Daniel

If 0 to 100k took 15 years, how long will 100k to 200k take?

A hacker group just compromised one of the most widely used security scanners in the world, and used it to steal half a million credentials from companies that trusted it to keep them safe. On March 19, a threat actor group called TeamPCP injected credential-stealing malware into Trivy, a popular open-source vulnerability scanner maintained by Aqua Security. Trivy is used by thousands of companies to scan their code and infrastructure for security flaws. The attackers compromised 75 GitHub Action tags, the Trivy Docker images, and related CI/CD pipelines, meaning every company running automated security scans through Trivy was unknowingly executing the attackers' code. The malware harvested SSH keys, cloud credentials, Kubernetes secrets, cryptocurrency wallets, and .env files from every environment it touched. The stolen data was encrypted and exfiltrated to attacker-controlled servers. But the attack didn't stop there. Using credentials stolen from Trivy's CI/CD pipeline, TeamPCP then backdoored LiteLLM, a widely used Python framework for managing AI model APIs. Two malicious versions (1.82.7 and 1.82.8) were pushed to PyPI, the main Python package repository. The second version was designed to execute automatically on every Python process startup in the environment, no user interaction required. From there, it deployed privileged pods across entire Kubernetes clusters and installed persistent backdoors on every node. The attackers also pushed compromised Docker images of Trivy (versions 0.69.4, 0.69.5, 0.69.6) to Docker Hub and compromised dozens of npm packages with a self-spreading worm called CanisterWorm. They even defaced 44 internal Aqua Security repositories in a scripted 2-minute burst, renaming them all with "TeamPCP Owns Aqua Security." According to the International Cyber Digest, which is in direct contact with the attackers, TeamPCP claims to have exfiltrated 300 GB of compressed credentials and is actively working through them. The LiteLLM compromise alone reportedly yielded half a million stolen credentials. The group says it is currently extorting several multi-billion-dollar companies. Each compromised environment yielded credentials that unlocked the next target. The pivot from CI/CD pipelines to production Python packages running in Kubernetes clusters was deliberate escalation. Security researchers say this campaign is "almost certainly not over." This is what a modern supply chain attack looks like. The tools companies trust to secure their infrastructure become the attack vector. The irony is brutal, the security scanner was the vulnerability.

Which bitcoin superpower would you want? The ability to trust 3rd parties Opportunity to flip a coin for triple or nothing with your stack (it's +EV) The ability to orange pill anyone. The ability to buy billions worth of bitcoin every week while the price goes down

Put this together in a couple of evenings with Gemini. The bar to developing applications is clearly lower now! Not a privacy tool but a cost management and visualisation one. unspent.to

brk v0.2 is officially out ! a massive release with many internal changes and reworks the suite now runs with no internet, exchange apis and any kind of third parties all you need is a running #bitcoin node here are some highlights: 1/n

Which is most important for Bitcoin development right now?

Can't orange pill every business (then expect each employee to know how to take btc) Just flip the switch and make bitcoin accepted everywhere.

@asanoha_gold Yes, they have been saying bitcoin is going to zero since 2011.

Is Reddit’s r/Buttcoin actually real?

Congratulation to @mara for joining the #BIP54 party Mara just produced their first BIP54 compatible block: 940,548 Its happening folks. mempool.space/block/00000000…

Stacking bitcoin with your paycheck while the price is down - it's like bitcoin is a beach ball held underwater. Being leveraged long bitcoin while the price is down is like being held underwater.

2023 vs 2026 

2023: photo on the left was taken 3 years ago from my 8 - 6 job, in a cubicle, no windows, with a screen saver of a beach, drinking water from a plastic bottle 

2026: today, im working from an ocean view living outside the matrix, working at my time. find freedom folks, buy the dip

The Bitcoin Space Force: @Blockstream: satellite network that broadcasts the Bitcoin blockchain, reducing Bitcoin's dependency on internet access @Starcloud_: orbital data center mining Bitcoin in space @Starlink: enables access to the Bitcoin network across most of the globe

JUST IN: Paraguay has just followed the lead of Bhutan, using wasted hydro energy to mine Bitcoin, for a likely National Bitcoin Reserve. "Reports indicate mined Bitcoin will likely be held as a state asset or the national treasury, potentially used to fund infrastructure"

Why are you selling your bitcoin now?

Why are you selling your bitcoin now?

Still the same price

Here are this week’s bullish #Bitcoin developments: • @Strategy acquired 592 BTC for ~$39.8M; total holdings now 717,722 BTC. • South Korea’s National Pension Fund disclosed an $80M $MSTR purchase. 🇰🇷 • 🇫🇷 $2.8T Amundi increased its $MSTR stake by 373% to 4.79M shares (~$641M). • Jane Street increased its $MSTR stake by 785,224 shares, now holding ~951,187 shares (~$121M). • Jack Dorsey’s @blocks ($XYZ) bought 103 more BTC, bringing total holdings to 8,883 BTC. • Missouri advanced a #Bitcoin Strategic Reserve bill. • Indiana approved Bitcoin & spot ETF access for public retirement funds; governor’s signature pending. • Michigan introduced a bill to allow Bitcoin payroll & block a CBDC. 🇺🇸 • Morgan Stanley confirmed plans for Bitcoin trading, lending, yield & custody. • Citi ($2.5T AUM) announced it will integrate Bitcoin services this year. • @adam3us mentioned @bstrco may acquire up to 21,000 BTC post-SPAC approval.

Exponential growth

Today we’re launching Voltage Credit. 👀 The industry’s first programmatic revolving line of credit built on top of Bitcoin payment rails. ⚡ Send payments with instant finality over BTC/Lightning. Repay your credit line in USD from a standard bank account or in Bitcoin. Pay interest only on what you use. ⚬ No forced crypto exposure. ⚬ No slow settlement. ⚬ No idle capital. It embeds a true revolving line of credit directly into the same infrastructure that powers your payments. Your choice, USD or BTC. Built for CFOs, treasury teams, heads of payments, and product leaders who want to move value on Bitcoin rails with enterprise controls. Join the priority list today and get access. voltage.cloud/blog/introduci…

Apparently the island of Yap still uses Rai stones. Has no one tried to orange pill them?

The typical pattern for a new asset is the smart, sophisticated, wealthy elite get it first, and retail buys much later. I thought with bitcoin that retail could get in first. But they can "run it backwards" and force retail out while loading up at still favorable prices.

I built the first AI that earns its existence, self-improves, and replicates without a human wrote about the technology that finally gives AI write access to the world, The Automaton, and the new web for exponential sovereign AIs WEB 4.0: The birth of superintelligent life