Wei Hup

2.3K posts

Wei Hup

Wei Hup

@_weihup

building @Alpha_InsightX | nerd @FissionLabs_ | member @superteammy opinions are my own😀 | prev @apubcc

Earth Beigetreten Aralık 2018
3.6K Folgt514 Follower
Wei Hup
Wei Hup@_weihup·
@eleesatt I must be too tired, thought i saw poker table ♣️
English
1
0
1
92
Eleesat
Eleesat@eleesatt·
I am just a girl 🌸🎀 and they are asking me stuff like Q2 Strategy 😭
Eleesat tweet media
English
12
0
83
2.1K
Wei Hup retweetet
Bundie
Bundie@BundieDefi·
Excited to announce that our smart contracts have been audited by @sherlockdefi. All findings were reviewed and resolved. Now you can bundle the best yields across multiple blockchains with even more confidence, whether you're building bundles yourself or plugging in your AI agents. Launching very soon. Watch this space.
Bundie tweet media
English
4
6
14
2.4K
Wei Hup retweetet
Shuyao Kong
Shuyao Kong@hotpot_dao·
Imagine some poor founder about to launch a product today, only to realize that CZ and Star are playing 过家家 with a billion green dollars. entrepreneurship is hardship
English
7
1
50
5.7K
Wei Hup
Wei Hup@_weihup·
@AaronCQL @weremeow U gonna work with how many companies and what’s the project name? “Project Meow Meow”?
English
0
0
0
66
AaronCQL
AaronCQL@AaronCQL·
Jupiter's next update might be too powerful to release publicly. The new routing algo is so good at finding routes it started swapping tokens that wasn't even launched yet... We even put it in a sandbox and it routed its way to Ethereum. It also identified a flaw in the Solana chain that had gone unnoticed for 420 days. Foundation has been informed. Out of an abundance of caution, we are withholding the update until further notice. Sincerely, The Jupiter Team
English
47
28
372
23.2K
Wei Hup
Wei Hup@_weihup·
My bad it’s @JupGlobal Honestly yall have too many accounts guys
English
0
0
0
13
Wei Hup
Wei Hup@_weihup·
@nikkideyy Im 23 and everyday feeling like running out of time
English
1
0
1
37
nikkideyy
nikkideyy@nikkideyy·
You’re 81. Relax. You have time.
English
8
0
55
1.1K
Wei Hup
Wei Hup@_weihup·
@TheFluffleNFT mega will give us that generational wealth we retiring our lineage on mega
English
0
0
0
106
The Fluffle
The Fluffle@TheFluffleNFT·
mega ico made us stable at the top kpi's made us baghold the bottom incentive campaign will kick off on war ending kpi's will hit exactly when macro flips bullish mega will take us to valhalla
English
24
11
157
5.1K
Zack Voell
Zack Voell@zackvoell·
Nobody wants the US to invade Iran more than the guy with $250 on Polymarket
English
53
171
5.5K
94.7K
Samurai Takedown
Samurai Takedown@SamuraiTakedown·
Im calling bluff on the ceasefire so I longed oil again
Samurai Takedown tweet media
English
65
19
1K
71.3K
Wei Hup retweetet
Stepan | squads.xyz
Stepan | squads.xyz@SimkinStepan·
An update on what we're focusing on with @multisig in light of the Drift incident last week. What we're building now: 1. A proxy program for v4 that lets you opt in to killing durable nonces for a specific signer. This removes the ability for pre-signed transactions to sit indefinitely waiting to be executed. 2. A dedicated protocol management multisig program with configurable template policies and a UI you can run locally. Built for teams that need tighter governance controls over admin operations. 3. Exploring clear signing with intents so signers can verify exactly what a transaction does before approving it (cc @Redacted_Noah). What's already available on v4 and can be set up by your team today: – Timelocks. You can set these up in Settings. They create a mandatory delay between proposal approval and execution. – Signer permissions. You can assign Propose, Vote, and Execute rights separately, so not every signer has the same level of access. – Multisig nesting. You can set up configurations where eg two separate multisigs are signers on a third. Adding a layer of operational separation. -Minimal UI. An interface on top of v4 that you can run locally (github.com/Squads-Protoco…). If you're unsure about your current setup or want guidance on how to configure any of this, DM us.
Squads@multisig

Our investigation into the @DriftProtocol incident remains ongoing. Early evidence points to two compromised signers on Drift's admin multisig, which were used to execute a transaction modifying Drift's program configuration. Squads programs were not compromised. We have also found no evidence of compromise to Squads infrastructure, though we are actively investigating to confirm this with full confidence. We will share further findings as they become available. Best Practices for Operationally Critical Multisigs Thresholds: Any multisig with operational or administrative control over a program should have a signing threshold of 3 or above. This requires an attacker to concurrently compromise multiple independent signers, significantly raising the difficulty of this type of attack. Where possible, signers should also be geographically and organizationally dispersed. Signers sharing the same location, devices, or org structure introduce correlated risk. Timelocks: Multisigs with program-level control should implement a timelock (can be set up in Settings of your Squads multisig). It won't prevent a malicious transaction from being proposed, but it creates a window to detect and reject it before execution. The tradeoff: timelocks also slow down legitimate emergency responses to bugs or active exploits, so teams should factor this into their operational setup. Alerts & Monitoring: We encourage all operationally critical multisigs to set up monitoring and alerts through our security partner @RangeSecurity. Range provides two key things: an alternative interface for independently verifying transaction content outside of the Squads UI, and proactive Slack alerts so signers are notified before a proposal moves forward. If you want help getting set up, reach out and we'll connect you directly. A high threshold, a timelock, and monitoring are the foundation for any multisig with program-level control. Signing Process: Signers should use dedicated devices and hardware wallets, never a general-purpose machine. Additionally, signatures are only valid for approximately 2 minutes each, so introduce at least a 2 minute delay between each signer taking actions to ensure signatures cannot be collected & bundled by an attacker. Always verify transaction content independently across all three available sources: the Squads UI, Range's alternative interface, and Solana Explorer or Solscan On Durable Nonces 
The Drift attack exploited durable nonces to collect signatures without time pressure, bypassing the 2-minute transaction expiry that would otherwise limit this type of attack. We are actively exploring ways to block durable nonce usage across all of our programs, both at the program level and through other enforcement mechanisms, to ensure this protection extends to our immutable programs V3, V4, and our current Smart Account Program. Beyond this, the broader Solana ecosystem is taking steps to address this at the protocol level, with a new transaction format that drops durable nonces as a feature entirely. We will follow up with more information on this soon.

Beyond Multisig, Operational Security Technical controls only go so far. Most high-profile compromises lately have been social engineering attacks targeting the people behind the keys, not the contracts themselves. If you are running mission-critical protocol operations, invest in your internal opsec processes and team culture accordingly, how proposals are initiated, communicated, and approved all matter. We recommend engaging dedicated security advisors. @zeroshadow_io and @0xGroomLake are trusted starting points, and we are happy to connect you directly.

English
18
32
207
30.9K
Wei Hup
Wei Hup@_weihup·
I honestly don’t know why anyone out here actually thinks u are capable of “noticing/finding/realising” spies that is most likely trained on a military level Even for people coming out of national security departments is hard af for them to spot “spies” in their country And we are just bunch of normal people trying to earn a living that wasn’t taught how to find spies in our 15+ years of schooling So as scary as it sounds, there’s absolutely nothing you can do about it unfortunately 🤷‍♂️
jussy@jussy_world

One of the craziest things I've seen in DeFi... - today Zach revealed that @elementaldefi had a North Korean IT worker on payroll for years - then @stabbleorg a protocol with $2M TVL saw the post and confirmed they had the same employee - they've now urged all users to withdraw liquidity immediately while a new team runs fresh audits A single North Korean contractor across multiple DeFi protocols And nobody noticed for years?

English
0
0
4
232
Wei Hup
Wei Hup@_weihup·
> Nations have spies planted literally for entire lives. If billions and trillions are at stake, that’s going to be the likely direction. Exactly, absolutely agree with this, even nations has spies all over the countries, and they still have troubles to identify too What more we are just bunch of commoners trying to make a living, and need go against these pro spy mtfkers
English
0
0
4
2.4K
Moo | Elemental
Moo | Elemental@moothefarmer·
Zach, I am not trying to virtue signal anything. I am saying that when people make mistakes (especially of this order of magnitude) they should at minimum apologize and take accountability for it. From the moment we found out about the Drift exploit, we communicated what we could and I answered questions from sad people, angry people, rationale people, irrational people. I didn’t want to do that; nobody wants to face an angry mob. But I did it because I knew it was the minimum that I should do. And yes, Elemental unfortunately had worked with Keisuke (or whatever his true name is) some time ago before eventually discovering he wasn’t who he claimed to be. But as you can see, even with that history, users never had to wake up to seeing losses on their account until this Drift incident. Maybe because we kept stuff isolated? Maybe it was pure dumb luck? I don’t discount that our favorable outcome took some stars aligning. I count my blessings all the time. But you can be damn sure that I would at minimum faced my users and kept them updated on whatever was going on and whatever we were going to do, accepting full accountability. I don’t think the crypto world is going to get safer. In fact, I think it’s going to get even more dangerous. As numbers climb higher, more elaborate schemes are going to get hatched. Nations have spies planted literally for entire lives. If billions and trillions are at stake, that’s going to be the likely direction. But we should at least have the humility to own up and apologize when we done messed up.
English
7
3
141
22.2K
Moo | Elemental
Moo | Elemental@moothefarmer·
/start_rant I’ve spent the last 4 years obsessing over one thing: --> Trust <-- Not marketing. Not TVL. Not hype. --> Trust <-- We designed Elemental’s architecture from the ground up with paranoia. Tight opsec. Conservative security assumptions. Even down to personal decisions, I’ve EVEN avoided unnecessary moderately "risky" activities (bungee jumping, skydiving, etc) because key-man risk is real in this space. That’s the level of discipline required. That's the level of sacrifice needed. And yet, none of that mattered when @DriftProtocol went down. Let’s be clear. This wasn’t just “a sophisticated DPRK attack”. That’s the EASY narrative. The raw truth is this: Basic security UTTERLY, ROYALY, DISGUSTINGLY, failed. A 2/5 multisig + signing devices freely downloading external apps? For a protocol managing hundreds of millions, that’s pure negligence. As your protocol grows, your security standards must scale faster than your TVL. Drift didn’t. The result? Countless users lost huge swaths of money. A number lost life savings. Many projects got hit and I know a handful probably will not survive this. Even seemingly unrelated protocols took damage: @kamino 's Sentora vault alone saw ~$220m exit in a flash. @JupiterExchange 's JLP dropped ~$160m. And the worst part? I’ve had countless users tell me they’re leaving DeFi entirely. Not just @solana DeFi. They're exiting DeFi entirely and going to put their money back in banks. That's insanity. We literally spent all of our effort trying to build a better future of finance, and then Drift bombed us back to the stone age. And I don’t even blame these users. Trust, once broken, is almost impossible to regain. Leadership matters most in moments like this. Mistakes happen. They always will. I’ll likely mess up somewhere, someday too. I am, after all, human. But silence? Deflection? Delegating responsibility instead of owning it? That’s a complete bankruptcy of character. @cindyleowtt has said almost nothing aside from: "Today has been an extraordinarily difficult day for Drift. I’m incredibly grateful for the outpouring of support from the community." No apology. No remorse. No accountability. @davijlu is even worse. Zero posts. They pushed everything onto their BD staff, Tracy, to handle communications. I’ve only heard from Tracy. Nothing from David. Nothing from Cindy. In fact, nothing from anyone in Drift’s leadership. This is a live masterclass in gross management failure. Utter incompetence. Realistically, given how DeFi operates and how most teams are structured, it’s unlikely there will be any meaningful legal recourse for users. I’m not a lawyer, so I could be wrong. But I do hope karma comes at them, full force. /end_rant
English
37
27
250
75.9K
Lee Robinson
Lee Robinson@leerob·
Life update... daughter #2 has arrived 🌸🌹
Lee Robinson tweet media
English
632
64
7.3K
127.9K
Wei Hup retweetet
junshen.sol
junshen.sol@_Junshen18·
At Cursor Cafe KL in Afloat Coffee Roaster with @nickwm from @cursor_ai 👀
junshen.sol tweet mediajunshen.sol tweet media
junshen.sol tweet media
English
2
2
25
1.2K
Nav Toor
Nav Toor@heynavtoor·
🚨 Andrej Karpathy thinks RAG is broken. He published the replacement 2 days ago. 5,000 stars in 48 hours. It's called LLM Wiki. A pattern where your AI doesn't retrieve information from scratch every time. It builds and maintains a persistent, compounding knowledge base. Automatically. RAG re-discovers knowledge on every question. LLM Wiki compiles it once and keeps it current. Here's the difference: RAG: You ask a question. AI searches your documents. Finds fragments. Pieces them together. Forgets everything. Starts over next time. LLM Wiki: You add a source. AI reads it, extracts key information, updates entity pages, revises topic summaries, flags contradictions, strengthens the synthesis. The knowledge compounds. Every source makes the wiki smarter. Permanently. Here's how it works: → Drop a source into your raw collection. Article, paper, transcript, notes. → AI reads it, writes a summary, updates the index → Updates every relevant entity and concept page across the wiki → One source can touch 10 to 15 wiki pages simultaneously → Cross-references are built automatically → Contradictions between sources get flagged → Ask questions against the wiki. Good answers get filed back as new pages. → Your explorations compound in the knowledge base. Nothing disappears into chat history. Here's the wildest part: Karpathy's use case examples: → Personal: track goals, health, psychology. File journal entries and articles. Build a structured picture of yourself over time. → Research: read papers for months. Build a comprehensive wiki with an evolving thesis. → Reading a book: build a fan wiki as you read. Characters, themes, plot threads. All cross-referenced. → Business: feed it Slack threads, meeting transcripts, customer calls. The wiki stays current because the AI does the maintenance nobody wants to do. Think of it like this: Obsidian is the IDE. The LLM is the programmer. The wiki is the codebase. You never write the wiki yourself. You source, explore, and ask questions. The AI does all the grunt work. NotebookLM, ChatGPT file uploads, and most RAG systems re-derive knowledge on every query. This compiles it once and builds on it forever. 5,000+ stars. 1,294 forks. Published by Andrej Karpathy. 2 days ago. 100% Open Source.
Nav Toor tweet media
English
128
370
3K
376.5K

Entdecken

@eleesatt @sherlockdefi @AaronCQL @weremeow @SherryYanJiang @aiDotEngineer @OpenAI @GoogleDeepMind