Justin

Super excited to share that I recently joined the elite team @fusewallet to help build the best mobile experiences for modern money

Now live on Tempo: @altitude Altitude is a financial operating system for businesses running on stablecoins, available in 150+ countries. Companies on @Altitude can now send and receive stablecoin payments on Tempo alongside their accounts, cards, and finance operations.

Your Altitude account can now send and receive USDC across Ethereum, Base, and Avalanche, alongside Solana. One account for businesses running on stablecoins, now across four chains. Get started: app.altitude.xyz/signup

@nickpylll @fusewallet 👑🫂

Today I’m moving on from @fusewallet after almost two years of working on this product alongside some incredibly talented people. It’s been a great journey. We built something I’m genuinely proud of, won App of the Year from Expo, and made a product I use almost every day. Grateful to the @SquadsLabs team for this chapter, and excited for what’s next!

Your business runs on stablecoins. Your cards should too. Issue virtual cards, spend directly from your Altitude balance and earn up to 2% cashback*. Altitude Card is coming soon, apply for early access: altitude.xyz/card.

Businesses no longer need a bank account. We've raised $18M on this bet. Go altitude.xyz

@nickpylll @fusewallet 🧑🏻‍🎨

subtle button transition / @fusewallet

@jahris @Helius @solana legend

I'm leaving @helius After 3 years of scaling one of the most recognizable brands in crypto, it is time for me to move on. It's been a crazy journey and I'm thankful for having the opportunity to grow the @solana ecosystem through our work at Helius. Also glad that I got to work on consumer products like @LanaAI, @Orb_Markets and @checkprice, definitely realized I have a kink for product design. But most of all I'm grateful for the Solana community, there's no better bunch of internet friends anywhere and I plan on staying here and helping any way I can for a long long time to come. Let's bring sovereign money to the masses. Lock in, manlets! 🫡

Announcing Solana Multisig Tools Three new open-source tools for Squads Protocol v4. All three are small, self-hostable, and built with minimal dependencies. We're actively engaging with STRIDE to help strengthen multisig management practices on Solana. This is the first step towards multiple independent frontends and access points to v4. multisig-cli A focused Rust CLI for reviewing, simulating, signing, and executing multisig proposals. It parses multisig accounts and instructions directly instead of pulling in a large dependency tree. The result is a binary that's easy to audit and well suited for high-trust operational workflows. If you're using an older CLI, we recommend switching to this multisig-cli which has minimal dependencies. multisig-verifier A static, zero-backend browser UI. Reads multisigs state directly from Solana RPCs, decodes proposals, tracks approvals, and lets members approve or reject from their own wallet. No secrets leave the browser. Strict CSP rules by default. multisig-monitor Real-time visibility into multisig activity. Watches configured multisigs, decodes actions, and emits notifications when members create, vote on, execute, or modify configuration. Treasury and governance events surface as they happen. The pattern across all three: inspect before signing, verify before approving, monitor after execution. Smaller dependency surfaces reduce supply-chain risk. Direct decoding reduces blind signing. Open implementations are reviewable end-to-end. Monitoring closes the loop. We strongly encourage every team to verify what they're signing through more than one interface. Don't rely solely on any single frontend. Cross-check with a CLI, an independent verifier, or a second client before approving anything that matters. We're working with a number of security teams who will host their own versions of the multisig-verifier. You can self-host today. Soon teams will also be able to access independently operated instances run by parties with no affiliation to Squads. Link to the repo in the post below.

Every friend I talk to is overworked since AI. Working weekends. Always on their phone prompting. Kinda sad.

Our investigation into the @DriftProtocol incident remains ongoing. Early evidence points to two compromised signers on Drift's admin multisig, which were used to execute a transaction modifying Drift's program configuration. Squads programs were not compromised. We have also found no evidence of compromise to Squads infrastructure, though we are actively investigating to confirm this with full confidence. We will share further findings as they become available. Best Practices for Operationally Critical Multisigs Thresholds: Any multisig with operational or administrative control over a program should have a signing threshold of 3 or above. This requires an attacker to concurrently compromise multiple independent signers, significantly raising the difficulty of this type of attack. Where possible, signers should also be geographically and organizationally dispersed. Signers sharing the same location, devices, or org structure introduce correlated risk. Timelocks: Multisigs with program-level control should implement a timelock (can be set up in Settings of your Squads multisig). It won't prevent a malicious transaction from being proposed, but it creates a window to detect and reject it before execution. The tradeoff: timelocks also slow down legitimate emergency responses to bugs or active exploits, so teams should factor this into their operational setup. Alerts & Monitoring: We encourage all operationally critical multisigs to set up monitoring and alerts through our security partner @RangeSecurity. Range provides two key things: an alternative interface for independently verifying transaction content outside of the Squads UI, and proactive Slack alerts so signers are notified before a proposal moves forward. If you want help getting set up, reach out and we'll connect you directly. A high threshold, a timelock, and monitoring are the foundation for any multisig with program-level control. Signing Process: Signers should use dedicated devices and hardware wallets, never a general-purpose machine. Additionally, signatures are only valid for approximately 2 minutes each, so introduce at least a 2 minute delay between each signer taking actions to ensure signatures cannot be collected & bundled by an attacker. Always verify transaction content independently across all three available sources: the Squads UI, Range's alternative interface, and Solana Explorer or Solscan On Durable Nonces 
The Drift attack exploited durable nonces to collect signatures without time pressure, bypassing the 2-minute transaction expiry that would otherwise limit this type of attack. We are actively exploring ways to block durable nonce usage across all of our programs, both at the program level and through other enforcement mechanisms, to ensure this protection extends to our immutable programs V3, V4, and our current Smart Account Program. Beyond this, the broader Solana ecosystem is taking steps to address this at the protocol level, with a new transaction format that drops durable nonces as a feature entirely. We will follow up with more information on this soon.

Beyond Multisig, Operational Security Technical controls only go so far. Most high-profile compromises lately have been social engineering attacks targeting the people behind the keys, not the contracts themselves. If you are running mission-critical protocol operations, invest in your internal opsec processes and team culture accordingly, how proposals are initiated, communicated, and approved all matter. We recommend engaging dedicated security advisors. @zeroshadow_io and @0xGroomLake are trusted starting points, and we are happy to connect you directly.

@nickpylll 🧑‍🍳

I’ve always found the send flow in the Mail app confusing. The status isn’t clear, undo is hard to find, while the mail itself flies upward. That motion could extend into an action and status in the notch, making the interaction more intuitive

@oyacaro @martin_casado @fulligin @sparkjsdev so sick

@martin_casado @fulligin @sparkjsdev @jstnwdev here's another

I just can't get enough of this 40million splat scene created by @fulligin. Rendered with @sparkjsdev ...

Upload, track and pay bills from your stablecoin treasury with USDC or fiat payment rails Only possible on Solana with @altitude

We just launched Altitude Bill Pay. Your stablecoin balance can now pay any bill. USDC, wire, ACH, SEPA - whatever your vendor needs, one account handles it all. We built this because payables is still a mess for most businesses. Especially if your treasury is in stablecoins but your bills settle over legacy rails. You end up juggling inboxes, portals, offramps and spreadsheets just to pay an invoice. So we fixed it: → Forward bills from your inbox to Altitude - they get ingested automatically → OCR AI scans and populates every detail on upload → Pay in stablecoins or seamlessly offramp to whatever fiat rail the vendor needs → Every bill and payment tracked in one ledger making reconciliation and month-end close much simpler. If you’re running on stablecoins and tired of the payables runaround, come give it a spin.

Altitude Bill Pay is live. Pay bills directly from your stablecoin balance. → Email-forwarded bills for auto-ingestion → OCR AI populates every detail → Pay in USDC or via fiat rails your vendor prefers → Payouts from one account make reconciliation simple No more patchwork. One account. All your bills. Closing your books has never been easier.

forward your mails friends

Wrote a thousand words on taste, but think I can get it down to five: “Taste is measuring without counting.”

@macbrennan_cc @project0 get on @PlanetScale

Supabase has been down for 2hrs. It’s used by us to to support backend operations at @Project0 This level of downtime is not acceptable to us, so we’ll be looking into migrating our database tech after it comes back online

@L3MON_069 @uselulo looks great!

Over the past few months, we at @uselulo teamed up with @vandals_pro to rethink our communications strategy and craft a brand-new visual design. Proud of the journey and the results.

We onboarded to @altitude today. As a business operating and generating revenue both in stablecoins and fiat, it makes our life substantially easier. In 2026, we're going higher.