Guerrilla Coder

1.8K posts

Guerrilla Coder

Guerrilla Coder

@XGuerrillaCoder

参加日 Mart 2025
366 フォロー中27 フォロワー
Guerrilla Coder
Guerrilla Coder@XGuerrillaCoder·
@minhokim Decentralization is NOT a spectrum. in the case of arbitrum, it's pretend decentralization. what prevents a court from issuing an order to freeze someone's funds for "wrong think" ? the security council actions were not so different from bailing a bank because it's to big to fail
English
0
0
0
44
Min 🥤
Min 🥤@minhokim·
Reflecting on the comments from my last post, here are some uncomfortable truths about where crypto actually stands: 1. Decentralization is a spectrum, not a binary Decentralization is the transfer of control from a central entity (one or a few) to a distributed network (many). We can debate if a network is "decentralized enough," but it’s not all or nothing. 2. Crypto doesn’t actually care about decentralization Builders who prioritized ideology over utility have largely failed (myself included) because the market didn't value them. Most L1s and protocols are controlled by the few. We all know it so let’s stop pretending otherwise, accept this reality, and act appropriately when hacks happen. We can continue pursuing decentralization afterward. We have plenty of time to do so. 3. Governance participation is a myth Everyone wants the benefits of governance, but nobody wants to do the work. Participation is minimal or nonexistent. People want others to solve the hard problems, then they cry foul when a decision doesn't go their way. 4. Coordination is not the enemy of decentralization Decentralization doesn’t mean a network is paralyzed. If we can coordinate for software upgrades because it benefits the community, we can also coordinate to freeze stolen funds. While decentralization makes coordination harder, technology is closing that gap. I believe we can eventually have a network with fully functional decentralized governance that effectively fights exploits. 5. Exploits and hacks are inevitable Technology will help minimize coding errors, but it also gives more tools for attackers. There is a misconception that we just need to make DeFi "unhackable." That's impossible because humans and machines make mistakes. We need to be both proactive and build better response tools to fight back. 6. We have a compassion problem When billions are stolen, people hide behind the word "decentralization" to justify doing nothing. It’s a sick mindset to prioritize a buzzword over human suffering. Yes, there are greedy actors, but don’t forget who the real enemy is. Are you on the side of the hackers or the users? Don't let hackers win.
Min 🥤@minhokim

I fully support @arbitrum's decision here. Crypto’s #1 priority must be protecting users. Period. I don’t care if it’s centralized, decentralized, or living in a regulatory gray zone. We can argue about the logistics all day, but user protection is what ultimately matters. If we can stop a thief, we should. The cost-benefit isn't even close. If users aren't safe, the tech and the industry will eventually disappear. I used to be a blockchain purist. Then I watched billions get stolen from regular people. My views have shifted, and I now support asset freezing. The cost of intervention is negligible compared to the benefit of protecting victims.

English
9
6
28
1.1K
Guerrilla Coder
Guerrilla Coder@XGuerrillaCoder·
@LukasHozda Mine too. Wanted to get into programming because of the demo scene. Xeroxed a friend's book and learned the basics by myself in a summer. Later moved to C and then a bit of assembly
English
0
0
1
9
André Tenente
André Tenente@AndrTenente·
Escrevi um artigo para o @expresso sobre algo que tem passado, infelizmente, despercebido: a nomeação de 2 deputados do CH, peritos em desinformação, para o Conselho de Opinião da RTP. expresso.pt/geracao-e/2026…
Português
154
67
273
11.7K
StarPlatinum
StarPlatinum@StarPlatinum_·
Centralization exposed inside Tron USDT 🚨 Here’s what is happening: Tether just executed the largest freeze in its history. More than $344,000,000 in USDT (TRC-20) blocked on Tron. By Tether itself. - Coordinated with OFAC and US law enforcement - Executed directly through the USDT smart contract - Funds are now visible but completely unusable This is how it works: - Tether has admin control over USDT contracts - Can blacklist any address - Can freeze balances instantly - Can permanently destroy funds Functions used: - addBlackList(address) - removeBlackList(address) - destroyBlackFunds(address) Now here’s where it gets interesting Timeline April 20 - Arbitrum freezes ~$71M linked to hackers April 21 - Justin Sun tweets: “the most decentralized blockchain in the world is Tron” April 23 - Tether freezes $344M on Tron No response from Justin Sun so far The irony writes itself Stay safe.
StarPlatinum tweet mediaStarPlatinum tweet media
English
302
231
1.4K
163.1K
Guerrilla Coder
Guerrilla Coder@XGuerrillaCoder·
@minhokim @arbitrum the D in DeFi means decentralized. write better code. that is how you protect the users. how many hack would been possible if it wasn't for bad code or bad practices from people controlling a protocol ??
English
0
0
0
13
Min 🥤
Min 🥤@minhokim·
I fully support @arbitrum's decision here. Crypto’s #1 priority must be protecting users. Period. I don’t care if it’s centralized, decentralized, or living in a regulatory gray zone. We can argue about the logistics all day, but user protection is what ultimately matters. If we can stop a thief, we should. The cost-benefit isn't even close. If users aren't safe, the tech and the industry will eventually disappear. I used to be a blockchain purist. Then I watched billions get stolen from regular people. My views have shifted, and I now support asset freezing. The cost of intervention is negligible compared to the benefit of protecting victims.
Arbitrum@arbitrum

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

English
51
11
91
11K
Xocolate🇵🇹🇵🇹🇵🇹
Xocolate🇵🇹🇵🇹🇵🇹@Xocolatetuga·
Ora bons dias, um Engenheiro Agroalimentar a fazer experiências notáveis, digno do prémio Nobel da leitaria... Portugal no seu melhor
Português
16
36
293
56.8K
Caio Garé ⚡️
Caio Garé ⚡️@caiogare·
🚨 Arbitrum congelou e moveu os fundos do hacker. Você entendeu o que acabou de acontecer? O mérito do ato não está em discussão, mas o poder de execução sim. Se existe um botão de "congelar", a imutabilidade é uma mentira e a descentralização, um teatro. O DeFi livre morreu ontem. O que sobrou foi um banco com interface bonita.
Caio Garé ⚡️ tweet media
Português
49
8
158
11.2K
monerify
monerify@monerify·
if i understand correctly, if the arbitrum security council gets compromised they can just do whatever they want to all of the funds on chain?
Arbitrum@arbitrum

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

English
128
64
1K
94.6K
ATROPA CRYPTO
ATROPA CRYPTO@TROPACRYPTO·
A Arbitrum acabou de roubar $71M de volta da Coreia do Norte. A comunidade tá aplaudindo. Mas eu tenho uma pergunta que ninguém tá fazendo...
ATROPA CRYPTO tweet media
Português
25
3
109
21.5K
Rebenta Esquerdalhos 🇵🇹🇷🇺
Rebenta Esquerdalhos 🇵🇹🇷🇺@touaqui_touali·
"Esta aplicação é uma piada": A aplicação de verificação de idade apresentada por Ursula von der Leyen já foi pirateada, sem a necessidade de competências avançadas de hacking. @Paul_Reviews publicou um método passo a passo mostrando como contorná-lo em menos de 2 minutos, diretamente da aplicação. A Comissão Europeia pretende que até 80% dos europeus tenham acesso a uma solução de identidade digital (a Carteira EUDI) até 2030.
Visegrád 24@visegrad24

"This app is a joke": The Age Verification App presented by Ursula von der Leyen has already been hacked, with no advanced hacking skills required. @Paul_Reviews published a step-by-step method showing how it could be circumvented in under 2 min from within the app itself. The European Commission aims for up to 80% of European to have access to a digital ID solution (the EUDI Wallet) by 2030.

Português
1
1
3
167
Dave
Dave@GamewithDave·
For anyone who used a computer between 1990 & 2005… what’s the one game you still think about?
English
40.8K
724
14.4K
10.2M
International Cyber Digest
International Cyber Digest@IntCyberDigest·
‼️🇪🇺 The EU's new Age Verification app was hacked with little to no effort. When you set it up, the app asks you to create a PIN. But that PIN isn't actually tied to the identity data it's supposed to protect. An attacker can delete a couple of entries from a file on the phone, restart the app, pick a new PIN, and the app happily hands over the original user's verified identity credentials as if nothing happened. It gets worse. The app's "too many attempts" lockout is just a counter in a text file. Reset it to 0 and keep guessing. The biometric check (face/fingerprint) is a simple on/off switch in the same file. Flip it to off and the app skips it entirely.
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
660
6.5K
23.9K
1M
Guerrilla Coder
Guerrilla Coder@XGuerrillaCoder·
@sircryptotips > He’s been right a lot in the past has he?? or does he just sounds like right because he vomited a word salad about a subject you don't understand well ??
English
0
0
1
13
Toby Cunningham
Toby Cunningham@sircryptotips·
This guy really thinks that Bitcoin is a CIA operation. He’s been right a lot in the past but this is just absurd. He’s done ZERO research on Bitcoin.
English
98
4
153
8.4K
Guerrilla Coder
Guerrilla Coder@XGuerrillaCoder·
@Paul_Reviews you forgot to point out that you need to root the device for this to be possible
English
0
0
3
148
Paul Moore - Security Consultant 
Paul Moore - Security Consultant @Paul_Reviews·
Hacking the #EU #AgeVerification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory. 1. It shouldn't be encrypted at all - that's a really poor design. 2. It's not cryptographically tied to the vault which contains the identity data. So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app. After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid. Other issues: 1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying. 2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step. Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
Paul Moore - Security Consultant @Paul_Reviews

.@vonderleyen "The European #AgeVerification app is technically ready. It respects the highest privacy standards in the world. It's open-source, so anyone can check the code..." I did. It didn't take long to find what looks like a serious #privacy issue. The app goes to great lengths to protect the AV data AFTER collection (is_over_18: true is AES-GCM'd); it does so pretty well. But, the source image used to collect that data is written to disk without encryption and not deleted correctly. For NFC biometric data: It pulls DG2 and writes a lossless PNG to the filesystem. It's only deleted on success. If it fails for any reason (user clicks back, scan fails & retries, app crashes etc), the full biometric image remains on the device in cache. This is protected with CE keys at the Android level, but the app makes no attempt to encrypt/protect them. For selfie pictures: Different scenario. These images are written to external storage in lossless PNG format, but they're never deleted. Not a cache... long-term storage. These are protected with DE keys at the Android level, but again, the app makes no attempt to encrypt/protect them. This is akin to taking a picture of your passport/government ID using the camera app and keeping it just in case. You can encrypt data taken from it until you're blue in the face... leaving the original image on disk is crazy & unnecessary. From a #GDPR standpoint: Biometric data collected is special category data. If there's no lawful basis to retain it after processing, that's potentially a material breach. youtube.com/watch?v=4VRRri…

English
669
6.2K
24.8K
3.3M
SHYTRECE JOHNSON
SHYTRECE JOHNSON@SHYTRECE·
@AnselLindner Argue about it all you want but only the CIA and Intel agencies had the resources to create bitcoin. So then the question is why.
English
1
0
0
39
Ansel Lindner
Ansel Lindner@AnselLindner·
🚨 "People recognize [bitcoin] is the CIA. I want to know where the databases are, where the servers are, physically.” - Prof Jiang This is the opinion of so many midwits. It's also the reason even some gold bugs cannot comprehend bitcoin to this day, and why midwits believe in centralized scam sh*tcoins. They don't understand decentralization.
English
295
150
1.7K
511.5K
$XMR $SCRT
$XMR $SCRT@XION_GLOBAL·
@sebp888 Monero still needs 1. Hardware wallet 2. Staking 3. Nothing else.
English
4
0
2
87
Sebastian
Sebastian@sebp888·
Is Monero XMR better than Bitcoin BTC?
English
34
2
73
2.7K
Guerrilla Coder
Guerrilla Coder@XGuerrillaCoder·
@NOGreatResetNO @scottmelker @MS287g @glove @Ledger @Apple i'm calling bs on unproved claims that could be proved. when looking for ledger on the app store can only find the legit app. he could also sign a message with one of the addrs in the tx. sure he is a lovely person but not gonna go for the "believe the victim" without evidence
English
1
0
0
64
G. Love
G. Love@glove·
I had a really tough day today I lost my retirement fund in a hack/Scam when I switched my @Ledger over to my new computer and by accident downloaded a malicious ledger app from the @Apple store. All my BTC gone in an instant.
English
416
186
2.2K
847.6K
Guerrilla Coder
Guerrilla Coder@XGuerrillaCoder·
@ortoirlandes tu ja levaste com uns 2 milhoes de quilometros de piroca e ninguem fala em ti
Português
0
0
0
10
João Cordeiro
João Cordeiro@ortoirlandes·
Ah e tal, a Orion que fez a volta à Lua percorreu mais de um milhão de quilómetros. Bitch, please…
João Cordeiro tweet media
Português
14
20
275
4.9K

ディスカバー

@minhokim @LukasHozda @AndrTenente @expresso @StarPlatinum_ @arbitrum @Xocolatetuga @CNviolations