Sabitlenmiş Tweet
Mau Palma
962 posts
Mau Palma
@PalmaSwell
Coding for positive change. Product Engineer at @SquadsProtocol - building @altitude. Co-founder of https://t.co/ikXjrZ5tH1. Formerly @framer and @sinnerschrader
Hamburg, Germany Katılım Kasım 2013
544 Takip Edilen466 Takipçiler
Mau Palma retweetledi
Global finance is moving to stablecoin rails.
Altitude is where businesses run on them.
a16z crypto@a16zcrypto
English
Mau Palma retweetledi
Mau Palma retweetledi
Mau Palma retweetledi
We've identified an address poisoning attack targeting Squads users. We have no evidence of any users being impacted at this time.
Attack vector: Since all public keys are visible onchain, attackers are programmatically creating new multisig accounts that include existing Squads users as members. These multisigs appear in the UI because the program indexes all accounts associated with your key. Additionally, attackers are grinding public keys that match the first and last characters of your real multisig addresses, making fake accounts look legitimate at a glance.
Attacker goal: Get you to mistake a fake multisig for one of your real ones — either by copying its vault address (sending funds to an attacker-controlled account) or by signing a transaction you didn't initiate.
Impact: None, if you don't interact. This is not a protocol vulnerability. The attacker cannot access your funds, execute transactions, or modify your existing multisigs. It is purely a UI-level social engineering attempt.
Action required:
— Ignore and do not interact with any multisig you did not create or weren't added to by your team
— Do not rely on matching the first and last characters of an address to verify it — always verify the full address against your own records
— If you're unsure whether a multisig is legitimate, check with your team before taking any action
— Set your Squads accounts as default — this pins them to the top of your Squad list, making it easy to distinguish your real accounts from anything unfamiliar. We encourage everyone to do this now if you haven't already (click on ... next to your Squad in the Squad list).
UI updates shipping in the next two hours:
— A banner alerting users to this attack
— An alert on any multisig you've never interacted with before
In the next few days we are also shipping a whitelist logic where all new multisig accounts initially go to a pending state requiring you to manually add them to your Squad list.
We'll follow up here with updates as we roll these out.
English
Mau Palma retweetledi
An update on what we're focusing on with @multisig in light of the Drift incident last week.
What we're building now:
1. A proxy program for v4 that lets you opt in to killing durable nonces for a specific signer. This removes the ability for pre-signed transactions to sit indefinitely waiting to be executed.
2. A dedicated protocol management multisig program with configurable template policies and a UI you can run locally. Built for teams that need tighter governance controls over admin operations.
3. Exploring clear signing with intents so signers can verify exactly what a transaction does before approving it (cc @Redacted_Noah).
What's already available on v4 and can be set up by your team today:
– Timelocks. You can set these up in Settings. They create a mandatory delay between proposal approval and execution.
– Signer permissions. You can assign Propose, Vote, and Execute rights separately, so not every signer has the same level of access.
– Multisig nesting. You can set up configurations where eg two separate multisigs are signers on a third. Adding a layer of operational separation.
-Minimal UI. An interface on top of v4 that you can run locally (github.com/Squads-Protoco…).
If you're unsure about your current setup or want guidance on how to configure any of this, DM us.
Squads@multisig
Our investigation into the @DriftProtocol incident remains ongoing. Early evidence points to two compromised signers on Drift's admin multisig, which were used to execute a transaction modifying Drift's program configuration. Squads programs were not compromised. We have also found no evidence of compromise to Squads infrastructure, though we are actively investigating to confirm this with full confidence. We will share further findings as they become available. Best Practices for Operationally Critical Multisigs Thresholds: Any multisig with operational or administrative control over a program should have a signing threshold of 3 or above. This requires an attacker to concurrently compromise multiple independent signers, significantly raising the difficulty of this type of attack. Where possible, signers should also be geographically and organizationally dispersed. Signers sharing the same location, devices, or org structure introduce correlated risk. Timelocks: Multisigs with program-level control should implement a timelock (can be set up in Settings of your Squads multisig). It won't prevent a malicious transaction from being proposed, but it creates a window to detect and reject it before execution. The tradeoff: timelocks also slow down legitimate emergency responses to bugs or active exploits, so teams should factor this into their operational setup. Alerts & Monitoring: We encourage all operationally critical multisigs to set up monitoring and alerts through our security partner @RangeSecurity. Range provides two key things: an alternative interface for independently verifying transaction content outside of the Squads UI, and proactive Slack alerts so signers are notified before a proposal moves forward. If you want help getting set up, reach out and we'll connect you directly. A high threshold, a timelock, and monitoring are the foundation for any multisig with program-level control. Signing Process: Signers should use dedicated devices and hardware wallets, never a general-purpose machine. Additionally, signatures are only valid for approximately 2 minutes each, so introduce at least a 2 minute delay between each signer taking actions to ensure signatures cannot be collected & bundled by an attacker. Always verify transaction content independently across all three available sources: the Squads UI, Range's alternative interface, and Solana Explorer or Solscan On Durable Nonces The Drift attack exploited durable nonces to collect signatures without time pressure, bypassing the 2-minute transaction expiry that would otherwise limit this type of attack. We are actively exploring ways to block durable nonce usage across all of our programs, both at the program level and through other enforcement mechanisms, to ensure this protection extends to our immutable programs V3, V4, and our current Smart Account Program. Beyond this, the broader Solana ecosystem is taking steps to address this at the protocol level, with a new transaction format that drops durable nonces as a feature entirely. We will follow up with more information on this soon. Beyond Multisig, Operational Security Technical controls only go so far. Most high-profile compromises lately have been social engineering attacks targeting the people behind the keys, not the contracts themselves. If you are running mission-critical protocol operations, invest in your internal opsec processes and team culture accordingly, how proposals are initiated, communicated, and approved all matter. We recommend engaging dedicated security advisors. @zeroshadow_io and @0xGroomLake are trusted starting points, and we are happy to connect you directly.
English
Mau Palma retweetledi
Mau Palma retweetledi
@toly @CryptoHayes I feel like formally verified, audited, and immutable basically makes squads "native". It's as native as spl-token.
English
Mau Palma retweetledi
Our investigation into the @DriftProtocol incident remains ongoing. Early evidence points to two compromised signers on Drift's admin multisig, which were used to execute a transaction modifying Drift's program configuration.
Squads programs were not compromised. We have also found no evidence of compromise to Squads infrastructure, though we are actively investigating to confirm this with full confidence. We will share further findings as they become available.
Best Practices for Operationally Critical Multisigs
Thresholds: Any multisig with operational or administrative control over a program should have a signing threshold of 3 or above. This requires an attacker to concurrently compromise multiple independent signers, significantly raising the difficulty of this type of attack. Where possible, signers should also be geographically and organizationally dispersed. Signers sharing the same location, devices, or org structure introduce correlated risk.
Timelocks: Multisigs with program-level control should implement a timelock (can be set up in Settings of your Squads multisig). It won't prevent a malicious transaction from being proposed, but it creates a window to detect and reject it before execution. The tradeoff: timelocks also slow down legitimate emergency responses to bugs or active exploits, so teams should factor this into their operational setup.
Alerts & Monitoring: We encourage all operationally critical multisigs to set up monitoring and alerts through our security partner @RangeSecurity. Range provides two key things: an alternative interface for independently verifying transaction content outside of the Squads UI, and proactive Slack alerts so signers are notified before a proposal moves forward. If you want help getting set up, reach out and we'll connect you directly.
A high threshold, a timelock, and monitoring are the foundation for any multisig with program-level control.
Signing Process: Signers should use dedicated devices and hardware wallets, never a general-purpose machine. Additionally, signatures are only valid for approximately 2 minutes each, so introduce at least a 2 minute delay between each signer taking actions to ensure signatures cannot be collected & bundled by an attacker. Always verify transaction content independently across all three available sources: the Squads UI, Range's alternative interface, and Solana Explorer or Solscan
On Durable Nonces
The Drift attack exploited durable nonces to collect signatures without time pressure, bypassing the 2-minute transaction expiry that would otherwise limit this type of attack. We are actively exploring ways to block durable nonce usage across all of our programs, both at the program level and through other enforcement mechanisms, to ensure this protection extends to our immutable programs V3, V4, and our current Smart Account Program. Beyond this, the broader Solana ecosystem is taking steps to address this at the protocol level, with a new transaction format that drops durable nonces as a feature entirely. We will follow up with more information on this soon.
Beyond Multisig, Operational Security
Technical controls only go so far. Most high-profile compromises lately have been social engineering attacks targeting the people behind the keys, not the contracts themselves. If you are running mission-critical protocol operations, invest in your internal opsec processes and team culture accordingly, how proposals are initiated, communicated, and approved all matter.
We recommend engaging dedicated security advisors. @zeroshadow_io and @0xGroomLake are trusted starting points, and we are happy to connect you directly.
English
Mau Palma retweetledi
My dear front-end developers (and anyone who’s interested in the future of interfaces):
I have crawled through depths of hell to bring you, for the foreseeable years, one of the more important foundational pieces of UI engineering (if not in implementation then certainly at least in concept):
Fast, accurate and comprehensive userland text measurement algorithm in pure TypeScript, usable for laying out entire web pages without CSS, bypassing DOM measurements and reflow
English
Mau Palma retweetledi
Mau Palma retweetledi
🚨𝘽𝙍𝙀𝘼𝙆𝙄𝙉𝙂: European Commission President Ursula von der Leyen unveiled EU–INC, a new framework that lets you launch a company in 48 hours for under €100
Starting a company across the EU today = 27 legal systems, 60+ company structures 🤯
That might be about to change…
The European Commission just introduced 𝗘𝗨 𝗜𝗻𝗰., a new optional corporate framework designed to make Europe actually function like one market.
Here’s what stands out:
→ Set up a company in 48 hours
→ Cost: < €100
→ Fully online, no minimum capital
→ One single framework across all EU countries
→ Easier share transfers & fundraising
→ EU-wide employee stock options (huge for talent)
Especially the EU-wide stock option plans, taxed only when employees actually sell (instead of when granted) is huge.
This makes it far easier for startups to attract and retain top talent, finally putting Europe closer to the US playbook.
Source/More info: ec.europa.eu/commission/pre…
In short: This is Europe trying to compete with the simplicity of a Delaware C-Corp 🇺🇸
And honestly… it’s long overdue.
For years, European founders had 2 choices:
1. Stay local and deal with fragmentation
2. Move to the US to scale
𝗘𝗨 𝗜𝗻𝗰. is trying to remove that trade-off.
If executed well, this could be one of the most important structural changes for European startups in decades.
What do you think?
English
Mau Palma retweetledi
Cypherpunk blog posts can only get you so far. Instead you can build something customers want and help them move off traditional banking to stablecoin rails.
Our mission is to get to end to end stablecoin settlement across all businesses using Altitude because this is how pure velocity and efficiency of money movement is reached. But we have a lot more work to do before we get there.
The reality is that most businesses today do require to settle via traditional rails for at least some of their payment volume and we are giving them that option, while they are holding 100% of their balance in stablecoins on the platform.
A stablecoin account that connects you to local and onchain rails is how you bridge the gap and fulfill the mission.
If you can’t see why this is the way to go, feel free to DM.
Stacy Muur@stacy_muur
Crypto projects are now bragging about rolling out SWIFT transfers for stablecoins. If you can’t see what’s wrong with that, I can’t help you.
English
Mau Palma retweetledi
Mau Palma retweetledi
Congrats to Airwallex and Ramp on expanding into Europe.
At @altitude we have been onboarding European businesses since last year.
We support SEPA, have EUR accounts and USD/EUR FX so European companies can operate globally from day one.
Stablecoins.
English
Mau Palma retweetledi
Congrats to @SuperteamUSA. We're proud to have them bank on Altitude.
See you in Miami.
Superteam USA@SuperteamUSA
Superteam USA is here. Our mission: accelerating founders across America. An elite community for builders across AI, biohacking, consumer products, onchain payments, and more.
English
Mau Palma retweetledi
The most tedious part of paying a bill isn't the payment. It's everything before it.
Upload or forward a bill to Altitude. AI reads it and prefills every detail. By the time you open it, all that's left is to approve and pay.
Pay bills altitude.squads.xyz/start
English
Mau Palma retweetledi
The most tedious part of paying a bill isn't the payment.
It's everything before it.
Upload or forward a bill to Altitude.
OCR AI reads it and prefills every detail.
By the time you open it, all that's left is to approve and pay.
Pay bills altitude.squads.xyz/start
English
Mau Palma retweetledi
Mau Palma retweetledi
Altitude Bill Pay is live.
Pay bills directly from your stablecoin balance.
→ Email-forwarded bills for auto-ingestion
→ OCR AI populates every detail
→ Pay in USDC or via fiat rails your vendor prefers
→ Payouts from one account make reconciliation simple
No more patchwork. One account. All your bills.
Closing your books has never been easier.
English