by promoting our work, I guess! Also, to be clear, this is not a joke (despite the proximity to April Fool's), and I have not been hacked. I will be updating bip360.org with something called a CA, I'm guessing that means contract address, so people can better tell which is the official BIP 360 memecoin. And also just so it's crystal clear: I did not launch a memecoin. Someone I don't know just did one out of the blue, gave me all the rewards from the trading activity on it, and I intend to use those to help support BIP 360 development and contributors, starting with an event at Vegas later in April. If you helped BIP 360 in some way, would love to buy you a beer. Also, this will be the last you will hear about this from me on my main feed. Going to try my best to keep the degen stuff in just the community: x.com/i/communities/… LET'S MAKE BITCOIN QUANTUM RESISTANT! ALL HANDS ON DECK!!

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.