sekuba

58 posts

sekuba

@sekubalias

resident dj at l2beatz

Diessbach bei Büren, Schweiz Bergabung Ocak 2024

818 Mengikuti128 Pengikut

sekuba@sekubalias·23m

even more diligent people audited the tornadocash frontend code from the proposal and found the exfiltration snippet, but only after it had passed want to become a diligent people? check out our guide: l2beat.com/publications/p… review of the hack + repro: github.com/sekuba/tornado…

English

sekuba@sekubalias·23m

the frontend got pwned by a malicious governance proposal (no. 44). the saddest part is that it affected the official tornadocash.eth domain, so even diligent people running their own rpcs and IPFS nodes got scammed.

English

sekuba@sekubalias·23m

may i interest you in the TornadoCash HACK?🗣️ It stole deposits and was only fixed after 2 months because nobody detected it.. but it's IMMUTABLE!? - not the ENS domain! how much? the hacker got free money laundering included because they stole directly from the private pool

English

301

sekuba@sekubalias·18h

@_Enoch @l2beat maybe it makes sense to actually put a CROPS table on the detailed pages

English

tim-clancy.eth@_Enoch·19h

@l2beat I have feedback on the "Source available" label; the O in CROPS is really about Free Software i.e. an OSI or FSF license. I think where there is a meaningful difference between the pools it might be meaningful to make this clear, i.e. TC license vs. RG license vs. PP license.

English

1.1K

L2BEAT 💗@l2beat·20h

Silence, vibe-dashboarders! Today, L2BEAT releases the Privacy page. We visited Ethereum's privacy protocols and scrutinized their CROPS 🌽.

English

221

34K

sekuba@sekubalias·4d

@nyxmoney @aztecnetwork would love to test, but your dms are premium gated

English

nyx.@nyxmoney·12 May

Incognito mode for Ethereum is live on mainnet! Powered by @aztecnetwork. We’ll be giving out more invite codes in the coming months. DM if you’re interested.

English

10.4K

sekuba@sekubalias·14 May

@tundra_greentea @mywebacy @bluechip_org @l2beat @HackenProof @Core3io @defiscan_info heell yeaa <3

English

vc (🇺🇦,📀) | priv/acc@tundra_greentea·14 May

Backing six projects in this Security QF Round. Don't always post about this, but glad to see this mechanic applied to risk & security. People usually only recall us when they are in trouble.. right when it's too late, in other words. Despite that, it's motivating to see people analysing, propagating, warning proactively, and not reactively. Also OSing their methodology, their know-how, their brainchilds, which is worth another praise. @kaereste @sekubalias @l2beat @buda_kyiv @Core3io @HackenProof @d0rsky @DmytroMatviiv @defiscan_info @TokenBrice @marcxvlad @maikaisogawa @mywebacy @bluechip_org @levitben @GarettJones @AmeyOnX Keep it up, for web3 anons and institutional buyers alike.

English

535

sekuba@sekubalias·14 May

@CatfishFishy youuuuuu better wait until we are done analysing your 67 contracts per token to make the trust assumptions clearer!

English

142

Fishy Catfish@CatfishFishy·14 May

How it started: How it's going: Protocols are fleeing LayerZero like East Germans did when the Berlin wall came down. The ticker is $LINK

Chainlink@chainlink

NEW: Leading crypto exchange @krakenfx is deprecating its legacy cross-chain provider and migrates to Chainlink CCIP. Starting with kBTC, all current and future Kraken Wrapped Assets will use CCIP for secure distribution across blockchains and global markets.

English

217

6.9K

sekuba@sekubalias·14 May

@envio_indexer you can play around with the full data on the site above, the explorer even allows you to query for any oapp security web and display its latest config covering all 54 chains :)

English

sekuba@sekubalias·14 May

lots of love to @envio_indexer for letting me slurp data from 54 chains for free for so long! links: #dvn-set-threshold" target="_blank" rel="nofollow noopener">sekuba.github.io/dvnstats/index… medium.com/l2beat/circumv… note that higher DVN thresholds are not a solution to the multisig problem

English

139

sekuba@sekubalias·14 May

indexoor did not stop indexing: hackers are better influencers than @l2beat

donnoh.eth 💗@donnoh_eth

what @LayerZero_Core means by "better money technology" and what they did in the 4 years they spent "reinventing how value moves": add third party intermediaries everywhere that can rug billions of $$ at any moment. 97.25% of crosschain packets are validated by 1/1 or 2/2 msigs.

English

987

sekuba@sekubalias·14 May

@RAILGUN_Project great wording lmaoo, how are users supposed to read '7d upgradeable by the 100M mcap dao' from that :D @l2beat will always have a job with this lvl of marketing brain posting

English

100

RAILGUN - Private Ethereum DeFi@RAILGUN_Project·14 May

RAILGUN's smart contracts have no admin keys and have never had any. There is no team nor individual that can change nor shutdown the protocol, no multisig can override it, and no custodian holds anything. This has been true since the contracts were deployed to the Ethereum blockchain in 2021. Every contract is public, open source and on-chain. Only trust privacy protocols that cannot be controlled by any one individual.

English

4.2K

sekuba@sekubalias·13 May

@MrCampbell @l2beat @gnosischain u got nice eth bridge sir?

English

Temu Brian Armstrong@MrCampbell·13 May

@l2beat @gnosischain Super cool! List us next!

English

391

L2BEAT 💗@l2beat·13 May

We just listed @gnosischain! This is part of our adjusted focus that started with interop and includes more blockchains than those fitting strict Ethereum L2 criteria. Gnosis Chain became of interest because of its strong similarity to Ethereum, not only its EVM execution environment but also its beacon chain and consensus mechanism. It also has a canonical bridge that secures over 300M USD-equivalent value. The recent announcement of the Ethereum Economic Zone (EEZ, @etheconomiczone) teases a tighter integration of chains that join it, possibly allowing synchronous interop between Ethereum and a future Gnosis Chain.

English

18.2K

sekuba@sekubalias·12 May

yay another basement DA great i will put it with my other basement DAs love it the institutions truly do be here and all they ever wanted was basement DA

Succinct@SuccinctLabs

Introducing data confidentiality to OP Succinct. Institutions can now keep transactions confidential on self-hosted infrastructure while settling to Ethereum for security and global liquidity. @0xPolygon is the first partner to add confidentiality to their stack with Succinct.

English

1.2K

sekuba me-retweet

Fishy Catfish@CatfishFishy·6 May

For the LayerZero defenders saying that Kelp should have been using a 2/2 DVN... The 2/2 DVN of LZ + Nethermind processed the most volume of any other security configuration for LayerZero. Head of BD at Solv protocol (LayerZero user) says there was a 94% admin overlap in the signers of those two different DVNs, which effectively means there was next to no additional security benefit even in a 2/2 DVN vs just using either as a 1/1. It was decentralization theater. "LZ Labs DVN — 24 admins Nethermind DVN — 17 admins 16 of those 17 Nethermind admins are also admins on the LZ Labs DVN — i.e. ~94% overlap. Anyone holding one of those 16 keys has admin power over both DVNs."

Catherine Chan@catwychan

TLDR on the KelpDao article on LayerZero: 1. The attack originated from inside LayerZero's core infrastructure, not RPC poisoning. 2. LayerZero Labs DVN and Nethermind DVN share a substantial ADMIN_ROLE set on-chain. I cant comment on 1/ (although very scary if true) However for 2/: I have taken a look at it personally since the exploit, and it is true: LZ Labs DVN — 24 admins Nethermind DVN — 17 admins 16 of those 17 Nethermind admins are also admins on the LZ Labs DVN — i.e. ~94% overlap. Anyone holding one of those 16 keys has admin power over both DVNs. Contracts: LZ DVN: 0x589dEDbD617e0CBcB916A9223F4d1300c294236b Nethermind DVN: 0xa59bA433aC34D2927232918ef5b2eaafcf130bA5 SolvBTC current status: all LayerZero bridges remain paused. We won't be reinstating LayerZero bridges until at least a 4/4 setup is in place, and we won't be choosing both LayerZero and Nethermind DVNs at the same time.

English

211

23.2K

sekuba@sekubalias·29 Nis

@ceterispar1bus we put hl back up for you :p l2beat.com/scaling/projec…

English

sekuba@sekubalias·22 Nis

ink is currently still paused and will be updated later to a new config 🫡 (talked to the team)

English

sekuba@sekubalias·22 Nis

2 unblocked **ink** peers i mean sorry, post-trauma

English

sekuba@sekubalias·22 Nis

did you forget ink's 2/2 of LayerZero and Nethermind? not blaming you if you did, almost impossible to monitor this brittle web in which every tiny misconfig (two per arrow) becomes a single point of failure.

ether.fi@ether_fi

LayerZero bridging for weETH is now live across all chains, with Liquid minting and redemption enabled. We've strengthened security by increasing DVNs from 2 to 4 and implementing stricter rate limits. The safety of our users is our number one priority. More updates as we turn services back online under the guide of our security partners.

English

486

Jelajahi

@_Enoch @l2beat @nyxmoney @aztecnetwork @tundra_greentea @mywebacy @bluechip_org @HackenProof