Bullish Times

6/ One typo. $53M gone. An entire exchange dead. And the guy bought Pokémon cards with the loot. If a single missing zero can nuke your protocol, maybe it shouldn't be holding anyone's money. DeFi's most expensive character just got a mugshot. 🔥

🚨💀A hacker just surrendered to the feds after stealing $53M from a DeFi exchange using a ONE-CHARACTER typo in the code. He spent it on Black Lotus MTG cards, Pokémon sets, and a Roman coin. "Crypto is fake internet money anyway," he told a friend. 💀🃏 A Maryland man just surrendered to federal agents in Manhattan after stealing $53.3M from Uranium Finance — all because of a single missing zero in a smart contract. This is the wildest DeFi heist story you'll read today. 🧵👇

5/ The feds finally caught up. In Feb 2025, they seized $31M in crypto from linked wallets and raided his home for the collectibles. The indictment was just unsealed today. He faces up to 30 years, 10 for computer fraud, 20 for money laundering. His own words: "Crypto is fake internet money anyway."

4/ Here's where it gets unhinged. He laundered everything through Tornado Cash, then went on the most degenerate shopping spree in crypto history: $500K Black Lotus MTG card, $1.5M in sealed Alpha boosters, $750K Pokémon set, and a $601K ancient Roman coin. You can't make this up.

3/ The fatal flaw? A single-character coding error — the smart contract used 1,000 instead of 10,000 in its verification logic. One missing zero let him withdraw nearly everything while depositing nothing. The exchange collapsed immediately and shut down forever.

2/ Jonathan Spalletta, 36, exploited Uranium Finance TWICE in April 2021. First hack: $1.4M via a rewards mechanism bug. He even extorted a fake "bug bounty" of $386K to return the rest. Then, 3 weeks later, he found a SECOND bug and drained $53.3M — 90% of all liquidity pools.

6/ The takeaway: If you hold crypto on a Mac, you are NOT safe. Never paste commands from websites into Terminal. Period. 44% of all crypto theft now comes from personal wallets. The next billion-dollar loss won't be a protocol hack — it'll be thousands of people who clicked "verify." 🔒

🚨💀Hackers just built a fake Cloudflare CAPTCHA that drains your crypto wallet the moment you "verify." Mac users are the new #1 target — personal wallet theft jumped from 7% to 44% of ALL crypto stolen. Your MacBook isn't a shield. 🚨 A fake CAPTCHA page is draining crypto wallets from Mac users — and most of them don't even know it happened. The attack is called "Infiniti Stealer" and it's terrifyingly simple. 🧵👇

5/ The numbers are brutal: • $3.4B stolen from crypto in 2025 alone • Personal wallet theft: 7.3% → 44% in two years • 178 devs hit by the related GhostClaw npm attack • Telegram alerts the attacker the moment your data is stolen

4/ Hot take: The biggest security vulnerability in crypto isn't smart contracts — it's the person holding the keys. Social engineering attacks like ClickFix bypass every technical defence because the user runs the malware themselves. No exploit needed.

3/ This matters because the "Macs don't get viruses" myth is still alive in crypto. Personal wallet compromises exploded from 7.3% of all crypto theft in 2022 to 44% in 2024. Hackers aren't targeting protocols anymore — they're targeting YOU.

2/ Here's how it works: You hit a fake Cloudflare verification page. It tells you to open Terminal and paste a command to "prove you're human." That command silently installs malware. No pop-ups. No warnings. Your wallet keys, passwords, and screenshots — all exfiltrated.

5/ The attack was part of a larger "TeamPCP" campaign that first hit Trivy (a security scanner). Think about that: they compromised the tool you use to DETECT compromises, then used it to backdoor your AI stack. Attackers are 3 steps ahead.

🚨Hackers poisoned an AI tool with 96M monthly downloads to steal crypto wallets. 47,000 devs installed it in 46 minutes. It hunted for BTC, ETH, and Solana keys on every Python startup. Your dependencies are your attack surface. 🔓💀

5/ The attack was part of a larger "TeamPCP" campaign that first hit Trivy (a security scanner). Think about that: they compromised the tool you use to DETECT compromises, then used it to backdoor your AI stack. Attackers are 3 steps ahead.

4/ Here's the terrifying part: 2,337 PyPI packages depend on LiteLLM, and 88% allowed the poisoned version. One unpinned dependency in your build pipeline = your entire infrastructure compromised. Supply chain attacks are the new exploit meta.

3/ This wasn't random malware. The payload specifically hunted for Bitcoin wallet.dat files, Ethereum keystores, and Solana validator keys. It also grabbed SSH keys, cloud creds, and Kubernetes secrets. This was a precision crypto heist.

2/ LiteLLM (96M monthly PyPI downloads) was compromised on March 24. Poisoned versions 1.82.7 and 1.82.8 were uploaded via a hijacked maintainer account. Version 1.82.8 ran malware on EVERY Python startup — no import needed.

@pete_rizzo_ Im sure WLFI insiders will benefit more than anyone else.

BREAKING: THE WHITE HOUSE JUST OFFICIALLY CLEARED THE RULE TO PUT #BITCOIN IN EVERY AMERICAN'S 401 (k) $12 TRILLION OF POTENTIAL CAPITAL INCOMING THIS IS ABSOLUTELY MASSIVE 🚀

@regularpunks Woof!

We know it’s been quiet. We’re not gone, just deep in it. Working on integrating the new agentic meta into the game. Next update comes with a real date.