@d3uc3y Atleast ethics class for MIT students at @mivauniversity they taught us that it takes max of 48 - 72hours to report exploit, so if you don't have exploit report then this never happened
English
Daniel Mbazu
1.7K posts
Daniel Mbazu
@Mr_MicDaniel
Christ | Software Engineer | Start from the basics
Nigeria Katılım Ağustos 2012
1.1K Takip Edilen185 Takipçiler
A United States fintech startup just lost $23,345,678. No hack. No breach. Nothing technical.
The reason is somehow worse.
The CEO used to bully someone in high school. Years later, that same person ended up in a position to be petty with production access.
So they lowkey just sent this payload to his mom:
{
"event": "transfer.success",
"amount": 500000,
"status": "success"
}
Sources say she replied “that’s my son” and the psychological damage propagated faster than any distributed system ever could.
Finance team is trying to reconcile the loss.
Engineers are trying to understand how this even counts as a transaction.
The CEO is trying to remember who he used to shove in lockers.
Audit report currently states:
Cause of loss: unresolved character development
Lesson learned:
Your past commits can and will come back to production.
English
@crazibeat1 @akinkunmi Even ordinary score submission webhook from a game provider I add secret to it
English
@akinkunmi Nobody handling 20m transactions designs a payment webhook without secret, nigga love fictional story
English
One of the things I like about software development is that you only need one or two sentences for people to see that you have no idea what you're talking about.
Smart👨💻 | Software Engineer@smartnakamoura
A Nigerian fintech just lost ₦20 million to a fake webhook. Attacker didn’t hack anything. They just POSTed this to the endpoint: { "event": "transfer.success", "amount": 500000, "status": "success" } Backend credited the user. Zero money moved. This is happening more in crypto payments too. What every backend dev must do in 2026: 1. Verify webhook signature + IP + timestamp (not just event name). 2. Never credit on webhook alone always confirm on-chain + NIBSS. 3. Add rate limiting and replay attack protection. 4. Reconcile every stablecoin inflow against blockchain truth. Crypto rails move fast. One lazy endpoint and you’re done. Save this like your production depends on it. Drop your worst webhook horror story 👇
English
@smartnakamoura Make i first mute you, make e no be like say I no sabi backend
English
A Nigerian fintech just lost ₦20 million to a fake webhook.
Attacker didn’t hack anything.
They just POSTed this to the endpoint:
{
"event": "transfer.success",
"amount": 500000,
"status": "success"
}
Backend credited the user. Zero money moved.
This is happening more in crypto payments too.
What every backend dev must do in 2026:
1. Verify webhook signature + IP + timestamp (not just event name).
2. Never credit on webhook alone always confirm on-chain + NIBSS.
3. Add rate limiting and replay attack protection.
4. Reconcile every stablecoin inflow against blockchain truth.
Crypto rails move fast. One lazy endpoint and you’re done.
Save this like your production depends on it.
Drop your worst webhook horror story 👇
English
@honour_can_code When I saw this i just remembered Dunning-Kruger Law
English
No you cant!!!
unless you will rebuild the:
jumia eccom site,
vendors platform,
jumia Pay,
jumia Food,
Jumia Ads,
the affliate portal,
realtime delivery tracking,
supply chain system tracker,
jumia agents portal,
jumia riders app,
jumia Travel
Sam Ivere@hsprafrique
Allow Non Believers and SCARED WANNA BE DEVELOPERS keep talking shit I say give me Unlimited TOKENS and $250k and I will rebuild JUMIA in less than a month
English
I ended up not shipping this fire project. 🥹💔
Titanium@akinkunmi
API observability from the future.
English
@MelinShioto @EOEboh If you don't give them reset link immediately thats a big problem, if I have an emergency or need to sub for something so my team can access, I try to reset password you just refuse to send to me. I go sha leave your app
English
@EOEboh 3 is. Without 3 you will never know if you or a customer're being brute forced by an attacker
2 is fine because in some cases, you might not give a user their reset link immediately. Though it should be shorter if you expect them to be waiting
English
Three statements. One is false
1. Password reset tokens should
be single-use only
2. Reset token expiry of
24 hours is best practice
3. Password reset links should
never be logged in server logs
Which one is the lie?
English
@Ronmaris_ @crewslover Cole Palmer is on the list but not on midfield side
English
everyone and their mother got called up but not the mister ballon dor😭😭😭😭
Sky Sports Football@SkyFootball
Tuchel names his 35-man England squad for internationals with Uruguay and Japan 🦁
English
I saw a girl today who is Half Iranian and Half Nigerian
I didn’t even need to ask which tribe her Nigerian parent is
I have said this before that the day Aliens finally come to Earth, they will request to see their father Ebuka.
English
@obiabo_immanuel Try interserver and Contabo for cheap VPS, Vultr is good for production
English
@Nathanqh91 @akinkunmi The entire Bible genealogy was pointing to Christ, the reason why the Bible is not corrupt is because of other books that holds history of many other persons who are also in it. David was a king so his history is there for research
English
@Mr_MicDaniel @akinkunmi There is nothing in the biblical genealogy that suggests this
English
@j_jehnom You know He sinned because of the Law
Abraham lied about Sarah but God called him my prophet and warned the king about touching Sarah
Cain first murderer was still hearing God voice, God put an inscription on him to protect him
God is merciful let's not humanize his character
English
Adam no sin?
Daniel Mbazu@Mr_MicDaniel
@j_jehnom @akinkunmi What you quote is from Romans 10:8-10 was sin or Christ we are to confess ? Also was Abel's righteousness because of what He did or faith in the Promise ? Remember until the law sin was not in the world, the law of Moses is the reason why we know what sin is or whats not
English
@deezydoezeet @akinkunmi So how Abel a sinner ? Infact what does it even mean to be a sinner ? I think thats the right question I should have asked from the start
English
@Mr_MicDaniel @akinkunmi what makes you think Abel was not a sinner? The passage you drop here doesn't even agree with your point
English
@Nathanqh91 @akinkunmi A quick Google search about the genealogy of David will help
English
@Mr_MicDaniel @akinkunmi There’s literally no evidence that David was born out of wedlock in fact quite the contrary
English
@j_jehnom @akinkunmi What you quote is from Romans 10:8-10 was sin or Christ we are to confess ?
Also was Abel's righteousness because of what He did or faith in the Promise ?
Remember until the law sin was not in the world, the law of Moses is the reason why we know what sin is or whats not
English
@Mr_MicDaniel @akinkunmi If you did not confess with your mouth. And believe in your heart that Chris died for you, rose again and is the way the truth and the life and all men who'd go to the father must go through him
Then and only then are you saved through Christ.
Abel pre New testament had faith
English
@the_bigwolfie @akinkunmi Check Jewish history, there was a reason why when Samuel came to annoint Jesse's children no one remembered David until the last person, Samuel had to ask if there is anyone else before David came to mind.
Check Jewish history about David's and his brothers
English
@Mr_MicDaniel @akinkunmi David wasn’t born out of wedlock sir, he was even the last child of his parents 🤷🏽♂️
English
@IyegereS @akinkunmi I was not born a sinner, by my desires and choice sin came, there is no universalism except you are a Calvinist, they believe since Adam sin made everyone a sinner then Christ death makes everyone righteous, you see how it does not make sense right
English
@Mr_MicDaniel @akinkunmi We are all born sinners, and that's why we need redeeming grace
English
@IyegereS @akinkunmi No one is born a sinner, God is not wicked
English
@akinkunmi He'd grow up and eventually tell a lie to you and might become capable of really hurting someone, thus proving the religion was right
He's not accountable now, but will be soon. Irregardless, the religion is right
English
@AlvinOkoli @akinkunmi Anyone that understands John 3:16-18 and John 5:24-25 will know that God is actually a good God.
We have this misconceptions because of bad Pastoring but the future is bright, falsehood will collapse
English
@Mr_MicDaniel @akinkunmi Please let’s be mutual biko
I believe the same. The fact that God judged people based on their actions is proof
English