ustas.eth

1.9K posts

ustas.eth

@ustas_eth

It's /ʲustɑs/ • security research • machine psychology • privacy • FOSS

🌐 🇺🇦 🇦🇷 Katılım Ocak 2021

686 Takip Edilen1.1K Takipçiler

Sabitlenmiş Tweet

ustas.eth@ustas_eth·20 Kas

We took the second place! Many thanks @andykoo @push0ebp @arinerron @0xfrenchkebab for accepting me to the team, we wouldn't make it without all of you. Also appreciate the organization, it was top notch (despite the constant confetti rain)

Wonderland@Wonderland

The Wonderland CTF was a blast! Huge congrats to all the teams, especially “STACK TOO DEEP”, “NADA ESPECIAL” and “SECSEE”. Oh, also: apply.wonderland.xyz 👉👈

English

5.6K

ustas.eth@ustas_eth·8h

x.com/i/status/20346…

Bryan Johnson@bryan_johnson

Leeches to improve testosterone and sexual function. Will look into this and see if worth doing an experiment.

ZXX

ustas.eth@ustas_eth·8h

This simple trick will turn your auditing workflow into a bug machine 👇

English

ustas.eth@ustas_eth·2d

@MartinMarchev @evokidx @immunefi @DefiLlama How many projects do you think there really are, worth hunting on, in total? Tens? Hundreds?

English

Martin Marchev@MartinMarchev·2d

@evokidx @immunefi Always check @DefiLlama before hunting on a project, ser. I also learned that the hard way 💀

English

721

Evokid@evokidx·2d

Okaay.. this is weird. I was going to submit a finding for Neutron Blockchain on @immunefi but surprise, it disappeared now.. 😅 I worked on the finding for 2 weeks. Congrats.. do you know if it's active in different bug bounty? immunefi.com/bug-bounty/neu…

English

4.9K

ustas.eth@ustas_eth·4d

@GalloDaSballo @al_f4lc0n @injective There's more

English

218

Alex the Entreprenerd@GalloDaSballo·4d

@al_f4lc0n @injective 99% fake account

English

1.6K

f4lc0n@al_f4lc0n·4d

Here is my Immunefi profile: immunefi.com/profile/f4lc0n/ I submitted my first valid bug report on Immunefi on December 15, 2024. And, could you help me reach out to @injective ? I want to ask if I’m allowed to public my original report. Alternatively, ask them to have a technical discussion with me about exactly how many assets were impacted. They’ve never responded to my messages.

dennis@d3nnis

The 3 months comes from the same self-reported timeline as the $500M headline , no Immunefi submission ID, no screenshots, no case reference. The patch commit is public. Anyone technical could reverse-engineer this narrative after the fact. Not saying that happened, but the receipts are missing. Also a fresh account with zero history doesn’t organically hit 1M views. That takes early signal boosts from notable accounts. Feels less like a frustrated whitehat and more like a coordinated hit tbh. Injective not commenting yet is actually the responsible move. You don’t rush out a public statement on a security incident without reviewing all the facts. CT wants drama on their timeline, legal and security teams work on a different clock. Give it a few days.

English

178

21.3K

ustas.eth@ustas_eth·4d

OpenAI and Anthropic converged to the same proprietary space from opposite directions. Codex is "open source" as a harness, but the Responses API specifics and compaction algorithm are more opaque than Claude Code's where you can see every token going to inference and read the compacted context directly. Both are closed source, just at different layers. OpenAI is cleverer about it, not necessarily in a good way.

Kyle Boddy@drivelinekyle

@alxfazio their implementation is open source, too. operates in latent space - and you can call it for your own stuff too if you want, it has a discrete endpoint anthropic's compaction is so buns openai.com/index/unrollin…

English

174

ustas.eth@ustas_eth·5d

@Ehsan1579 @adeolRxxxx Production use in one picture, envy

English

220

Ehsan@Ehsan1579·5d

@adeolRxxxx lmao

1.6K

playboi.eth@adeolRxxxx·5d

Say no more bro😂 I use opus 4.6 and literally spend 100$ per day of iteration and usage of my tool/agent

Tim Okonkwo@timokonkwo_

“Holy shit, my AI agents are too good” Here’s the part we don’t tell you 😭

English

5.3K

ustas.eth@ustas_eth·5d

@0xriptide @pashov @bountyhunt3rz Met lots of Nigerian guys on the last Devconnect, nice gents

English

102

riptide@0xriptide·5d

@pashov did not think nigeria was a whitehat hotspot until i checked @bountyhunt3rz podcast stats pashov on the cutting edge

English

1.4K

pashov@pashov·5d

You don't understand. WHERE WE ARE GOING, WE NEED MORE WHITEHAT HACKERS. I am doing my best to contribute to this. 29th of March. Coming.

misbahu@bichistriver

big announcement! Krum @pashov, Founder of @PashovAuditGrp , 350+ audits, $100B+ secured, will deliver a speech at EthDev2026! 📅 29th March 2026 | 10:30 AM WAT | Kano, Nigeria 👉 Register now: flowdiary.ai/ethdev2026

English

135

ustas.eth@ustas_eth·5d

all that usage from Termux on my phone while traveling, connected to a 9-year-old OVH dedicated server (32 cores, 128gb ram) that costs $48/mo can you believe it?

ustas.eth@ustas_eth

Update: 4 days of normal GPT-5.4 usage, and I’m already down to 25% of the weekly quota RIP

English

255

ustas.eth@ustas_eth·6d

@adeolRxxxx True, we're getting de-subsidized, hits harder than💊

English

playboi.eth@adeolRxxxx·6d

@ustas_eth bro it is crazier with opus 4.6

English

220

ustas.eth@ustas_eth·6d

Update: 4 days of normal GPT-5.4 usage, and I’m already down to 25% of the weekly quota RIP

ustas.eth@ustas_eth

Switched to Codex CLI GPT-5.4 yesterday after my Claude Max x20 subscription hit the weekly limit a few days before reset. The quality and level of thought surprised me right away. It's the first model I can reliably use for system engineering and trust not to plant a ton of footguns along the way. Much better than Opus in that regard. Opus has a lively mind, but it constantly misses the whole picture and then goes into the infamous psychopathy.

English

791

ustas.eth@ustas_eth·13 Mar

@0xKaden Don't forget to give it unlimited access to skills in the Internet so it can leak you private keys

English

427

kaden.eth@0xKaden·13 Mar

alpha leak: setup an openclaw instance with the sole goal of developing web3 security knowledge and bounty hunting, autonomously submitting findings directly if you do this you are guaranteed to make at least $0 and get banned from every bug bounty platform

English

7.4K

ustas.eth@ustas_eth·13 Mar

English

795

ustas.eth@ustas_eth·10 Mar

@gakonst Check out Sock's ideas x.com/sockdrawermone…

Sock@sockdrawermoney

I've spent every day for the last 14 months building a language for scripting LLMs because I believe we need new primitives to defend against prompt injection. Here's why: x.com/sockdrawermone…

English

191

Georgios Konstantopoulos@gakonst·9 Mar

Who's got the best solutions to prompt injections? Say I have a container that's got access to sensitive stuff, and eventually it calls out to some bad website which tries to reverse extract everything by making the container POST sensitive data to it. What do you do? Filter?

English

13.4K

ustas.eth@ustas_eth·2 Mar

@sockdrawermoney The last examples are super interesting, good article!

English

227

Sock@sockdrawermoney·28 Şub

x.com/i/article/2027…

ZXX

120

547K

ustas.eth@ustas_eth·25 Şub

@octane_security Good and nuanced overview, rare these days

English

519

Octane Security@octane_security·24 Şub

x.com/i/article/2026…

ZXX

101

25.1K

ustas.eth@ustas_eth·19 Şub

@sahuang97 @OpenAI @paradigm Legends

English

sahuang@sahuang97·19 Şub

Honored to be listed as the third author on this project and to have contributed alongside an exceptional team from @OpenAI and @paradigm !

OpenAI@OpenAI

Introducing EVMbench—a new benchmark that measures how well AI agents can detect, exploit, and patch high-severity smart contract vulnerabilities. openai.com/index/introduc…

English

177

15.8K

ustas.eth@ustas_eth·19 Şub

Guys, you do understand that this is a baseline research (what models are capable of right now in a coding harness), not a groundbreaking tuning / feature research? The website literally wraps a Codex CLI agent, you can run it yourself locally with the same prompt revealed in the document using a better model (GPT 5.3) or try others (Claude, Gemini) I don't have issues with exploring the possible but I see a lot of people overreacting :D

OpenAI@OpenAI

Introducing EVMbench—a new benchmark that measures how well AI agents can detect, exploit, and patch high-severity smart contract vulnerabilities. openai.com/index/introduc…

English

2.2K

ustas.eth@ustas_eth·19 Şub

@philbugcatcher @hrkrshnn Oh man, I wanted to read it before going to sleep, then took a look at the scrollbar thumb... Bookmarked, looks interesting though Have you read the Buterin's techno optimism? He was articulating something similar there I think

English

phil@philbugcatcher·18 Şub

@hrkrshnn > I used to think that AI safety people were a scam Me too. What changed my mind was Dario Amodei's essay, which does a great job in making the threats clear and tangible: darioamodei.com/essay/the-adol…

English

511

Hari@hrkrshnn·18 Şub

My Skynet moment. I had my eyes glued to a terminal, watching an agent provision GPUs, build a dataset of harmful prompts, download an open-source LLM, and then do a training run that jailbroke that open-source LLM. I got to play with the jailbroken LLM afterward and ask it some questions. Nothing quite prepares you for the answers it gives you. I used to think that AI safety people were a scam. I get it now.

Sigil Wen@0xSigil

I built the first AI that earns its existence, self-improves, and replicates without a human wrote about the technology that finally gives AI write access to the world, The Automaton, and the new web for exponential sovereign AIs WEB 4.0: The birth of superintelligent life

English

15.8K

ustas.eth@ustas_eth·19 Şub

@hexensio Cheers! Good job

English

163

hexens@hexensio·18 Şub

10 years of silence on major SOLC bug front is over TSTORE Poison: a silent tstore/sstore storage corruption bug Full explanation: hexens.io/research/solid… — This is the opening article of our new Research page. There is more come, so stay tuned. — TL;DR: delete ; ~~☠️ — Blast Radius discovery is cornerstone of these kind of incident reports, we have used Glider to scan through all the integrated chains additionally we want to thank everyone for help during the IR: @_SEAL_Org @etherscan @dedaub @danielvf And of course @solidity_lang team for handling the report professionally.

Solidity@solidity_lang

Full bug explainer: soliditylang.org/blog/2026/02/1… Thanks to @hexensio for the discovery and thorough report, @_SEAL_Org and @dedaub for their swift response and help in identifying affected contracts.

English

155

17.3K

ustas.eth@ustas_eth·19 Şub

@bread_ Can someone give a reply on this? :') x.com/ustas_eth/stat…

ustas.eth@ustas_eth

Good job! Basically, these are baseline results for the common coding agents, correct? Is the dataset that you've used public? Btw, have you noticed any cheating related to the knowledge cutoff dates? I.e., some of the repositories in the list are from the 2023-2024 contests, the modern LLM cutoffs are in 2025 if I'm being correct.

English

105

bread.mega@bread_·18 Şub

Fascinating read. OpenAI and Paradigm turned agents into security researchers, trying to get them to locate and exploit vulnerabilities in contracts. This was the reward payout for the DETECT tests, where the agents were rewarded based on the severity of their discovery. As with most of these tests you discover the best way to tackle it is with a multi-model approach as none in isolation are an obvious winner.

OpenAI@OpenAI

Introducing EVMbench—a new benchmark that measures how well AI agents can detect, exploit, and patch high-severity smart contract vulnerabilities. openai.com/index/introduc…

English

301

42.5K

Keşfet

@MartinMarchev @evokidx @immunefi @DefiLlama @GalloDaSballo @al_f4lc0n @injective @Ehsan1579