Muhammad Fareed

I originally built this for a @CodigoPlatform bounty, but couldn’t submit in time. Rather than let it rot in my repo, I turned it into a learning resource for anyone building with @metaplex Core Repo: github.com/Worldkilas/mpl… @_Jiibal @A_d_e_m_o_l_a_

@fatyma_BintMuhd @usuupjr come explain

The way Farm Center men guard that market from their sisters needs to be studied! 😭 Active resident of Tarauni LGA here, but I've only stepped foot in that market ONCE in my entire life. I just followed a school friend to buy a phone. When I got home and told my brothers, I almost got beaten to a pulp. Fast forward to today, a friend asked me to accompany her to my OWN brother’s shop there to get a phone. I decided to call him first to give him a heads-up. Guess what this man said? “Fati, idan na ga ƙafarki a kasuwar nan, ba za ki ji daɗi ba.😭😭😂😂 Wai meye matsalar ne?😂😂

I traced your wallet on-chain. Here's exactly what happened to you and where your money went: 93 days ago — The drainer contract 0x612373D7003d694220f7800EeaF8E3924c0951D3was deployed on BSC by 0xA0BEDC61ff0312181B2A4E1aA233Dd1355105C6B. That same deployer wallet was funded by 0x8C826F795466E39acbfF1BB4eEeB759609377ba1 and has activity across 10 different chains. 73 days ago — You unknowingly handed over your wallet. You visited a phishing site disguised as a legitimate token swap and signed what looked like a normal COOKIE → USDT transaction and even received the USDT back so everything felt fine. But hidden inside that same transaction was an EIP-7702 delegation that allows a smart contract to execute transactions on behalf of your wallet. (See SCREENSHOT 1 & 2) Your wallet 0x8d3AaE7D140704cFaeEfe644C8e9C2698Df6C87e was now under full control of the drainer contract. No private key needed. You authorised it yourself without realizing it. My only confusion is that you said your wallet reportedly held $3k+ few days before the drain and the delegation was already active at that time. Why the attacker chose not to drain you when your balance was significantly higher is something that is confusing. May 14, 2026 09:18 UTC; When your $250 BNB arrived from MEXC the drainer contract executed instantly and sweeping your entire BUSD-T balance in one transaction. Your own wallet obeyed the instruction you unknowingly gave 73 days earlier. Funds were bridged from BSC → Solana via MetaMask Bridge. On Solana, your funds, now 8.2 SOL (~$730) landed at another drainer wallet 46qWcTVCEssE9ScUwProUoK3T3tkPsAD7XB8PhnSHzjy That drainer wallet was set up and funded by this operator wallet Hr1YJpJFwZjX1sxmGvHkqfaXaojdJofuuj9XofP3pXXg. which in turn was funded by B7Rh5ZRLhK7LafZJCGc5ijePu1NbrDMLMye5nMWtgN2w which is an old relay wallet. Unfortunately, the trail goes cold there. The drainer wallet 46qWcTVCEssE9ScUwProUoK3T3tkPsAD7XB8PhnSHzjy Immediately after receiving your funds, used 8 SOL to buy 106,013,446 VICE tokens on Pumpfun. (See SCREENSHOT 3) One second later, a coordinator wallet odinxpR9dju4gDwy7CEbmyTp2wBGVYxWw2HRG6FVaoP distributed SOL to be used as gas fees to 20 wallets including yours. Solscan has already flagged this address as a known spam duster. The remaining 0.2 SOL was used to buy over 2 million VICE tokens later. After much trailing, i discovered that the mastermind behind the whole thing is QVtWcAX3R7Cr51VhAxFSYntoCAmTQzK8Hf4R1TrKNQ4. It is connected to this operation via on-chain interactions with the drainer wallet and currently holds $3,100 in USDC and USDT alongside some meme coins. This wallet was funded directly from OKX hot wallet 50 days ago. (See SCREENSHOT 4). Whoever runs this operation has a verified identity sitting in OKX's database. As of right now this wallet is still actively seeding new drainer wallets every minute. Your stolen funds was used to buy 12% of VICE token supply on Pumpfun, making the drainer wallet the single largest holder. The operator wallet mentioned earlier also holds another 6%. They used your money to pump a memecoin. Check the VICE token on pumpfun; HcwLsRpU1Qgz34ou8vZg7tk8Vbhikrp6J6Qyf1Ywpump To everyone else reading this, check every transaction you sign carefully. EIP-7702 delegations are mostly invisible inside a normal-looking swap. Your wallet can be silently handed over to a hacker without you ever knowing.

A researcher spent three weeks reading a protocol's code. Found a critical vulnerability that could drain $40 million in user funds. Wrote a detailed report. Submitted it through the official bug bounty channel. The response came eleven days later: "We were already aware of this issue and have been working on a fix internally. As this was a known issue, it does not qualify for a bounty under our program terms." The protocol shipped the fix two weeks after that. The researcher received nothing. I want to tell you why this specific response is the most commonly used and least challenged form of dishonesty in the Web3 security ecosystem — and exactly why it works. The claim "we were already aware" is unfalsifiable. There is no public registry of what issues a team was aware of before a submission arrived. There is no timestamp system for internal security tickets that a researcher can verify. There is no mediation process requiring the team to provide evidence of prior awareness. The researcher cannot prove the negative. The team knows this. The economics make it worse. A $75,000 bounty on a $40 million protocol represents real money. The reputational cost of one disputed finding is manageable. The researcher has no platform with sufficient reach to make the dispute visible. The community will not investigate. The team moves on. Some teams genuinely do discover issues internally before external reports arrive. This happens and the timing is real. But when the same response pattern appears across multiple researchers reporting to multiple programs — and it does, with enough consistency that researchers have started documenting it publicly — the pattern becomes impossible to dismiss as coincidence. What protects researchers: timestamp everything before you submit. Screenshot your proof of concept. Document when you first discovered the issue. Use platforms with mediation processes. Publish a disclosure timeline you communicate to the team before submitting, so they know there is a clock running. What would fix this structurally: an industry standard requiring teams to timestamp internal security issues in a way that creates an auditable record prior to accepting external submissions. Not perfect. Significantly better than the current system where the team's word is the only evidence. What actually fixes it: protocols that pay because they understand the researcher's rational alternative, not because they feel obligated. The researcher in this story made a financially irrational choice to report responsibly. They received nothing for it. The protocol is still running. The user funds that the researcher protected are still in the protocol. Those users will never know. This is the Web3 security ecosystem as it currently exists. Most of the people who know it behave this way have decided it is not worth saying publicly.

Salah with a top finish for our second 🎯👑

I’ve written on this before but the Fulani conquest of Hausaland resulted in an unusual outcome. Normally when a tribe/nation conquered another, a couple of things happen or a combination of these things: 1. A dichotomy ensues in which the conquering tribe retain its language, culture and customs at a higher level in the society while the conquered tribe retains such but on a lower level. This is evident throughout Africa with European colonization. 2. The conquered tribe losses its own culture, language and customs and adopts that of the conquering tribe again evident in Africa but also in the Maghreb with Arab conquest. None of these happened with the Fulani conquest of Hausaland. The Fulani language and nomadic way of life is viewed on a lesser level and their culture has been largely diluted in the lands they conquered. Adamawa is probably the only Kingdom that received Sheikh Usman Dan Fodio’s flag and still retain some sort of resemblance to Fulani ways. None of the other 14 or 17 “ardodi” speak or retain Fulani culture today. Take Nupe land for example, the Etsu Nupe looks aesthetically Fulani and he is by blood but everything about him and the other ruling class is Nupe, from language to customs and traditions. It’s a strange outcome, Fulani achieved political hegemony over Hausaland but lost its culture along the way. I can’t think of any other conquest that resulted in a similar outcome.

@_mawadda Just asking Why do gcc countries regard them as terrorists

I hold no sympathy for the Muslim Brotherhood I actually consider them largely irrelevant as a political force. But know this: any self proclaimed scholar, leader, or Muslim intellectual who obsessively vilifies them or inflates their supposed danger is an Emirati / Israeli agent, period. They serve foreign masters not Islam.

@A_d_e_m_o_l_a_ @ryanels 😂😭😭

@ryanels Simple and stress free 😂😂. Meanwhile ... Day 10 - vibe chilling in Prison

Day 1 of vibe coding 😂😏

I put together 1000 Reasons Why You should not Vote for Tinubu in the next election. 1000-reasons.vercel.app Good morning Nigerians.

@anonymousM_N U dey whine dictator 😂😂😭😭💔💔

@void_mane come see 😂😂😂

Dictator 😭😭😭😂

Just remembered a certain oppressed land in the New World. Iykyk

I'll be attending the @solana ecosystem call here in Gombe, Nigeria. Looking forwarrd to connecting with all those attending

@EmperorTChalla I don't think they show this in Cartoon Network of dstv Nigeria

For audiences that want to see original Black storytelling please support Iyanu! Season 2 is currently airing on Cartoon network.

just used 9ja Checkr telegram bot to verify my drink's NAFDAC number lol works instantly try it: t.me/NaijaCheckrBot 9jaCheckr.xyz

Don't be so heartless that you can't say "May Allah give him health" 😭 He has been battling cancer for two years, doctors said his chances of survival are slim. But doctors are not God. No one thought he would make it this far🤷‍♂️ We only believe in the one God who has kept him safe until now, and will continue to keep him safe and healthy, God willing 🙏 #عيد_الفطر_١٤٤٧ه #RamazanBayramınız

Today I'm open sourcing Qivam (qivam.com) 🎉. I built this so Muslim developers don't have to solve the same infrastructure problems from scratch. It's the kind of backend that every Islamic app needs but nobody wants to build twice. Qivam for now have masjid and prayer time related APIs, served through a clean REST API. The bones are strong and the roadmap is ambitious. Still early days — this is a work in progress and I wouldn't rely on it in production just yet. But I'm building it in public and I wanted to put it out there from the start. Built on: Hono · AWS Lambda · Neon PostgreSQL · Drizzle ORM · TypeScript ⭐ github.com/CoderMehad/qiv… 📖 docs.qivam.com Free for everyone. Open for contributions. #OpenSource #Muslim #IslamicTech #MuslimDevs #BuildInPublic

New week, new Solana SDK FUD, except for Anchor which I guess is good now?