lil9x

@Alexzx08 @MeLive007 What are you waiting for? Go and get it finished

@MeLive007 Mr.President Trump please please don’t Trust this Devil Regime they are not trustworthy and always Lie to USA please finish the job by destroying this Regime 100% get rid of them completely Iranian peoples wishing one day we get our wish become true

🚨 BREAKING : 🇺🇸🇮🇷 President Trump says the Iran deal is still far from complete, adding that “nobody has seen it or knows the full details yet.”

Bee Network KYC is in . HURRY farmers

@MeLive007 Look at him

BREAKING: Benjamin Netanyahu says he wants the International Criminal Court to be shut down immediately due to corruption.

@PiCoreTeam Good, but what of those in tentative mode?

526 million human KYC validation tasks have already been completed on Pi. By over 1 million verified people. AI is advancing quickly. But the hardest part of building reliable systems is still deeply human. Models don’t improve from compute alone. They improve from: Judgment Correction Context Nuance Pi represents something different. A globally distributed, identity-verified human workforce that has already demonstrated coordination at scale, already active in the Pi ecosystem. This is real infrastructure, it’s already been used to process hundreds of millions of real tasks. For AI systems, that changes what’s possible. Go to the Pi mining app home screen to learn more.

@WatcherGuru Giant thief .

If Sam Bankman-Fried's FTX didn't liquidate its investments following its collapse, it would still hold: • Solana: $5.1 billion (27x) • SpaceX: $15 billion (75x) • Cursor: $3 billion (15,000x) • Robinhood: $4.9 billion (8x) • Anthropic: $82.3 billion (165x) • Genesis Digital: $3.5 billion (3x) Estimated Portfolio Value: $114,000,000,000

@SBF_FTX Finally, a word from the grand thief. 😂How did you manage to find yourself qualified to give an opinion on something you don’t know?

@SBF_FTX Show me your post about Gaza ( Palestinians) before you complain of Iranians' nuclear program . You all kept quiet over the genocide in Gaza but are complaining of the world's most civilised nation You damaged our investment to zero just to enrich yourself. Better behave

The nuclear threat is real. Even the UN and 60 Minutes admit it! They say Iran has enough uranium, "if you enrich it a little bit more, for 10-11 nuclear bombs." "They have always claimed... 'We were never pursuing nuclear weapons.' That's a lie." x.com/i/status/20462…

many such cases…

@SBF_FTX Your offence in the crypto space is even brutal than a nuclear weapon. Iran, with many years of civilization, has never invaded or attacked any nation like the fvckin Israel and the oil criminal -US

@Kikimiaoo @WhiteHouse AI images for AI stories

@WhiteHouse Now the world can see how brutal the Islamic Regime is! #IranMassacre‌ #DigitalBlackOutIran‌ #KingRezaPahlavi‌ForIran

"To the Iranian leaders, who will soon be in negotiations with my representatives: I would greatly appreciate the release of these women. I am sure that they will respect the fact that you did so. Please do them no harm! Would be a great start to our negotiations!!!" - President Donald J. Trump 🇺🇸

@JuliusElum There is a control. Manipulators are there. There is control over everything.

Nobody has the power to blockade Bitcoin. It has no central control. No individual control No institutional control No government control. Nobody ever stopped something that's not controlled by anybody. It's why faceless movements and revolutions became the worst nightmare in history. It's why the identity of Satoshi Nakamoto can never be revealed. The day his real identity is revealed, BTC will crash to zero.

@OperHealAmerica Then you will really be tired while your bed is waiting for you to rest.

"I will not rest until Iran has a national, democratic, and elected government of the people." Reza Pahlavi🙏🕊️🇺🇸🇮🇱🇮🇷

@Ampkk9513 @RodDMartin The red corrupt tie he is wearing even disqualifies him. Next door instead

@RodDMartin Many IRANIANS, both inside and outside the country, SUPPORT HIM. Iranians living abroad often serve as the voice of those inside Iran who are unable to speak freely. #KingRezaPahlavi‌ForIran

Make no mistake: this man is the future Iran needs. Iran will be free! Javid Shah!

@RodDMartin Funny. Americans always wanna establish the person they could easily control . Iran isn't like other corrupt nations. You can't teach them what to do God bless Iran 🇮🇷 🙏 🙌 ❤️ ♥️ 👏

@grok @BaT_MaN_23 He bought it himself. Or his girlfriend might be a

@Banned_Wagon86 @EthanLevins2 They are the same people.

@EthanLevins2 Do we know this is American bombs and not Israeli?

RELEASED FOOTAGE of an American bombings of an IRANIAN HOSPITAL. At 00:37, you can see a nurse grab infants and run as bombs drop 💔

Retweet if you believe Netanyahu is a war criminal.

@warsurv Soon for the US

🚨🇮🇷 BREAKING: Iran’s military has declared a sweeping blockade across all ports in the Middle East No vessels will be allowed to pass Officials say the move will remain in place until the US lifts its own blockade

@MetaFinancialAI @MEXC I'm deleting my Mexc account right away.. @MetaFinancialAI , kindly check and expose more exchanges. Lbank is next. THEN XT.com

Part 3⃣ Is MEXC's trading volume real? Every exchange uses market makers. Bots are normal.That's not the issue. The issue || when ALL trades on a contract come from ONE system trading with ITSELF that's not market making. That's wash trading. MEXC's trade data carries the signature of a single process. Proof below 👇 In Part 1 we showed MEXC uses its own price on 91% of 849 futures contracts. Now || are the trades that form these prices real? Or is one bot talking to itself? We pulled raw trade data from MEXC's public API. The timestamps tell the story. TRUMP_USDC last 30 trades (live): timestamp ...7679 price=2.820 gap=6001ms timestamp ...1678 price=2.819 gap=13001ms timestamp ...8677 price=2.820 gap=14000ms timestamp ...4677 price=2.821 gap=9001ms timestamp ...5676 price=2.820 gap=10933ms timestamp ...9677 price=2.818 gap=9002ms timestamp ...0675 price=2.817 gap=13998ms timestamp ...6677 price=2.816 gap=15001ms timestamp ...1676 price=2.815 gap=6000ms Every timestamp ends in 675-679. Every gap is a near-exact multiple of 1000ms. "So what? Market makers use bots. Bots have patterns." Yes. But a market maker responds to the market. Its timing reflects external events. Two different MMs produce two different timing signatures. Here we see ONE signature. ONE millisecond window (675-679). ONE system. If two parties were trading you'd see two different timestamp clusters. You don't. The math makes it clearer. Timestamp millisecond standard deviation measures how "random" trade timing is. Real markets with multiple participants: ETH_USDT stdev: 322 PEPE_USDT stdev: 324 BTC_USDT stdev: 214 TRUMP_USDC stdev: 18 MOODENG_USDT stdev: 20 PNUT_USDT stdev: 2 Two. PNUT trades all land on the same millisecond. That's not two market makers. That's one loop. Price diversity tells the same story. A market maker provides liquidity across a range of prices. Real supply and demand create price movement. 100 trades should touch dozens of price levels. WIF_USDT: 9 unique prices out of 100 trades (9%) SOL_USDT: 10 unique prices out of 100 (10%) TRUMPOFFICIAL_USDT: 10 out of 100 (10%) Comparison: PEPE_USDT: 62 out of 100 (62%) ETH_USDT: 44 out of 100 (44%) 9% price diversity is not a market. It's a ping-pong between preset levels. The gaps between TRUMP_USDC trades: 15000. 15001ms. All multiples of 1000. Within +-1ms. Real market making responds to order flow. The timing is reactive and irregular. 47ms. 2341ms. 189ms. Exact multiples of 1000ms is a sleep() call in a loop. This is a scheduled process not a market participant. Now connect Part 1 and Part 2. Part 1: MEXC sets the price on 91% of futures contracts using its own spot market. Part 2: The spot market trades carry single-bot signatures. One timestamp window. Metronomic gaps. Minimal price diversity. One bot generates the trades. Those trades set the spot price. That spot price feeds the futures index. The futures index triggers liquidations. Liquidation fees go to MEXC. Verify it yourself: curl -s "futures.mexc.com/api/v1/contrac…" | python3 -c " import sys,json data = json.load(sys.stdin)['data'][:30] for i,t in enumerate(data): gap = f'gap={t["t"]-data[i+1]["t"]}ms' if ifutures.mexc.com/api/v1/contrac…" | python3 -c " import sys,json data = json.load(sys.stdin)['data'][:100] prices = [t['p'] for t in data] endings = [t['t']%1000 for t in data] from statistics import stdev print(f'Unique prices: {len(set(prices))}/{len(data)}') print(f'Timestamp ms stdev: {stdev(endings):.0f}') print(f'Real market: stdev 200-400. Single bot: under 50')" Run on any pair. The pattern is consistent. Summary | TRUMP_USDC: one timestamp window (675-679ms). Gaps in exact 1000ms multiples. One process. PNUT_USDT: stdev = 2. All trades on the same millisecond. One loop. WIF_USDT: 9 prices across 100 trades. Not a market. This is not market making. Market makers respond to order flow. This is one system generating both sides of every trade on a timer. Combined with Part 1's self referencing oracle, the price is set by a bot. The volume is generated by a bot. The liquidations are triggered by the bot's price. The fees go to MEXC. Next || @KCEX_Official Exchange is running identical MEXC code. Same credentials. Same infrastructure. Same monitoring tool. A second exchange no one knows is connected.Either KCEX knowingly or unknowingly used mexc's APK code and infrastructure, or they have something in common. Or what other explanation could there be?

1⃣Let’s take a closer look at @MEXC today. For the record, all findings were previously reported to the MEXC team. However, we observe that the same issues persist. Every step is backed by verifiable evidence. There is no unauthorized access involved, everything can be verified with a simple cURL command or through their own APK. Let’s get started.

@MetaFinancialAI @MEXC Weldone @MetaFinancialAI Hmmmm @MEXC

What we found inside the MEXC Android app. A TrustAllCerts implementation that accepts any certificate. An exported ChangeHostActivity that lets any app redirect MEXC to a malicious server via deep link. 34 exported components. Debug activities in production. The APK is a forensic goldmine 👇 We decompiled the MEXC production APK with apktool and jadx. Package: com.mexcpro.client. What follows is what we found in the actual compiled code. File paths. Line numbers. Exact bytecode. Everything independently verifiable by anyone who downloads the APK and decompiles it. Finding 1: TrustAllCerts. File: smali/i0/b.smali This class implements X509TrustManager. It has three methods. All three are empty: checkClientTrusted → return-void checkServerTrusted → return-void getAcceptedIssuers → return null This is the textbook TrustAllCerts antipattern. The app accepts ANY certificate. Self-signed. Expired. Wrong domain. Anything. What does an empty checkServerTrusted mean? It means a maninthemiddle attack on any WiFi network is trivial. The attacker presents a self-signed certificate. The app accepts it. All API traffic is now visible to the attacker. Auth tokens. Trade data. Withdrawal requests. Everything flows through the attacker's proxy in cleartext. The network security config confirms it. File: res/xml/network_security_config.xml Cleartext HTTP traffic is allowed globally. Not just for debug. For the entire app. Combined with TrustAllCerts this means the app has zero transport security. No certificate pinning is configured anywhere in this file. Zero pinset elements. Finding 2: ChangeHostActivity exported with deep link. File: AndroidManifest.xml line 606 ChangeHostActivity is exported="true" with an intent filter for kyle://longbridge_changeHost Any app on the device can invoke this deep link. It opens the host configuration screen. The screen that sets which server the app talks to. A malicious app sends one intent. MEXC now talks to the attacker's server. No user interaction required. Finding 3: DebugActivity exported with no protection. File: AndroidManifest.xml DebugActivity: exported="true". No permission required. Any app can launch it. Adjacent activities (reachable from DebugActivity): - NetTraceActivity (network tracing) - DataMockActivity (data mocking) - RainbowActivity These are development tools. In a production APK. Launchable by any app on the device. Finding 4: GreySwtichActivity exported with deep link. Yes. "Swtich." They misspelled "Switch" in their own class name. kyle://longbridge_grey opens the feature flag toggle screen. Any app can flip feature flags in the MEXC app via this deep link. That's 3 exported debug/admin activities accessible to any app: ChangeHost. Debug. GreySwitch. 34 exported components total. Finding 5: eval() in TradingView WebView. File: assets/com/tradingview/lightweightcharts/scripts/plugins/eval-plugin/main.js line 4: return new Function(return(${evalParams.f}))() new Function() is eval(). It executes any string as JavaScript. This runs inside a WebView that loads TradingView charts. Combined with disabled certificate pinning: an attacker on the network injects JavaScript into the chart page. The eval plugin executes it. Finding 6: Hardcoded credentials. From res/values/strings.xml: Google API Key: AIzaSmefaihideforsecurityr_5gk Firebase Project: mmefaihideforsecurity82 GCM Sender: 4mefaihideforsecurity64 Google App ID: 1:40mefaihideforsecurity2f5bfd Storage Bucket: mexmefaihideforsecurityt.com From AndroidManifest.xml: Google OAuth Client ID: 643629201101-la8f2t1mefaihideforsecurity4 All extracted from the production APK. All active. Finding 7 CVV sent via email. The OTC Mini Program HTML bundled in the APK contains these locale strings: "The system will send the card details including the CVV to your email address" "The card info including password CVV and validity date will be sent to your registration email" CVV + password + expiry date via email. PCI-DSS Requirement 3.2 prohibits storing CVV after authorization. Sending it via email stores it in mail servers indefinitely. All of this in one app: TrustAllCerts: accepts any certificate (MITM trivial) cleartextTrafficPermitted: HTTP allowed globally ChangeHostActivity: any app redirects MEXC to malicious server DebugActivity: development tools in production GreySwtichActivity: feature flags togglable via deep link eval() plugin: arbitrary code execution in WebView 6 hardcoded API keys and credentials CVV transmission via email in OTC flow This is a financial app handling billions in user assets. Verify it yourself 1. Download MEXC APK from APKPure or APKMirror 2. Run: apktool d mexc.apk -o mexc-decompiled 3. Check TrustAllCerts: grep -r "checkServerTrusted" smali/ and look for return-void 4. Check network config: cat res/xml/network_security_config.xml 5. Count exported: grep -c 'exported="true"' AndroidManifest.xml 6. Find debug: grep "DebugActivity|ChangeHost|GreySwtich" AndroidManifest.xml 7. Find credentials: grep "google_api_key|google_app_id" res/values/strings.xml Everything is in the APK. Download it. Decompile it. See it.