Thomas Humphreys pfp

Thomas Humphreys

@so

446 Following
898 Followers
Thomas Humphreys pfp
Thomas Humphreys
@so
I came across a protocol that's done over $100M+ in volume with big customer names, but their frontend auth is poorly designed. They're exposing WebAuthn details, which isn't the main issue — it's the fact that they're also leaking customer emails. This opens the door for social engineering attacks, making it far too easy for attackers to target them. If you're a non-custodial protocol, avoid advertising your customers — especially if I can easily identify which users are using your system and whether they have admin-level access.
1 reply
0 recast
2 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
@itsmide.eth not able to claim rewards, there's a bug
2 replies
1 recast
8 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
Do north korean hackers go to crypto conferences?
4 replies
0 recast
2 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
$1.5B vanished and we still don't know the root cause
1 reply
0 recast
1 reaction
Thomas Humphreys pfp
Thomas Humphreys
@so
Super stoked my first contribution to oxlib.sh got merged—my PR now lets you pass multiple credentials when prompting WebAuthn creds. Been using oxlib.sh since day 1 and helped refactor rhinestone's 7579 guide (docs.rhinestone.wtf/module-sdk/u...) along with other 4337 repos. Need help? Reach out!
2 replies
2 recasts
6 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
"Build products that solve a problem and people want." It's not rocket science. If your customers are crypto natives or within crypto, you're not onboarding 1b users. Our customers don't know anything about crypto, yet they reap in the benefits because we give them: - free wire/ach transfers - unlimited card issuance - payment processing - sub accounts - custom policies All self custodial, built with enterprise security and insured.
1 reply
2 recasts
7 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
https://farville.farm/requests/19117
1 reply
0 recast
1 reaction
Thomas Humphreys pfp
Thomas Humphreys
@so
There's a super easy fix for this. All you have to do is upgrade your embedded account to a smart account via EIP 7702. Next, depending on your smart account implementation, you could install an EIP 7579 module allowing you to transfer out all incoming tokens. Welcome to the future of finance.
1 reply
0 recast
4 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
Who are you?
1 reply
1 recast
7 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
Some feedback: 1. Lettuce and Strawberry crops need buffing 2. Quests lose relevance after level 5. I think it needs some more work. This is a PvP game and higher levels will just farm highest xp/hr ratio (i.e. watermelons or pumpkins) 3. In-game currency is highly inflationary, especially with hardcode farming. 4. Questing is low XP. 5. Top 20 players are unstoppable. @kitana is over powered cc @limone.eth
3 replies
0 recast
8 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
Cursor has been a game-changer for me. I let Composer agents run in the background to handle mundane tasks while I focus on more important/creative work.
1 reply
0 recast
6 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
Hacked on new backpack website in <12 hours https://www.backpack.network/
0 reply
0 recast
7 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
Big thanks to @jha for organizing the XMTP dev call with /backpack. Excited to explore bridging XMTP with Web2 platforms like email and Telegram for seamless messaging and replies. Our AI support thesis: AI agents should handle both inquiries and actions (like deleting accounts), while filtering and routing queries to the right people, cutting out frustrating handoffs. Thanks to @adamhurwitz.eth for the connection—looking forward to building interoperability between Safe and XMTP.
1 reply
0 recast
7 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
A Head of Product at a leading crypto company just told me that Backpack is the best project he’s seen all year. Building behind the scenes without flashy marketing or buzzwords isn’t easy, but delivering a straightforward frontend that solves critical problems for businesses and drives real-world adoption is a huge validation of the work we’re doing. Stay tuned—when we're online, we’re ramping this up to $10M in volume per month, all without VC funding.
1 reply
2 recasts
10 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
New lore dropped
0 reply
1 recast
5 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
Hosting a crypto meet-up here in /danang Please RSVP to confirm and ping me to be accepted! https://lu.ma/i0h7lio2
2 replies
2 recasts
5 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
How do you execute transactions over $1,000 with 2 signers, and transactions under $1,000 with just 1 signer (with delay)?
2 replies
0 recast
2 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
"great meeting you at Devcon – let's form a partnership" > bro I'm just the engineer
1 reply
0 recast
14 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
This is awesome. Free, open-source, and self-hosted alternative to Privy. Thanks @tazes 🤝 https://github.com/nickolastazes/auth-by-watchen-preview
0 reply
2 recasts
11 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
I hacked on Rebaseable with @lajos In <36 hours, we built the first bridge for rebasing tokens. We leveraged Scroll's L1SLOAD precompile, EIP-4788, and LayerZero's OFT & lzRead to preserve & publish rebase events. We also played around with Gnosis Pay Safe's + mini-apps powered by World! ethglobal.com/showcase/rebaseable-82yy6
1 reply
5 recasts
18 reactions