No Name

Dflow is running away from accountability, the pitch was straightforward: *Be early *Earn XP *Get rewards It wasn't just implied… They stated it outright: “XP will be converted to tokens.” People turned up. Over 300,000 users Millions in deposits

Not only that @SolanaFndn WILL DO NOTHING as they are secretly supporting dflow in taking down JUP @italoacasas RECEIPTS can be provided if needed.. Just ask we will organize the meeting

@JupiterExchange are you seeing this @solana @Solanafdn @CoinDesk @Cointelegraph @TheBlock

lol this is getting weird now > @niteshnath is blocking everyone who posts about what happened. > people who supported the @dflow for months and years getting blocked instantly. > they deleted discord channels where users were asking about xp rewards wiped communication so new users won’t even know what was promised. > this is after 2+ years of users depositing real money and trading on their app. > users were told XP leads to rewards and tokens multiple times by the team and CEO. > the CEO himself said “we promise you will be rewarded” and “for sure” publicly. > now? he's blocking everyone, there’s no answers no clarity no transparency.

What's going on at dflow 👀

Where is the transparency? @solana @Solanafdn @CoinDesk @Cointelegraph @TheBlock

@xoxo_Nfto @niteshnath The community needs accountability and what was promised

@dflow raised millions from the community,promising XP rewards and future airdrop but. 👉Now the rewards are missing, 👉Discord deleted 👉questions are being ignored Mfer @niteshnath blocked everyone who raised voice against this🤣 How looser & greedy founder #ScamWarning

Mferr blocked all who raised voice against @dflow @niteshnath idiot

Your partner has turn it's back on their community x.com/i/status/20396…

@tryfomo x.com/i/status/20396…

the cost of buying $10,000 of Bitcoin on three different platforms: fomo: $7 Robinhood: $85 Coinbase: $275 fomo routes trades onchain to get you the best price on everything from Bitcoin to Pudgy Penguins 🪙 download the app with code 'fomo' for 10% off fees

Not calling it a rug. Just pointing out that: → XP → token expectations were clearly set → users actively participated (with real funds) → communication has been inconsistent since If there’s a clear process (like forms), it should be communicated transparently to everyone.

There is no place on Earth call Turkey it's Türkiye Turkey is a bird; you fit buy that one chop aje

@_manndude @dflow @niteshnath This is a situation that a simple dialogue would fix but they are deafening their ears towards the community

The situation with @dflow is a sad state of affairs. @niteshnath can we please open up a dialogue before this gets out of hand? Dflow walking back the XP rewards after your community waited two years is bad enough… shutting down Dflows discord is making this way worse! Please respond!!!

@multisig @DriftProtocol x.com/i/status/20396…

Our investigation into the @DriftProtocol incident remains ongoing. Early evidence points to two compromised signers on Drift's admin multisig, which were used to execute a transaction modifying Drift's program configuration. Squads programs were not compromised. We have also found no evidence of compromise to Squads infrastructure, though we are actively investigating to confirm this with full confidence. We will share further findings as they become available. Best Practices for Operationally Critical Multisigs Thresholds: Any multisig with operational or administrative control over a program should have a signing threshold of 3 or above. This requires an attacker to concurrently compromise multiple independent signers, significantly raising the difficulty of this type of attack. Where possible, signers should also be geographically and organizationally dispersed. Signers sharing the same location, devices, or org structure introduce correlated risk. Timelocks: Multisigs with program-level control should implement a timelock (can be set up in Settings of your Squads multisig). It won't prevent a malicious transaction from being proposed, but it creates a window to detect and reject it before execution. The tradeoff: timelocks also slow down legitimate emergency responses to bugs or active exploits, so teams should factor this into their operational setup. Alerts & Monitoring: We encourage all operationally critical multisigs to set up monitoring and alerts through our security partner @RangeSecurity. Range provides two key things: an alternative interface for independently verifying transaction content outside of the Squads UI, and proactive Slack alerts so signers are notified before a proposal moves forward. If you want help getting set up, reach out and we'll connect you directly. A high threshold, a timelock, and monitoring are the foundation for any multisig with program-level control. Signing Process: Signers should use dedicated devices and hardware wallets, never a general-purpose machine. Additionally, signatures are only valid for approximately 2 minutes each, so introduce at least a 2 minute delay between each signer taking actions to ensure signatures cannot be collected & bundled by an attacker. Always verify transaction content independently across all three available sources: the Squads UI, Range's alternative interface, and Solana Explorer or Solscan On Durable Nonces 
The Drift attack exploited durable nonces to collect signatures without time pressure, bypassing the 2-minute transaction expiry that would otherwise limit this type of attack. We are actively exploring ways to block durable nonce usage across all of our programs, both at the program level and through other enforcement mechanisms, to ensure this protection extends to our immutable programs V3, V4, and our current Smart Account Program. Beyond this, the broader Solana ecosystem is taking steps to address this at the protocol level, with a new transaction format that drops durable nonces as a feature entirely. We will follow up with more information on this soon.

Beyond Multisig, Operational Security Technical controls only go so far. Most high-profile compromises lately have been social engineering attacks targeting the people behind the keys, not the contracts themselves. If you are running mission-critical protocol operations, invest in your internal opsec processes and team culture accordingly, how proposals are initiated, communicated, and approved all matter. We recommend engaging dedicated security advisors. @zeroshadow_io and @0xGroomLake are trusted starting points, and we are happy to connect you directly.

@Kesfire @dflow At this point we want clarification

@macrealer_ @dflow are bunch of scammers

Dflow is running away from accountability, the pitch was straightforward: *Be early *Earn XP *Get rewards It wasn't just implied… They stated it outright: “XP will be converted to tokens.” People turned up. Over 300,000 users Millions in deposits

@poofnew x.com/i/status/20396…

We just shipped a starter template using DFlow's APIs for prediction market data. Users can fork it and quickly build trading dashboards, market trackers or other market-based features on top of DFlow's infrastructure. Try it out: poof.new/t/oracle-post

@EitherwayAI @dflow x.com/i/status/20396…

You just shipped your first prompt and blinked. While you did.. Eitherway wired in @dflow Smart Swap routing. MeV protected Terminal trading. Prediction markets and full accessibility to Dflow MCP network! Your app has premium DeFi infrastructure. Fully built and ready to deploy on @solana You can open your eyes now eitherway.ai