Tweet ghim
Guerrilla Coder
1.8K posts
@minhokim Decentralization is NOT a spectrum. in the case of arbitrum, it's pretend decentralization. what prevents a court from issuing an order to freeze someone's funds for "wrong think" ? the security council actions were not so different from bailing a bank because it's to big to fail
English
Reflecting on the comments from my last post, here are some uncomfortable truths about where crypto actually stands:
1. Decentralization is a spectrum, not a binary
Decentralization is the transfer of control from a central entity (one or a few) to a distributed network (many). We can debate if a network is "decentralized enough," but it’s not all or nothing.
2. Crypto doesn’t actually care about decentralization
Builders who prioritized ideology over utility have largely failed (myself included) because the market didn't value them. Most L1s and protocols are controlled by the few. We all know it so let’s stop pretending otherwise, accept this reality, and act appropriately when hacks happen. We can continue pursuing decentralization afterward. We have plenty of time to do so.
3. Governance participation is a myth
Everyone wants the benefits of governance, but nobody wants to do the work. Participation is minimal or nonexistent. People want others to solve the hard problems, then they cry foul when a decision doesn't go their way.
4. Coordination is not the enemy of decentralization
Decentralization doesn’t mean a network is paralyzed. If we can coordinate for software upgrades because it benefits the community, we can also coordinate to freeze stolen funds. While decentralization makes coordination harder, technology is closing that gap. I believe we can eventually have a network with fully functional decentralized governance that effectively fights exploits.
5. Exploits and hacks are inevitable
Technology will help minimize coding errors, but it also gives more tools for attackers. There is a misconception that we just need to make DeFi "unhackable." That's impossible because humans and machines make mistakes. We need to be both proactive and build better response tools to fight back.
6. We have a compassion problem
When billions are stolen, people hide behind the word "decentralization" to justify doing nothing. It’s a sick mindset to prioritize a buzzword over human suffering. Yes, there are greedy actors, but don’t forget who the real enemy is.
Are you on the side of the hackers or the users? Don't let hackers win.
Min 🥤@minhokim
I fully support @arbitrum's decision here. Crypto’s #1 priority must be protecting users. Period. I don’t care if it’s centralized, decentralized, or living in a regulatory gray zone. We can argue about the logistics all day, but user protection is what ultimately matters. If we can stop a thief, we should. The cost-benefit isn't even close. If users aren't safe, the tech and the industry will eventually disappear. I used to be a blockchain purist. Then I watched billions get stolen from regular people. My views have shifted, and I now support asset freezing. The cost of intervention is negligible compared to the benefit of protecting victims.
English
@LukasHozda Mine too. Wanted to get into programming because of the demo scene. Xeroxed a friend's book and learned the basics by myself in a summer. Later moved to C and then a bit of assembly
English
Turbo Pascal was ny first language I ain't fumbling this one
Dmitrii Kovanikov@ChShersh
97% vibe coders will fumble during interviews if asked what this is.
English
@AndrTenente @expresso jornalixeiro com dor de cotovelo
Português
Escrevi um artigo para o @expresso sobre algo que tem passado, infelizmente, despercebido: a nomeação de 2 deputados do CH, peritos em desinformação, para o Conselho de Opinião da RTP.
expresso.pt/geracao-e/2026…
Português
Centralization exposed inside Tron USDT 🚨
Here’s what is happening:
Tether just executed the largest freeze in its history.
More than $344,000,000 in USDT (TRC-20) blocked on Tron.
By Tether itself.
- Coordinated with OFAC and US law enforcement
- Executed directly through the USDT smart contract
- Funds are now visible but completely unusable
This is how it works:
- Tether has admin control over USDT contracts
- Can blacklist any address
- Can freeze balances instantly
- Can permanently destroy funds
Functions used:
- addBlackList(address)
- removeBlackList(address)
- destroyBlackFunds(address)
Now here’s where it gets interesting
Timeline
April 20
- Arbitrum freezes ~$71M linked to hackers
April 21
- Justin Sun tweets:
“the most decentralized blockchain in the world is Tron”
April 23
- Tether freezes $344M on Tron
No response from Justin Sun so far
The irony writes itself
Stay safe.
English
@XGuerrillaCoder @arbitrum Why don't we help build DeFi that better protects users from thieves?
English
I fully support @arbitrum's decision here. Crypto’s #1 priority must be protecting users. Period.
I don’t care if it’s centralized, decentralized, or living in a regulatory gray zone. We can argue about the logistics all day, but user protection is what ultimately matters. If we can stop a thief, we should. The cost-benefit isn't even close. If users aren't safe, the tech and the industry will eventually disappear.
I used to be a blockchain purist. Then I watched billions get stolen from regular people. My views have shifted, and I now support asset freezing. The cost of intervention is negligible compared to the benefit of protecting victims.
Arbitrum@arbitrum
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.
English
Ora bons dias, um Engenheiro Agroalimentar a fazer experiências notáveis, digno do prémio Nobel da leitaria...
Portugal no seu melhor
Português
All Discord servers kicked him after this 😂
English
@caiogare este tipo de mecanismo existem em varias blockchains: dailycoin.com/16-major-block…
Português
🚨 Arbitrum congelou e moveu os fundos do hacker.
Você entendeu o que acabou de acontecer?
O mérito do ato não está em discussão, mas o poder de execução sim.
Se existe um botão de "congelar", a imutabilidade é uma mentira e a descentralização, um teatro.
O DeFi livre morreu ontem. O que sobrou foi um banco com interface bonita.
Português
if i understand correctly, if the arbitrum security council gets compromised they can just do whatever they want to all of the funds on chain?
Arbitrum@arbitrum
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.
English
@TROPACRYPTO existem varias blockchains baseadas em ethereum com mecanismos para fazer isto. arbitrum e uma delas. algumas tambem permitem blacklist arbitrario de addrs. e so incluir na config. ve aqui: dailycoin.com/16-major-block…
Português
A Arbitrum acabou de roubar $71M de volta da Coreia do Norte.
A comunidade tá aplaudindo.
Mas eu tenho uma pergunta que ninguém tá fazendo...
Português
@touaqui_touali @Paul_Reviews este post nao passa de bait. para conseguires fazer isso precisas de root no dispositivo.
Português
"Esta aplicação é uma piada": A aplicação de verificação de idade apresentada por Ursula von der Leyen já foi pirateada, sem a necessidade de competências avançadas de hacking.
@Paul_Reviews publicou um método passo a passo mostrando como contorná-lo em menos de 2 minutos, diretamente da aplicação.
A Comissão Europeia pretende que até 80% dos europeus tenham acesso a uma solução de identidade digital (a Carteira EUDI) até 2030.
Visegrád 24@visegrad24
"This app is a joke": The Age Verification App presented by Ursula von der Leyen has already been hacked, with no advanced hacking skills required. @Paul_Reviews published a step-by-step method showing how it could be circumvented in under 2 min from within the app itself. The European Commission aims for up to 80% of European to have access to a digital ID solution (the EUDI Wallet) by 2030.
Português
@maanvis81 @IntCyberDigest no. it's just someone messing with app data on a rooted device
English
@IntCyberDigest So this was just a proof-of-concept that was put live?
English
‼️🇪🇺 The EU's new Age Verification app was hacked with little to no effort.
When you set it up, the app asks you to create a PIN. But that PIN isn't actually tied to the identity data it's supposed to protect. An attacker can delete a couple of entries from a file on the phone, restart the app, pick a new PIN, and the app happily hands over the original user's verified identity credentials as if nothing happened.
It gets worse. The app's "too many attempts" lockout is just a counter in a text file. Reset it to 0 and keep guessing. The biometric check (face/fingerprint) is a simple on/off switch in the same file. Flip it to off and the app skips it entirely.
English
@sircryptotips > He’s been right a lot in the past
has he?? or does he just sounds like right because he vomited a word salad about a subject you don't understand well ??
English
This guy really thinks that Bitcoin is a CIA operation. He’s been right a lot in the past but this is just absurd. He’s done ZERO research on Bitcoin.
English
@Paul_Reviews you forgot to point out that you need to root the device for this to be possible
English
Hacking the #EU #AgeVerification app in under 2 minutes.
During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory.
1. It shouldn't be encrypted at all - that's a really poor design.
2. It's not cryptographically tied to the vault which contains the identity data.
So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app.
After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid.
Other issues:
1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying.
2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step.
Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
Paul Moore - Security Consultant @Paul_Reviews
.@vonderleyen "The European #AgeVerification app is technically ready. It respects the highest privacy standards in the world. It's open-source, so anyone can check the code..." I did. It didn't take long to find what looks like a serious #privacy issue. The app goes to great lengths to protect the AV data AFTER collection (is_over_18: true is AES-GCM'd); it does so pretty well. But, the source image used to collect that data is written to disk without encryption and not deleted correctly. For NFC biometric data: It pulls DG2 and writes a lossless PNG to the filesystem. It's only deleted on success. If it fails for any reason (user clicks back, scan fails & retries, app crashes etc), the full biometric image remains on the device in cache. This is protected with CE keys at the Android level, but the app makes no attempt to encrypt/protect them. For selfie pictures: Different scenario. These images are written to external storage in lossless PNG format, but they're never deleted. Not a cache... long-term storage. These are protected with DE keys at the Android level, but again, the app makes no attempt to encrypt/protect them. This is akin to taking a picture of your passport/government ID using the camera app and keeping it just in case. You can encrypt data taken from it until you're blue in the face... leaving the original image on disk is crazy & unnecessary. From a #GDPR standpoint: Biometric data collected is special category data. If there's no lawful basis to retain it after processing, that's potentially a material breach. youtube.com/watch?v=4VRRri…
English
@SHYTRECE @AnselLindner go read the NSA paper about a digital mint that predates bitcoin and you might find a reason
English
@AnselLindner Argue about it all you want but only the CIA and Intel agencies had the resources to create bitcoin. So then the question is why.
English
🚨 "People recognize [bitcoin] is the CIA. I want to know where the databases are, where the servers are, physically.” - Prof Jiang
This is the opinion of so many midwits. It's also the reason even some gold bugs cannot comprehend bitcoin to this day, and why midwits believe in centralized scam sh*tcoins.
They don't understand decentralization.
English
@XION_GLOBAL @sebp888 ledger supports monero and you can connect your hw to the official client gui
English
@sebp888 Monero still needs
1. Hardware wallet
2. Staking
3. Nothing else.
English
@NOGreatResetNO @scottmelker @MS287g @glove @Ledger @Apple i'm calling bs on unproved claims that could be proved. when looking for ledger on the app store can only find the legit app. he could also sign a message with one of the addrs in the tx. sure he is a lovely person but not gonna go for the "believe the victim" without evidence
English
@XGuerrillaCoder @scottmelker @MS287g @glove @Ledger @Apple Garret is an absolutely lovely bloke - known him since ‘98. Chill TF out.
English
@ortoirlandes tu ja levaste com uns 2 milhoes de quilometros de piroca e ninguem fala em ti
Português
Ah e tal, a Orion que fez a volta à Lua percorreu mais de um milhão de quilómetros.
Bitch, please…
Português