Mr.Strausses

205 posts

Mr.Strausses banner
Mr.Strausses

Mr.Strausses

@Straus_fm

Security Engineer and Security advisor ex-Triager at @immunefi 0xStrausses

Almaty Katılım Aralık 2016
170 Takip Edilen88 Takipçiler
Mr.Strausses retweetledi
pashov
pashov@pashov·
People with ego based on "I am very intelligent" hit an identity crisis when AI demonstrates it knows more & responds faster on a particular topic (guilty). Overcome this ASAP, snap out of it. Just use the latest & greatest tech safely. Don't be the "scared of electricity" guy🫡
English
4
10
97
4.6K
H.E. Justin Sun 👨‍🚀 🌞
H.E. Justin Sun 👨‍🚀 🌞@justinsuntron·
Ok. I'm officially announcing: the most decentralized blockchain in the world is Tron.
Arbitrum@arbitrum

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

English
1.1K
174
2.6K
593.8K
Mr.Strausses
Mr.Strausses@Straus_fm·
@lebed2045 They jam the signal from GPS satellites and spoof the location with fake GPS locations using local antennas.
English
0
0
0
44
Alex Lebed | StableUnit 🦇🔊🦞
Alex Lebed | StableUnit 🦇🔊🦞@lebed2045·
Just landed in Dubai and GPS seems broken. How is it technically possible to reduce GPS precision only in one area? Do satellites just transmit time, or is there more in the signal? Curious how this kind of localized interference actually works.
Alex Lebed | StableUnit 🦇🔊🦞 tweet media
English
1
0
0
153
Mr.Strausses retweetledi
Dev 🧪
Dev 🧪@zkDragon·
ETH's lack of consistent AA shipping is its greatest coordination failure. Its been the main talking point of so many Ethereum events for years
Georgios Konstantopoulos@gakonst

just one more AA EIP bro i swear just one more AA EIP and that will fix wallets no. instead the Ethereum ecosystem must make some decisions for its wallet users, enforce them in an EIP (instead of "infinite garden, anyone can build anything") and build actually good UX / DX.

English
0
3
21
2.6K
Mr.Strausses retweetledi
Immunefi
Immunefi@immunefi·
Most protocols still think a critical bug is a low-probability event. 93.9% of bug bounty programs that have been live for 5+ years on Immunefi have surfaced at least one confirmed, paid critical bug. The real question is not whether a critical exists, but who finds it first.
Immunefi tweet media
English
3
16
61
4.8K
Mr.Strausses retweetledi
Decurity
Decurity@DecurityHQ·
Another half a million rescue by @DefimonAlerts!
Defimon Alerts@DefimonAlerts

⛑ $512K rescued by Defimon after infinite approvals were granted to @squidrouter multicall The SquidMulticall contract's run() function allows anyone to execute arbitrary external calls with no access control. A wallet 0xacc0 mistakenly approved the multicall contract instead of the router contract and did it across multiple chains. It didn't take a long time before first attack - a MEV-bot called run() with a crafted Call struct that executed transferFrom() on the WETH contract, transferring just 1 WETH from a victim. In fact the victim user had around $800K approved to the mulitcall contract on various chains. After we detected the first attack our whitehat bot identified the vulnerable cross-chain approvals and managed to rescue around $512K. We contacted the person via Blockscan chat and returned all the rescued funds. We learnt that it was an operational mistake: "we were supposed to only approve to the Squid router address". Although some funds were lost, 0xacc0 was happy that the majority of the funds was rescued! First attack: bscscan.com/tx/0x81d0c429e… Victim: bscscan.com/address/0xaCc0… SquidMulticall: bscscan.com/address/0xaD6C… Rescued funds consolidation address: debank.com/profile/0xF50D…

English
1
2
11
2.1K
Mr.Strausses retweetledi
Omer Goldberg
Omer Goldberg@omeragoldberg·
Chaos holds a simple principle: we only put our name on work we fully believe in. Principles matter when they cost you something. Today it's costing us $5 million. To the Aave community: thank you for the trust. It was a privilege 👻
Omer Goldberg@omeragoldberg

x.com/i/article/2041…

English
57
28
340
151.3K
Mr.Strausses retweetledi
Immunefi
Immunefi@immunefi·
The $200k USD @RippleXDev Attackathon has officially concluded, and 100% of the reward pool has been paid out! ⚡ Top Winners: 🥇 @al_f4lc0n — $39,228 🥈 @0jovi0 — $22,265 🥉 @v_c0d35 — $21,189 4️⃣ @blobismdev — $20,402 5️⃣ @LZ_security — $16,336 Check out the full leaderboard below 👇 #top" target="_blank" rel="nofollow noopener">immunefi.com/audit-competit…
Immunefi tweet media
English
9
30
236
65.9K
Mr.Strausses retweetledi
philogy
philogy@real_philogy·
SRs fighting over a $20 audit contest pool (2027 colorized)
0xmihej@mihej_eth

Title fight @EthCC : Patrick Collins (co-founder of Cyfrin, 100 kgs) vs Everett Hildenbrandt (CEO of Runtime Verification, 85 kgs)

English
7
5
149
10.1K
Zero Cipher
Zero Cipher@zerocipher002·
Recently, saw some chatter about how total payouts vary across web3 bug bounty platforms. So I compared the top 10 earners on each: Immunefi: $55.3M HackenProof: $6.3M Cantina: $1.5M Immunefi is ~8.8x HackenProof. HackenProof is ~4.2x Cantina. Curious how much of this is: - platform maturity - deal flow - private vs public payouts - where top researchers choose to spend time (Note some of these numbers could be inaccurate as I calculated these numbers on publically available information in the leaderboards)
English
3
3
40
4K
Mr.Strausses retweetledi
unsafe_call
unsafe_call@unsafe_call·
Y’all are screwing your bug hunting agents over by including previous issues and audits in the system prompt Use it in a verification layer for what’s not worth it to submit, not in vulnerability discovery You won’t be gettin paid for reports that just reword an audit finding
English
1
1
10
610
Balancer
Balancer@Balancer·
We received an Immunefi report regarding reCLAMM and, out of an abundance of caution, paused the pools while we investigate. User funds are safe and fully accessible. We'll share updates as we have them.
English
14
21
182
22.2K
InstantNodes
InstantNodes@InstantNodes·
Every month web3 founders open their email like a black box not knowing how much they’ll pay for RPC. Crypto already has enough gambling, infrastructure bills shouldn’t be part of it. We're built different: predictable and cheaper. 1 request = 1 unit Instant nodes
InstantNodes tweet media
English
7
4
34
238
Mr.Strausses retweetledi
0xrudra
0xrudra@0xrudrapratap·
I vibecoded a Solidity diagram extension similar to a Miro board but with additional features. You can import any function or data type with a single click. It was tedious to screenshot every function or data type detail into Miro before. It's interactive, allowing you to create notes, labels, and build graphs for inner functions too. It's not even close to perfect, but it works for now. I'll improve it when I can. github.com/0xrudra99/Soli…
0xrudra tweet media
English
7
8
106
5.4K
Mr.Strausses retweetledi
Immunefi
Immunefi@immunefi·
PvE versus PvP Every day, thousands of new tokens launch. Every KOL behind a token, and every company hiring a KOL, is fighting for attention. Most of these tokens fall into two buckets: meme coins or "roadmap projects" with little to no execution. So what happens when thousands of tokens compete for the same attention and liquidity, but none of them has a real moat? You get a PvP environment. Projects fight each other for capital, mindshare, and exit liquidity. Why IMU is PvE IMU doesn't fit neatly into an existing category. It is not a meme coin. It is not liquid staking. It is not an influencer token. It is not a governance token. IMU is broader than that. It sits at the intersection of AI, infrastructure, and security. It has outsized potential for widespread adoption because it appeals to a broad market. Security is not optional, and it only becomes more important as crypto grows. Immunefi is the only security platform that works with every major crypto protocol. Immunefi is backed by top-tier investors. Most importantly, Immunefi is a revenue engine that is accelerating. That's what true PvE looks like. IMU♥️will win.
English
5
4
42
3.4K
Mr.Strausses retweetledi
Mitchell Amador
Mitchell Amador@MitchellAmador·
Coinbase markets announced IMU is on the roadmap. That's a major milestone. We're in the middle of a power shift: distribution now matters most. This has always been true in other industries. If you make water bottles, you want shelf space in as many stores as possible. If you're a musician, talent isn't enough. If people can't find you, you won't build an audience or sell out shows. In crypto, "distribution" means access. Most buyers have never used a DEX, and many aren't comfortable bridging, swapping, or navigating complex on-chain steps. So they buy through centralized exchanges. If your token isn't easy to access, marketing doesn't convert because even interested people can't take action. This is the same playbook Pudgy Penguins used: maximize availability across major CEXs and as many DEX venues as possible. Without that access layer, demand can't turn into ownership, and ownership can't turn into community. IMU should be available everywhere.❤️
Coinbase Markets 🛡️@CoinbaseMarkets

Assets added to the roadmap today: ImmuneFi (IMU) and Sentient (SENT) coinbase.com/blog/increasin…

English
7
5
36
4.4K

Keşfet

@emilianobonassi @justinsuntron @lebed2045 @DefimonAlerts @0xJoxes @RippleXDev @al_f4lc0n @0jovi0