Muhammad Abdullah

@albinowax Appreciate the good work you have been doing for the community.

Always good to hear about people having fun triggering race conditions with the single-packet attack!

@ihtishamSudo Thanks mate

@0xabdullahx0 good job mate

Recently performed a Pentest of a hybrid perp DEX. Found several issues, but one critical stood out: a race condition in the close-position logic that turned a 100 USDT position into $3.9M in unauthorized trading volume — leaving bad debt on the protocol. 🧵

If you are looking for a pentest or audits of your protocol and dapp , DMs are open.

Full writeup with the amplification math, kill chain, exploitation scenarios, and takeaways: @mahitman1/how-a-100-usdt-position-generated-3-9m-in-volume-and-left-bad-debt-on-the-protocol-f70c55a01baa" target="_blank" rel="nofollow noopener">medium.com/@mahitman1/how…

@raycashxyz Me

We are looking for the first 500 people to use Raycash in private beta. Not testers. Early members. People who understand why private, self-custodial money matters and want to be among the first to use it. If that is you, the waitlist is the place to start. Link in bio.

A security researcher just documented a large-scale counterfeit Ledger Nano S Plus operation selling compromised devices across multiple online marketplaces. The fake units look identical to the real thing but contain completely different hardware. Instead of Ledger's secure element chip, the counterfeits run an ESP32 microcontroller with modified firmware labeled "Nano S+ V2.1." Seeds and PINs are stored in plain text and transmitted to attacker-controlled servers. Any wallet initialized on the device is drained. The operation goes beyond the hardware. The sellers also distribute a fake version of Ledger Live built with React Native and signed with a debug certificate. It intercepts transactions and exfiltrates sensitive data to multiple command-and-control servers. The campaign spans five attack vectors: compromised hardware, Android APKs, Windows executables, macOS installers, and iOS apps distributed through TestFlight to bypass App Store review. This comes days after ZachXBT documented a separate fake Ledger Live app that made it through Apple's Mac App Store review process. That operation drained over $9.5 million from more than 50 victims, including musician G. Love, who lost 5.92 BTC after entering his recovery phrase into what he believed was the legitimate app. The pattern is clear: the attack surface for hardware wallet users has shifted from firmware exploits to supply chain and distribution fraud. The devices themselves remain secure. The problem is that users are being intercepted before they ever touch a real one. Ledger's own "genuine check" feature can be bypassed when the hardware itself is compromised at the source, which makes where you buy the device as important as how you use it. The rules haven't changed, but they've never been more important: buy hardware wallets only from the manufacturer. Never enter your recovery phrase into any software. If a companion app asks for your 24 words on a screen, it's a scam. Every time.

@audit_wizard Doorkeeper , need to pass ...

Thanks to recent Claude Code leaks we can finally say Audit Wizard is BACK - Claude Code harness but as an Auditing Agent - Every piece of the agent built for smart contract auditing - Team feature, audit from your phone! Introducing AuditWizard 2.0 - Comment for early access -

@gajesh You will be providing more models too ?

9 Macs running right now. 600+ GB unified memory. ~3 TB/s bandwidth. $15k live, another $15k (3x 128GB M5 Max) on the way. Text, images (FLUX on Metal), speech-to-text. Full stack shipping: coordinator, hardened provider agent, Secure Enclave integration, macOS app, web console. Paper published. System live. Research preview, rough edges included. Try it: console.darkbloom.dev Earn from your Mac: console.darkbloom.dev/earn Paper: darkbloom.dev Reply and I'll send you an invite with free credits. An @eigenlabs research initiative.

Wake the world's sleeping compute. Look at the Mac nearest to you. What's it doing? Probably nothing. There are 100M+ Macs with Apple Silicon out there. Apple quietly made them *really* good at inference. A $3k Mac runs a 60B model at 30 watts. Most sit idle most of the day. Meanwhile every AI API call passes through three layers of margin before reaching the hardware. We call this the Inference Tax. We got curious: what happens if you connect idle Macs directly to inference demand? This is Darkbloom. Private inference network for idle Macs. darkbloom [dot] dev -- paper + code open. Reply for invite + free credits ↓

@usamakbhatti @RxCommerceMogul Likewise

My immediate family, uncles, aunts, and first cousins have voters of PML-N, Jamaat-e-Islami, and PPP (Dharra Politics), and we all get along pretty decently. But we do have Insafis in the extended family, and when and if they are invited into family gatherings, they usually turn it into one of those Imran Riaz and Sadeeq Jan driven rage sessions. So lately, we all have decided to avoid inviting them for the sake of saving our family gatherings.

@hakluke Happened with me , team did share it.

Bug bounty question: If you submit a bug, and it gets marked as an internal dupe because "the team already knew about it", is it fair to ask for proof?

@FarisHammadi From your end licking American and zionist boots is Islam.

The Rafidha dream of ruling the Arabs; perhaps out of a sense of vengeance, believing that the Arabs once ruled them and destroyed their Persian identity and history when ʿUmar entered Persia. In reality, he simply replaced their shirk with Islam. Today they aspire to dominate the Arabian lands, claiming they possess a “better model” of Islam. This claim is absurd. They call upon other than Allah, commit shirk regarding His Lordship and His Names and Attributes, and they slander the noble Companions. This is not Islam.

@kajakallas Shameless and heartless politicians , only acting behalf of their puppet masters. Lap dogs....

The EU continues to hold Iran accountable. Today, EU Member States ambassadors approved new sanctions targeting 19 regime officials and entities responsible for serious human rights violations. As the Iran war continues, the EU will protect its interests and pursue those responsible for domestic repression. It also sends a message to Tehran that Iran’s future cannot be built on repression.

@IsraelMFA Getting taste of your own medicine.

The Iranian regime is firing cluster bombs at Israeli civilians. Their deliberate and repeated use against civilians shows that the Iranian terror regime is seeking to maximize civilian deaths and harm.

@muftimenk Prepare against them what you ˹believers˺ can of ˹military˺ power and cavalry to deter Allah’s enemies and your enemies as well as other enemies unknown to you but known to Allah.Whatever you spend in the cause of Allah will be paid to you in full and you will not be wronged.8:60

Don’t underestimate the power of prayer.

@syedamaheenkam Dumb , prices have risen in the international market it doesn’t have to do with any government

Petrol about to hit Rs280 per litre and we have only 26 days of fuel left. Thanks to the great Shehbaz Sharif, who’s currently very busy calling every other leader!