Vinícius Pinheiro
211 posts
Vinícius Pinheiro retweetledi
This seems to be a hot take, but I want my office to be absolutely silent, the only sounds I want to hear are white noises from the AC that perfectly controls the room temperature.
When I worked as an engineer in a programming methodologies lab, I couldn't stand the people around me, always noisy, always talking about some random shit, and were a constant distraction.
When I do something, I require peace and quiet, where open offices and co-working spaces provide none, and are no place to do deep work.
This is Apple's M1 launch from November 2020, and in my eyes is a perfect modern take on how a "lab"/office should look like, I can imagine myself doing wonders here, alongside people who share similar values and actually want to get shit done.
U.S. Graphics Company@usgraphics
Office should be a cold 68F environment with extreme silence, occassional equipment noise. "Co-working" places are like a fake office where leisure and fucking around is central to its mission. Doesn't seem like a place where deep work can happen, where excellence has a chance.
English
@KeystoneWallet Hey, I'm the researcher (u/Past_Computer2901). Going deeper buying more models from the same store to check how far the counterfeiting goes. Full technical report for Ledger in progress. More updates soon. 🔒
English
⚠️ Supply chain attacks on hardware wallets are more sophisticated than most realize!
Attackers aren't just phishing users anymore.
They're:
→ Tampering with devices during shipping
→ Uploading fake wallet apps to app stores
→ Distributing malware via Windows/Mac installers
→ Pushing malicious apps through TestFlight
How the attack works:
Counterfeit devices look identical externally, but use modified chip circuits designed solely to exfiltrate your seed phrase.
They include fake "user guides" directing you to malicious companion software that mimics genuine verification flows, making the compromised device feel legitimate.
Once you create a wallet and move assets, it will be drained by the attackers when you least expect it.
Why supply chain attacks?
As hardware wallet security strengthens, attackers target the weakest link: humans. Social engineering via supply chain manipulation is their new vector to exploit the human part.
Protect yourself:
→ Buy only from official channels and verified resellers
→ No hardware wallet app will ever ask for seed phrases
→ Always download the wallet app only via the official site link
Most importantly, verifying your device before usage is critical.
This is where Keystone 3 Pro shines.
Every Keystone 3 Pro ships with a pre-loaded verification key. Run the verification check on our official website by scanning the QR code.
If the device-generated code is accepted, your device is genuine.
If it fails? The device has been tampered with.
Verify everything. Trust nothing by default.
Choose hardware that lets you verify authenticity before use.
TFTC@TFTC21
A security researcher just documented a large-scale counterfeit Ledger Nano S Plus operation selling compromised devices across multiple online marketplaces. The fake units look identical to the real thing but contain completely different hardware. Instead of Ledger's secure element chip, the counterfeits run an ESP32 microcontroller with modified firmware labeled "Nano S+ V2.1." Seeds and PINs are stored in plain text and transmitted to attacker-controlled servers. Any wallet initialized on the device is drained. The operation goes beyond the hardware. The sellers also distribute a fake version of Ledger Live built with React Native and signed with a debug certificate. It intercepts transactions and exfiltrates sensitive data to multiple command-and-control servers. The campaign spans five attack vectors: compromised hardware, Android APKs, Windows executables, macOS installers, and iOS apps distributed through TestFlight to bypass App Store review. This comes days after ZachXBT documented a separate fake Ledger Live app that made it through Apple's Mac App Store review process. That operation drained over $9.5 million from more than 50 victims, including musician G. Love, who lost 5.92 BTC after entering his recovery phrase into what he believed was the legitimate app. The pattern is clear: the attack surface for hardware wallet users has shifted from firmware exploits to supply chain and distribution fraud. The devices themselves remain secure. The problem is that users are being intercepted before they ever touch a real one. Ledger's own "genuine check" feature can be bypassed when the hardware itself is compromised at the source, which makes where you buy the device as important as how you use it. The rules haven't changed, but they've never been more important: buy hardware wallets only from the manufacturer. Never enter your recovery phrase into any software. If a companion app asks for your 24 words on a screen, it's a scam. Every time.
English
@unstoppablebyhs Hey, I'm the researcher (u/Past_Computer2901). Going deeper buying more models from the same store to check how far the counterfeiting goes. Full technical report for Ledger in progress. More updates soon. 🔒
English
They still want you to believe hardware wallets are your only option
Meanwhile:
→ Fake devices. Fake apps. Fake supply chains.
→ you have to trust where you bought the device
→ you hope your physical address never leaks
→ you carry a device identified as “wallet”
→ you have to trust the app you install
→ you regularly receive phishing emails
→ you still have to write your seed on paper
In this new age you need privacy, obscurity and wallet designed for the new world threats.
Be Unstoppable!
TFTC@TFTC21
A security researcher just documented a large-scale counterfeit Ledger Nano S Plus operation selling compromised devices across multiple online marketplaces. The fake units look identical to the real thing but contain completely different hardware. Instead of Ledger's secure element chip, the counterfeits run an ESP32 microcontroller with modified firmware labeled "Nano S+ V2.1." Seeds and PINs are stored in plain text and transmitted to attacker-controlled servers. Any wallet initialized on the device is drained. The operation goes beyond the hardware. The sellers also distribute a fake version of Ledger Live built with React Native and signed with a debug certificate. It intercepts transactions and exfiltrates sensitive data to multiple command-and-control servers. The campaign spans five attack vectors: compromised hardware, Android APKs, Windows executables, macOS installers, and iOS apps distributed through TestFlight to bypass App Store review. This comes days after ZachXBT documented a separate fake Ledger Live app that made it through Apple's Mac App Store review process. That operation drained over $9.5 million from more than 50 victims, including musician G. Love, who lost 5.92 BTC after entering his recovery phrase into what he believed was the legitimate app. The pattern is clear: the attack surface for hardware wallet users has shifted from firmware exploits to supply chain and distribution fraud. The devices themselves remain secure. The problem is that users are being intercepted before they ever touch a real one. Ledger's own "genuine check" feature can be bypassed when the hardware itself is compromised at the source, which makes where you buy the device as important as how you use it. The rules haven't changed, but they've never been more important: buy hardware wallets only from the manufacturer. Never enter your recovery phrase into any software. If a companion app asks for your 24 words on a screen, it's a scam. Every time.
English
@Crypto__Goku Hey, I'm the researcher (u/Past_Computer2901). Going deeper buying more models from the same store to check how far the counterfeiting goes. Full technical report for Ledger in progress. More updates soon. 🔒
English
🇧🇷 Un chercheur en cybersécurité brésilien a démantelé une vaste escroquerie en achetant un hardware wallet « Ledger » sur une plateforme chinoise.
Le prix était anormalement bas et l'emballage semblait à première vue authentique.
Après l'avoir ouvert, il découvrait à l'intérieur une puce totalement différente.
Les inscriptions avaient été effacées par ponçage pour masquer sa véritable nature.
Le firmware prétendait être une version Ledger authentique qui n'existe même pas (Ledger Nano S+ V2.1).
Chaque phrase de récupération et code PIN saisi était stocké en clair et envoyé directement au serveur de l'attaquant instantanément…
Ce système était conçu pour vider les wallets sur une vingtaine de blockchains différentes.
Le vendeur avait la gentillesse d'inclure une copie modifiée d'une fausse application « Ledger Live » avec le produit.
Le chercheur a transmis un rapport complet à l'équipe de sécurité de Ledger.
Français
@TFTC21 Hey, I'm the researcher (u/Past_Computer2901). Going deeper buying more models from the same store to check how far the counterfeiting goes. Full technical report for Ledger in progress. More updates soon. 🔒
English
A security researcher just documented a large-scale counterfeit Ledger Nano S Plus operation selling compromised devices across multiple online marketplaces.
The fake units look identical to the real thing but contain completely different hardware. Instead of Ledger's secure element chip, the counterfeits run an ESP32 microcontroller with modified firmware labeled "Nano S+ V2.1." Seeds and PINs are stored in plain text and transmitted to attacker-controlled servers. Any wallet initialized on the device is drained.
The operation goes beyond the hardware. The sellers also distribute a fake version of Ledger Live built with React Native and signed with a debug certificate. It intercepts transactions and exfiltrates sensitive data to multiple command-and-control servers. The campaign spans five attack vectors: compromised hardware, Android APKs, Windows executables, macOS installers, and iOS apps distributed through TestFlight to bypass App Store review.
This comes days after ZachXBT documented a separate fake Ledger Live app that made it through Apple's Mac App Store review process. That operation drained over $9.5 million from more than 50 victims, including musician G. Love, who lost 5.92 BTC after entering his recovery phrase into what he believed was the legitimate app.
The pattern is clear: the attack surface for hardware wallet users has shifted from firmware exploits to supply chain and distribution fraud. The devices themselves remain secure. The problem is that users are being intercepted before they ever touch a real one.
Ledger's own "genuine check" feature can be bypassed when the hardware itself is compromised at the source, which makes where you buy the device as important as how you use it.
The rules haven't changed, but they've never been more important: buy hardware wallets only from the manufacturer. Never enter your recovery phrase into any software. If a companion app asks for your 24 words on a screen, it's a scam. Every time.
English
@Cointelegraph Hey, I'm the researcher (u/Past_Computer2901). Going deeper buying more models from the same store to check how far the counterfeiting goes. Full technical report for Ledger in progress. More updates soon. 🔒
English
🚨 ALERT: Cybersecurity researcher warns of a sophisticated fake Ledger device being sold on Chinese marketplaces, designed to steal users' crypto and seed phrases.
English
@BitcoinNewsCom Hey, I'm the researcher (u/Past_Computer2901). Going deeper buying more models from the same store to check how far the counterfeiting goes. Full technical report for Ledger in progress. More updates soon. 🔒
English
NEW: Security researcher uncovers large-scale counterfeit Ledger Nano S Plus operation distributing compromised devices across multiple platforms.
A fake unit purchased from a Chinese marketplace contained modified hardware using an ESP32 chip instead of Ledger’s secure element, with seeds and PINs stored in plain text and sent to attacker-controlled servers.
The device ran fake firmware labeled “Nano S+ V2.1” and supported ~20 blockchains, draining any wallet initialized on it.
The seller also provided a malicious version of Ledger Live, built with React Native, signed with a debug certificate, and designed to intercept transactions and exfiltrate sensitive data to multiple command-and-control servers.
The campaign spans five attack vectors: compromised hardware, Android APKs, Windows EXE files, macOS DMG installers, and iOS apps distributed via TestFlight to bypass App Store review.
Experts warn that “genuine check” features can be bypassed if hardware is compromised at the source, making third-party marketplace purchases especially dangerous.
Users are urged to only buy hardware wallets directly from official sources, avoid devices with pre-generated seeds, and never enter recovery phrases into companion apps.
A full report has been submitted to Ledger’s security team, with further technical details expected after internal review.
English
Vinícius Pinheiro retweetledi
THIS GUY LOST $400M OF BITCOIN - BUT IT JUST MOVED
Clifton Collins was an Irish drug dealer who bought 6,000 BTC in 2011-2012. In 2017, he was jailed and his belongings were sent to a dump by his landlord. Police never recovered the seed phrase.
One of the accounts just moved. Who managed to access Collins’s Bitcoin?
English
Vinícius Pinheiro retweetledi
Don't let AI service providers dilute the meaning of "local". If it can't run offline on compute and data you actually own, it's not a Personal Computer.
Perplexity@perplexity_ai
Announcing Personal Computer. Personal Computer is an always on, local merge with Perplexity Computer that works for you 24/7. It's personal, secure, and works across your files, apps, and sessions through a continuously running Mac mini.
English
The adoption of wearable devices shall be accepted only if they be open-source
English
Vinícius Pinheiro retweetledi
"Training AI takes energy but training a human takes 20 years and a lifetime of resources"
- Gavin Belson
English
English
Vinícius Pinheiro retweetledi
Generational companies arise amid fundamental technological platform shifts.
The best way to ensure the next generation of computing is not more closed, more platformed, and more consolidated than before is if the winners of the next shift build open.
If the fundamental infrastructure that powers the future of technology is open and cross-compatible, then this breeds competition, diversity, excellence, proliferation. We can all share in the growth, in the augmentation, in the opportunity, in the building.
Smart glasses are the future of the internet, and we want to return humanity to an early internet vibe, where you do what you want with your computer and your mind.
Asuka Zheng🎀@VoidAsuka
Claude buying Bun. It hit me today: the AI era is compressing the entire developer-tooling stack into the hands of a few players way faster than anyone expected. For a decade, dev tools felt like the last truly decentralized frontier - open-source, scattered, community-led. Even big moments like Microsoft taking GitHub or the npm acquisition barely shifted the day-to-day reality for most developers. But suddenly? Runtimes, package registries, auth layers - the tiny pieces that make up the developer workflow - are being absorbed one after another. If you track concentration (CR5), the curve tells the whole story: Pre-2018: fragmented, CR5 < 35%. 2018–2021: consolidation starts, ~40%. 2022–2025: jumps to ~50% as AI/cloud giants go on a buying spree. Look at China to see where this could end up: middleware is ~70% controlled by the top five; AI-agent platforms sit around 88%. That’s how you end up with a world where SaaS struggles to exist at all - there’s simply no room left, extreme concentration kills the oxygen for small players. GenAI is the accelerant. When AI rewires the entire software-creation flow, owning the toolchain becomes a strategic moat. Hard to stop, even with open-source foundations and regulation. Feels a bit like we’re inching toward the “mega-tech consortiums” sci-fi writers imagined. Power law wins again. What should we do? Face the challenge and fear - position ourselves. Get financial freedom asap, then, if we still want to build in this arena, choose a niche where we can actually survive the gravity of the giants.
San Francisco, CA 🇺🇸 English
Vinícius Pinheiro retweetledi
You Asked, We Listened: High Boy Now Features 5GHz Wi-Fi! 📡🟣
First of all, we want to express our immense gratitude! Thanks to your support, we smashed our funding goal in just 10 minutes and have already raised over $140k! It is amazing to see this community so active, interactive, and helpful.
We have been paying close attention to all your feedback and requests. After analyzing everything, we are excited to announce a major upgrade: High Boy will officially support 5GHz Wi-Fi!
Yes, it will feature native dual-band connectivity (2.4 GHz and 5 GHz). But that’s not all—we are implementing a Dual MCU architecture. It will combine the power of the ESP32-S3 and the ESP32-C5 working together to deliver maximum performance.
Thank you all for making this possible. Together, we are creating something truly amazing!
English
Vinícius Pinheiro retweetledi
hello guys!! project live on kickstarter.
kickstarter.com/projects/15026…
English
Vinícius Pinheiro retweetledi
This is not a false positive, High Boy is coming soon to Kickstarter! We already have the live pre-launch page!
#highboy #highcode #hardware #kickstarter
kickstarter.com/projects/15026…
English