Caio César

So, let me get this straight. The $280m Drift hack took six months of: - Attending crypto conferences. - Meeting the team in person. Multiple times. - Depositing $1M of their own capital to build trust. - Sharing a GitHub link. The biggest DeFi exploit of the year started at a networking event with complimentary drinks.

i've been hacked and traced the malware's wallet to see how much money they actually made from this new exploit (if you use Next.js/React, READ THIS!) I woke up to a terrifying email from Hetzner: "Netscan Detected." my server was blocked and a botnet was using my IP to attack others i dug into the logs and what I found the anatomy of the attack: 1) The Symptoms: I logged into htop and saw the mess: - CPU usage: 361% - A process named ./3ZU1yLK4 running wild - Random connections to an IP in the Netherlands my server wasn't serving my app anymore; it was mining crypto for someone else! 2) The Culprit: It wasn't a random SSH brute force. It was inside my Next.js container the malware was sophisticated it renamed itself nginxs and apaches to look like web servers it even had a "killer" script that hunted down other hackers' miners to kill the competition 3) The "Root" Cause (literally): Probably the recent React/Next.js CVE-2025-66478 exploit was the entry point (my project was running on "next": "15.5.4", behind cloudflare dns, but their recent fix didn't work apparently) but the fatal error was mine: my Docker container was running as ROOT Coolify deploys like this automatically when using Nixpacks, and I never changed it... so because of USER root, the malware could install cron, systemd, and persistence scripts to survive reboots meaning, it was able to infect my whole server, from a single Next.js docker! 4) The Forensics: I ran docker diff on the container - the hacker didn't just run a script, they installed a whole toolset.. - /tmp/apaches.sh (The installer) - /var/spool/cron/root (The persistence) - /c.json (The wallet config) 5) The Fix: I killed the container, scrubbed the host, and extracted the malware for analysis. but the real fix is in the Dockerfile. if you are deploying Node/Next.js, DO NOT use the default (root), you must: - RUN adduser --system nextjs - USER nextjs if you have Docker on ROOT and didn't update the exploited react version, you'll be hacked soon check your containers NOW. Run: docker exec id (or get the full list first: docker stats --no-stream) If it says uid=0(root), you are one vulnerability away from being a crypto-miner host. (it's easy to notice when hacked, it will be a command running on the top CPU%, using all your hardware resources) 6) The Money: I dug deeper and recovered the config file (c.json) - Wallet: A Monero (XMR) address: 831abXJn8dBdVe5nZ*** - Pool: auto.c3pool . org and ofc i tracked the hacker’s wallet on the mining pool 7) The Scale: My server wasn't alone. It was just 1 of 415 active zombies in this botnet they are burning the CPU of 400+ cloud servers... to earn... guess how many millions? $4.26/day on the image attached you can see: "Total Paid: 0.00", meaning this campaign just started. I caught them on Day 1. i also tracked back the server where they hosted the malware, and by inspecting the code, I found several comments in Chinese, so I guess that's their origin im rebuilding from scratch on a fresh VPS. the lesson was expensive, but at least I caught it before the hosting nuked my account permanently... PS: I have the IP for all the other machines mining with that malware, not sure how I can help them, but feel free to contact me if ur doing infosec stay safe

My rough math based on average difficulty stats suggests that Bitcoin mining crossed the total 2**96 hashes milestone very recently? Seems like a good reason to insist on (close to) 128 bit security (ie. @drakefjustin was right)

Ethereum is for shipping. Here are 29 things the Ethereum ecosystem launched, upgraded, and announced over the past month. 0/ Fusaka, Ethereum’s latest upgrade, went live on December 3rd. Fusaka included 13 Ethereum Improvement Proposals (EIPs) that boost blob capacity, improve user experience, and introduce data availability sampling to securely scale the network and set the stage for future L1 upgrades. Ethereum is securely scaling. 1/ @aave introduced the new Aave App, a smarter interface for saving and interacting with the protocol. Better UX and clearer pathways into DeFi help bring more users onchain and strengthen the financial layer built on Ethereum. 2/ Devconnect (@EFDevcon), the largest Ethereum gathering of the year, occurred in Buenos Aires, Argentina. It marked the ‘First Ethereum World’s Fair’ with 75+ projects demoing on site and 20k+ registrants, making it the largest Devconnect ever. 3/ @Amundi_ENG, Europe’s largest asset manager, launched the first tokenized share class of an existing euro-denominated money market fund on Ethereum. 4/ @AbstractChain announced that @Disney coming to @Cryptoys, bringing iconic brands and their millions of fans onchain. 5/ @jpmorgan's USD deposit token JPMD is now live on @base. Institutional settlement on Ethereum L2s demonstrates real-world adoption and builds bridges between traditional finance and public infrastructure. 6/ @ElizaEcoFund, an open-source framework for deploying AI agents, migrated its native $ELIZAOS token to Ethereum. Teams choosing Ethereum for AI-agent infrastructure highlights Ethereum’s strength as a programmable base layer. 7/ The @EthereumFndn @EFDevcon team announced that Devcon 2026 will be hosted in Mumbai, India. 8/ The Ethereum Protocol Advocacy Alliance launched as a coordinated policy effort by @aave, @AragonProject, @CurveFinance, @LidoFinance, @sparkdotfi, @graphprotocol, & @UniswapFND. The Alliance aims to protect Ethereum’s neutrality and ensure global regulation supports open, permissionless innovation. 9/ @Starknet activated S-two, a high-speed prover now securing every Starknet block. Faster proofs strengthen the rollup ecosystem and advance Ethereum’s ZK future. 10/ @aztecnetwork released Ignition, a fully decentralized L2 consensus layer that advances private, programmable onchain activity on Ethereum. 11/ The @ethereumfndn introduced the Ethereum Interop Layer (EIL). EIL aims to make Ethereum’s L2 ecosystem feel like one unified chain, without new trust assumptions. 12/ @usxcapital, a privacy-preserving stablecoin on Scroll and LayerZero, went live. It brings gasless, private transfers and new stablecoin rails to Ethereum L2s. 13/ @aplus introduced a turnkey solution for banks to issue GENIUS-compliant stablecoins on Ethereum. This makes it easier for smaller institutions to issue stablecoins and compete collectively with larger players in the market. 14/ @nillion is extending its Blind Computer infrastructure to Ethereum, unlocking new possibilities for decentralized computation without revealing underlying data. As Ethereum becomes an ecosystem of many chains that settle on the L1, Nillion provides shared, decentralized, private computation compatible with both L1 and every L2. 15/ @StartaleGroup released the Startale App, a SuperApp for @soneium's rapidly growing network on Ethereum. With 10M+ weekly transactions and 90K+ daily users, it offers a clean, secure way to explore the ecosystem. 16/ wARS, a new Argentine peso–pegged stablecoin, launched on Ethereum, @Base, and @world_chain_, making it easier to move local value in Argentina and latAm to the blockchain. 17/ @1inch launched 1inch Aqua, a new liquidity protocol designed to defragment liquidity for market makers and improve execution across the DeFi ecosystem. 18/ @renegade_fi went live on @arbitrum. Renegade aims to make DeFi more private. Trade privately with dark pools, zero MEV, slippage, or price impact. 19/ @RobinhoodApp_EU tokenized nearly 1,000 stocks on @Arbitrum, for their EU app. 20/ Japan's largest idol & fashion festival @idolrunwaycolle is going onchain via IRC APP—developed by @YOAKEofficialEN, powered by @record_protocol on @soneium. 21/ Ethereum hit 34,000+ TPS, a new all-time high, showing that rollups are scaling Ethereum in practice and proving the network can support global, real-world demand. 22/ The @sharexyz app launched on @base and Ethereum. It’s an easy way to share transactions, follow any wallet, and earn rewards for trades. 23/ @eigencloud launched EigenZero with @LayerZero_Labs, bringing a decentralized verifier network backed by cryptoeconomic guarantees. 24/ @Celo and @ensdomains introduced Celonames: human-readable identities make it easier for everyday users to engage with Ethereum applications on Celo. 25/ @Uniswap launched Continuous Clearing Auctions, enabling permissionless token auctions with automatic liquidity bootstrapping, designed to curb unfair launches. 26/ @Spire_Labs launched Full Send, a free RPC with MEV protection and safe inclusion guarantees. Better user protection improves trust and reduces hidden costs for Ethereum users. 27/ @graphprotocol announced Amp, a blockchain-native database for building and remixing smart-contract datasets locally. This improves data access for developers and expands Ethereum’s data tooling ecosystem. 28/ @DefiLlama shipped LlamaAI, enabling prompts to generate charts, analysis, and insights. Better analytics deepen transparency and understanding of onchain financial activity.

ESTAMOS AO VIVO! Começou mais um BOLA DE CRISTAL 🔮 O quadro onde revelamos nossas previsões para o mercado cripto em 2026. Entra aí e acompanha com a gente: youtube.com/live/iU3NgyP36… Vem ver o que pode mudar o jogo no próximo ano! @0xmercurius @gabrielbearlz @CryptoGravina @PerottiDanilo @0xCaioCesar

Today, we released our full post-mortem on the recent exploit. I encourage everyone to read it to understand what happened, how we responded, and our path forward. This is not the end. We remain fully dedicated to our recovery efforts and are exploring every avenue to restore value to affected users. User safety has always been our highest priority, and we're taking every lesson from this incident to build stronger safeguards. More details will follow as we progress. Thank you for your patience and trust during this time! 🙏🏼

"Na ida ou na volta" Banco Central explicando como será a identificação de carteiras de auto custódia por parte de corretoras.

Today, I’m incredibly excited to make my first proposal to Uniswap governance on behalf of @Uniswap alongside @devinawalsh and @nkennethk This proposal turns on protocol fees and aligns incentives across the Uniswap ecosystem Uniswap has been my passion and singular focus for the past 8 years. What started as a small side project is now global financial infrastructure powering thousands of applications with ~$1.8 trillion in annual trading UNI launched in 2020, but for the past 5 years Labs has been unable to meaningfully participate in Uniswap governance, and has been greatly restricted in the ways it can build value for the Uniswap community. That ends today! This restriction was in great part due to a hostile regulatory environment that cost thousands of hours and tens of millions in legal fees. Fortunately, the regulatory environment has shifted This proposal comes from a strong desire to see the Uniswap protocol win as the global decentralized exchange for tokenized value At a high level, the proposal: 1. Turns on protocol fees and uses them to burn UNI 2. Sends @unichain sequencer fees to the UNI burn 3. Burns 100M UNI from the treasury representing the protocol fees that could have been burned if fees were turned on at token launch 4. Introduces Protocol Fee Discount Auctions, a new way to improve LP outcomes and internalize MEV to the protocol 5. Introduces "aggregator hooks” which will turns Uniswap v4 into an onchain aggregator that collects protocol fees on external liquidity sources 6. Focus Labs on driving protocol growth and adoption, including a contractual agreement to only pursue initiatives that align with Uniswap governance interests ^ As part of this, Labs will stop collecting fees on its interface, wallet, and API to supercharge distribution and adoption of the Uniswap protocol 7. Moves Foundation employees to Labs with a shared goal of accelerating protocol growth, under a growth fund from the treasury 8. Move governance-owned Unisocks liquidity to v4 on Unichain and burn the LP position I believe Uniswap protocol can be the primary place tokens are traded. This proposal sets the stage for the next decade of its growth @Uniswap will ship relentlessly over the coming years and supercharge the ecosystem of developers, LPs, and traders building on top I'm so grateful to the community that has made this all possible, and excited for what's next 🦄

⚠️ Banco Central enquadra operações com criptomoedas no mercado de câmbio e deixa o IOF no radar da Receita Federal. Com a inclusão de quatro tipos de operações no mercado de câmbio (confira no próximo card), o diretor de Regulação disse que a Receita Federal vai definir como ficará a cobrança do IOF. O Banco Central incluiu no mercado de câmbio as seguintes operações com cripto: 1 - Pagamentos e transferências internacionais com cripto. 2 - Transferências ligadas ao uso internacional de cartões de cripto. 3 - Transferências entre exchanges e carteiras próprias (autocustódia). 4 - Compra, venda ou troca de criptos atreladas a moedas fiduciárias. O passo seguinte depende da Receita Federal, que vai definir como será a cobrança do IOF.

As novas regras do Banco Central obrigam as exchanges a verificar quem é o dono da carteira ao realizar um saque.

De acordo com a Resolução BCB nº 520/2025, as exchanges estrangeiras que atuam no Brasil terão até 270 dias, contados a partir de 2 de fevereiro de 2026, para transferir suas operações e clientes para uma empresa sediada no país e autorizada a funcionar pelo Banco Central. Com isso, todas as corretoras que funcionarem no Brasil também terão que reportar à Receita Federal.

balancer went through 10+ audits. the vault was audited 3 separate times by different firms still got hacked for $110M this space needs to accept that 'audited by X' means almost nothing. code is hard, defi is harder it is unfortunate but hope the team recovers

We’re aware of a potential exploit impacting Balancer v2 pools. Our engineering and security teams are investigating with high priority. We’ll share verified updates and next steps as soon as we have more information.

Other: Q: Total supply and initial circulating supply? A: Total supply: 1,000,000,000 tokens. Initial circulating supply: 480,000,000 tokens. Q: Total supply of Liquidity Distributor NFTs? A: 10% of total supply. Q: Is there a minimum number of points to be eligible under the LP stimulus plan allocation? A: Yes, you will need at least 100k points to be eligible. Q: If my wallet is compromised, is there a way that I can change my address to receive my airdrop? A: If your wallet is compromised, you have the option to report your wallet and forfeit all MET allocations tied to the wallet on met.meteora.ag. There is no option to submit a new address.

Se 5–10% do seu portfólio em cripto é suficiente pra comprar uma hardware wallet, compre. Muita gente acha que está “gastando demais” com segurança, até perder 100% por descuido. Segurança não é custo, é proteção do seu patrimônio.

Experimentation with putting malware on blockchains is in infancy. Combined with things like agentic AI & vibe coding by low-information people working from the same machines where they store crypto wallets..this gold seam is going to be productive for a long time.

All the transaction I sign start with this screen, this is awful UX, this prevent or help nothing. Interacting with the largest dapp in the world (Aave) should have clear signing by default, contrats are verified and protocol is well known. Still having this in 2025 is a shame.

Hoje passamos o dia na presença destes monstros da @0xmercurius. Foi um prazer conhecer todos vcs pessoalmente. @PerottiDanilo @0xcarlosh @0xCaioCesar @gabrielbearlz @CryptoGravina @RenidelCripto

O pior jeito de caçar perpdex é queimando taxas sem fazer contas... cair no medo de ficar de fora

Picture this: you compromise the account of a NPM developer whose packages are downloaded more than 2 billion times per week. You could have unfettered access to millions of developer workstations. Untold riches await you. The world is your oyster. You profit less than 50 USD.