APE

1.1K posts

APE banner
APE

APE

@balding_ape

Made this to stay updated on things.

The Netherlands Katılım Eylül 2020
645 Takip Edilen305 Takipçiler
APE retweetledi
APE retweetledi
GOG.COM
GOG.COM@GOGcom·
Download the offline installer of any of your games on GOG, save it to a disc and it's yours forever. You don't need a storefront's permission to play what you bought.
English
1.1K
13.5K
88.9K
3.2M
APE retweetledi
IT Guy
IT Guy@T3chFalcon·
Dutch intelligence agencies got caught training AI on citizen data they weren't supposed to have. the CTIVD, the Netherlands' official intelligence oversight body, published a report finding that AIVD and MIVD staff accessed and retained massive bulk datasets in ways that violate Dutch law. names. phone numbers. location data. social media. communication content. millions of entries. some from government sources. some commercially purchased. some stolen by criminals and bought on the dark web. and then Bits of Freedom, the Dutch digital rights organization, flagged something buried in the report: the agencies appear to be training their own AI models on this data. this is not the first time. in 2020, the same watchdog found the same agencies had retained citizen data far beyond legal limits. after complaints, they were ordered to delete it. six years later: same report. same finding. same agencies. but now with AI in the loop. the data that was illegally retained is now reportedly being used to train models that will make future surveillance faster, more accurate, and more autonomous. you cannot opt out. Unlike commercial AI companies, there is no settings menu. no privacy center. no right to delete that you can actually exercise. Bits of Freedom put it directly: "They seem to be buying data from criminal data breaches. aren't they supposed to be protecting us from those?"
Abdulkadir | Cybersecurity@cyber_razz

Dutch intelligence agencies did what??????????

English
120
2.8K
10.1K
508.6K
APE retweetledi
Jesper Bylund -- just/acc
Jesper Bylund -- just/acc@JesperBylund·
The EU has blocked a chat control skeptics talk on YouTube. But here’s the thing, the content is in Finnish, and Finnish law allows for this exact thing. So the EU is currently illegally blocking free press in Finland.
Mikko Ohtamaa@moo9000

YouTube has just taken down the political discussion clip about the EU's Chat Control, and the video is no longer viewable in the EU. This has been confirmed by several parties. The video is still available outside the EU. @puheenaihefi podcast is a Finnish current affairs program with 60k subscribers. In this episode, Peter Sund, CEO of the Finnish Information Security Cluster (Kyberala ry) offered pointed criticism of the EU's new Chat Control directive, which was enacted under questionable circumstances. Because the media is in Finnish, it is highly likely the censorship request came from a Finnish government official or a related party. This makes it troublesome. Because the Finnish constitution §12 guarantees freedom of expression. Preventing political publications is a criminal offence: Abuse of Official Position, punishable by a fine or imprisonment for up to two years. You can listen to this episode on Apple Music and Spotify. Spotify link open.spotify.com/episode/51Etz1… Dysfunctional YouTube link youtube.com/watch?v=dGaQCc…

English
158
5.4K
29.8K
431.7K
APE retweetledi
Sven Clement
Sven Clement@svnee·
The European Parliament voted AGAINST Chat Control. 314 to 276. And it passed anyway. Let me tell you how: they needed 361 votes to say no. On the last day before vacation. Every empty seat counted as a yes. They lost the vote. They won the law. That’s not democracy. That’s a trick. #ChatControl
English
741
10.8K
48K
991.4K
SecondFi
SecondFi@secondfiapp·
Recovery Fund Address Our commitment remains unequivocal: to support the return of assets to all affected wallet holders from the 4 distinct wallet draining events which we intend to return in their in their original form. Three of these events were executed by external threat actors resulting in a loss of ~16M ADA. To return these assets to the victims of the attack, EMURGO has set up a recovery fund address. You can find it here: addr1qyvvn9e9ulvzw2nvgkwraxwrla4a28l7gmduk7jru2rw9kdxkls8aczwgg8u44nj87uaq50rgcjulcxtzv9q8j0g2lss9kv2ss Assets secured through our emergency rescue response, including those from the fourth event, are currently protected and accessible. These will form part of the recovery effort to return assets to affected users. Important Security Reminder SecondFi will NEVER request private keys, recovery phrases, or wallet credentials, and we will never DM you first. Do not trust any checker, link, or account outside our official channels: ▪️ X accounts: @secondfiapp and @secondfi_jp ▪️ Support portal: support.secondfi.io ▪️ Asset recovery wallet checker: checker.secondfi.io
English
38
33
131
37.8K
a sd
a sd@asd1581708·
@secondfiapp @emurgo_io I had 4 wallets in the secondfi app and when I saw that 2 of them were stolen after the hack, I removed the software from my phone so that maybe the other 2 wallets would be safe. Now I have seen in your new announcement that you have said that you should not delete your wallet
English
35
2
18
1.6K
SecondFi
SecondFi@secondfiapp·
🛡 Recovery Process Update Today, we want to share an update across three areas: ⚙️ Returning user assets ⚙️ Moving user assets safely ⚙️ Onchain recovery 1. Returning User Assets - Drained by the attackers: @emurgo_io has funded an Asset Recovery Wallet specifically to return assets to users whose wallets were compromised in the attack. - Secured through our emergency rescue response: These assets are currently protected and accessible. We are in discussion with @IntersectMBO on the appropriate custody mechanism to ensure they are held securely and returned to users. 2. Moving Your Assets Our initial guidance was to stay put which was a deliberate step while we worked to fully understand the attack vector and avoid exposing users to further risk. Following active discussions with the Intersect Security Council, should you decide to move your assets, we recommend creating a new wallet using a hardware wallet only. A hardware wallet is the most secure option available. Important: However, users should NOT delete the SecondFi app under any circumstances. We strongly advise users to retain BOTH the app and their seed phrase, as they will be required to support the asset recovery process currently underway. 3. Onchain Recovery Our team is actively progressing an on-chain recovery solution designed to support the secure return of user assets. Extensive technical assessment has identified this as the most secure and efficient recovery pathway currently available. We are now working closely with a Cardano community-led task force to develop, validate and execute this solution securely. This process is more complex than originally anticipated and may require additional time beyond our previously estimated 2-week timeline. We will continue providing updates as progress continues. Important Security Reminder: SecondFi will NEVER request private keys, seed phrases, wallet credentials, or request asset transfers under any circumstances. We will never DM you first. Any message instructing you to move assets or submit wallet information outside of our verified official channels should be treated as fraudulent. Our official channels are our verified SecondFi X account and support.secondfi.io. For support, please submit a ticket only through our official support channel at: support.secondfi.io Thank you for your continued trust as this work continues.
English
41
39
147
38.7K
APE retweetledi
Madelon Vos
Madelon Vos@MadelonVos__·
Sociale media ontploften afgelopen week door de voorgestelde aanpassingen aan de nieuwe box 3-wetgeving. En ik kan je alvast vertellen: wat mij betreft mogen ook deze wijzigingen direct de prullenbak in. Maar daar blijft het niet bij. Vanuit Brussel legde Wopke Hoekstra mogelijk zelfs een bom onder de complete box 3-plannen. Zijn voorstel om de Europese kapitaalmarkt te versterken - daar is dat woord weer - zou er namelijk voor kunnen zorgen dat vermogen massaal van box 3 naar box 2 verhuist. Hoekstra wuift die kritiek echter resoluut weg. Maar heeft hij daar eigenlijk wel gelijk in? Ondertussen houden centrale banken de rente naar eigen zeggen hoog, omdat de inflatie hardnekkig blijft. Tegelijkertijd zien we dat de Europese economie steeds meer tekenen van afkoeling vertoont. En ook op de financiële markten neemt de onrust toe. AI-aandelen gingen onderuit, tech kreeg flinke klappen, edelmetalen daalden scherp en ook bitcoin laat opnieuw zien dat er onder het koersverloop een veel groter verhaal schuilgaat. Dit en meer in mijn nieuwste Madelon Praat video via de link hieronder in de reacties.
Madelon Vos tweet media
Nederlands
31
75
350
23.5K
APE retweetledi
uid.eth | Rickey Gevers ⛵️
Belasting op ongerealiseerde winst maakt alle incentives kapot in een welvarende economie en dient direct te worden uitgebannen. Ik verdien mijn centen. Ik werk daar extreem hard voor. Ik neem alle risico’s. Ik verdiep me in zaken. Ik grijp de kans. Ik draag de risico’s van (gruwelijke!) verliezen. Ik neem verantwoording. En als het dan allemaal 'toevallig' goed gaat, komt ineens de overheid een stukje van de taart opeisen. De overheid die 0 risico neemt, 0 offers brengt en 0 verantwoording draagt. Het enige wat ze doen is graaien van mensen die wel bereid zijn alle offers te brengen en emotionele weerstand te verslaan om welvarend te worden. Mensen die van niks iets moois weten te maken worden gestrafd. Niets doen wordt beloond.
Nederlands
35
78
367
27.9K
APE retweetledi
Mark Karpelès
Mark Karpelès@MagicalTux·
Test if your SecondFi Cardano address is compromised via @TibaneLabs by providing your *public* (addr1...) address. If you sent any transaction with SecondFi wallet between June 8th and June 23rd, it is very likely compromised. tibane.net/research/secon…
Mark Karpelès tweet mediaMark Karpelès tweet media
English
11
28
94
15.7K
APE retweetledi
Miilato
Miilato@miiilato·
the silence after you have accepted something you never wanted to accept
English
26
4K
17.3K
285.3K
APE
APE@balding_ape·
@A3Cpool_Shawn @P3b7_ @JoriPLevy They also didn’t take everything from me too , so i moved the remaining ada to an exchange and the midnight tokens to a fresh wallet created in eternl
English
1
0
2
47
Charles Guillemet
Charles Guillemet@P3b7_·
After the signing bug exposed users' keys, attackers drained wallets. Then SecondFi swept the rest itself into a custodian and called it a rescue. We have seen exit scams, exchange seizures, protocols clawing funds back. A self custody wallet provider moving live customer funds with the users' own leaked keys, framed as protection, is a new shape. First time at this scale, to my knowledge. The hard part now is refunding. Once a key can be rebuilt from a public signature, the key identifies no one: owner, attacker, and chain scraper all hold it. So "sign to prove ownership" is dead here. A scammer signs as well as the victim. And some users may have self drained to a fresh wallet, then queued for a refund anyway. The one secret that survived is the seed. Derivation is one way: the leak exposed a derived key, not the 24 words, and you cannot climb back to them. Only the real owner knows the seed. So prove the seed, not the key, in zero knowledge. The user proves "I know a seed that derives to this address" without revealing it: the circuit recomputes mnemonic to seed to keys to address, and outputs a proof the verifier checks in milliseconds. The seed never leaves the device. A scammer with only the key cannot produce it. One honest limit: this proves ownership, not loss. A self drainer passes too. So refunds still need on chain accounting, what actually left each address, netted against what the owner already recovered. Proof plus accounting. Cryptography or human judgment. Human judgment is slow, gameable, and exactly the trust you tried to remove. The bug turned every signature into a key disclosure. The fix should turn every claim into a proof. Stay safe.
Charles Guillemet@P3b7_

🚨SecondFi: more than $20M stolen, or taken hostage - When the nonce is predictable, the key is public. Last Tuesday, SecondFi wallets were drained at scale. Users were doing nothing exotic, just signing transactions like any other day. Then the funds were gone. ▶️What happened. Two waves. First, external attackers drained wallets: ~16M ADA plus NFTs, around $2.5M. Then a much larger move: ~129M ADA, around $20M, swept by SecondFi itself to a third party custodian, "to keep it safe." Users were robbed by attackers, and users were swept by the platform!! ▶️The bug. Every signature scheme in this family uses a per signature secret number, the nonce. The one rule: it must be secret and unpredictable. EdDSA (Ed25519, what Cardano uses) makes it deterministic on purpose, derived from the private key and the message together. Deterministic, but secret. The secret input is the whole point. SecondFi's implementation derived it from public data alone. The nonce stopped being secret. Public in, public out. ▶️Why it is fatal. Call it what it is: worse than nonce reuse. Reuse needs two signatures from the same key to recover it. Here the nonce can be recomputed by anyone from data already on chain, so a single signature is enough to reconstruct the private key. Every transaction a user ever signed is a public disclosure of their key. I pulled signatures off chain and rebuilt the keys to confirm. One signature, every time. The chain was not attacked. It was read. ▶️The "rescue." The second wave was the platform sweeping ~129M ADA to a custodian, framed as protection. The fix for "your keys are cryptographically exposed" was "trust us to give it back." A cryptographic failure patched with a social promise. "We will return the funds" is not "we are cryptographically incapable of keeping them." The incident did not create that gap. It made it visible. ▶️The ownership trap. Once a key is publicly reconstructible, holding it proves nothing. Attacker, custodian, original user: three parties, same cryptographic claim. So how does a real owner prove it? The elegant exit is a zero knowledge proof of knowledge of the 24 words, the seed, without revealing it. Knowledge of the mnemonic is the one thing a chain scraper does not have. Prove the preimage, not the key. ▶️ How did it get in? Honest mistake, or planted? Dropping a single secret input from the nonce is a tiny change. Exactly what a tired engineer ships, and exactly what a supply chain or insider attacker plants, because it is deniable and pays out silently to whoever reads the chain. I do not know which one this was. The commit history will tell. Cryptography does not care about good intentions. It enforces what you built. SecondFi built a scheme where the nonce was predictable, so the keys were public, so the funds were anyone's. The rest is just who read the chain first. Stay safe. -- (obv, Ledger users are not affected. Nonce and signatures are computed inside the secure element)

English
33
16
136
15.9K
APE
APE@balding_ape·
@masatoalexander Immediately after the wallet drain, I sent all my remaining cardano to an exchange and the last midnight tokens to another wallet
English
1
0
1
189
masato_alexander
masato_alexander@masatoalexander·
if you restore your seed in another wallet and SEND everything to a NEW address (made in another wallet) there is a CHANCE you get frontrun in the mempool over a few seconds. or you can WAIT for your funds to get swept by emurgo / "a white hat" (🤣🤣🤣) risk vs reward.
English
18
4
65
3.8K
APE
APE@balding_ape·
@adatrailblazer @secondfiapp Yeah i did the same , moved the remaining ada to an exchange and midnight tokens to a new wallet
English
1
0
0
50
Adatrailblazer
Adatrailblazer@adatrailblazer·
@secondfiapp @secondfiapp I’m an affected user. Before your June 24 warning, I moved my remaining 14,703 ADA to a separate wallet with new keys after 37,791.556931 ADA + native assets were drained. Please confirm this does not affect my cohort inclusion, snapshot or make-whole claim.
English
17
1
6
1.5K
SecondFi
SecondFi@secondfiapp·
To provide more clarity, we have identified the nature of the incident, it is at the address level. The security risk affects wallet users when a transaction is signed. Therefore recovery to another platform or wallet does not mitigate the risk. 🚨 DO NOT restore your recovery phrase into a new Cardano wallet. We have isolated the affected wallets and will post mitigation steps shortly.
SecondFi@secondfiapp

There has been conflicting advice from different community members in an attempt to be helpful. ⚠️ DO NOT RESTORE your recovery phrase into a new Cardano wallet. As advised, do nothing until official steps come from SecondFi. The only thing you should do is submit a ticket at support.secondfi.io. We will never DM you first or ask for your recovery phrase.

English
85
67
174
128.8K
Dan Gambardello
Dan Gambardello@dangambardello·
@_ThisCr8zyLife_ I'm sorry, I thought it was positive news that people's crypto was protected and could get it back. How about you try relaxing?
English
4
1
77
2.9K
thiscrazylife 🔄
thiscrazylife 🔄@_ThisCr8zyLife_·
"Rescued" @dangambardello define rescued. If you are so keen to use those words in public addressing your large audience, please elaborate on the rescue in regard to post hack TOS changes. In regard to the hack using a pre funded fee sponsor that clearly knew about the exploit that the Emurgo team also must have known about in order to "rescue" funds. Explain how that available "rescue" really helped anything. Explain so everyone understands since that's your take.
thiscrazylife 🔄 tweet media
Dan Gambardello@dangambardello

Big developments on the Cardano wallet hack. Firstly, Cardano was NOT hacked. Secondly, users should be able to get their ADA back! What got exploited was third-party wallet software, and the headlines are obviously running crazy with this Cardano news implying this was a protocol level thing. Here's what actually happened: - 16M ADA drained across 374 addresses by external attackers - 129M ADA was rescued through emergency measures and is being returned to affected users - Claims process is actually underway for people to get their ADA back The fair question to ask is how did Emurgo have key access to do it?! The optics there aren't great.

English
3
3
8
5.7K
Erick Cisneros
Erick Cisneros@ecisnerosdev·
The wallet that took all of my ADA still has a large balance. I don’t understand how you can say that most of the ADA has already been recovered. Address: addr1q8g8cgwqw98q2mrzrwgcy3wectdxwem8a8zp9r2mn6wjy7q4x7gcpv39wwurj7n72akw4kd0dgmv72gz4j92fvhn29ss7vuz99
Erick Cisneros tweet media
English
25
6
30
4.8K
Sssebi🦁
Sssebi🦁@Sssebi·
🚨Good news SecondFi secured 129m ADA worth of assets in order for them not to be drained. There's a high chance that if you got drained you will get it back. Bad news: there's still 16m ADA that was stolen.
SecondFi@secondfiapp

As per our previous post: x.com/secondfiapp/st… We have identified the root cause and have since rolled out a patch for all unaffected wallets. This will allow us to resume normal operations soon. ----- Regarding affected wallets, 4 distinct draining events occurred. 3 were executed by external threat actors, resulting in a loss of ~16m ADA across 374 addresses. To prevent total loss during the active exploit, emergency rescue measures were triggered to secure the available ~129m ADA and continues to be routed to an independent, qualified third-party custodian, where they are held securely for the benefit of the affected wallet addresses. An external accounting firm has been engaged for a special audit to independently verify those holdings. We are working to facilitate the verification process so users can claim back their assets safely. Affected users should submit their claim at support.secondfi.io We take this incident seriously and are working to ensure all assets are returned to affected users as soon as possible. As stated, we have identified the root cause, it is at the address level. Please DO NOT RESTORE your recovery phrase into another Cardano wallet, this does not mitigate the security risk. The security risk occurs when an affected user signs a transaction. Further explanation to follow.

English
17
7
122
7.6K