Thomas Humphreys

@so

446 Following

898 Followers

Thomas Humphreys pfp

Thomas Humphreys

I came across a protocol that's done over $100M+ in volume with big customer names, but their frontend auth is poorly designed. They're exposing WebAuthn details, which isn't the main issue — it's the fact that they're also leaking customer emails. This opens the door for social engineering attacks, making it far too easy for attackers to target them. If you're a non-custodial protocol, avoid advertising your customers — especially if I can easily identify which users are using your system and whether they have admin-level access.

1 reply

0 recast

2 reactions

Thomas Humphreys pfp

Thomas Humphreys

I got streaks back ty. I'll DM proof next time.

0 reply

0 recast

1 reaction

Thomas Humphreys pfp

Thomas Humphreys

I'm boosting every 2 hours. I've planted every other day. This is 100% a bug.

1 reply

0 recast

1 reaction

Thomas Humphreys pfp

Thomas Humphreys

@itsmide.eth not able to claim rewards, there's a bug

2 replies

1 recast

8 reactions

Thomas Humphreys pfp

Thomas Humphreys

Hey @clanker deploy Name: Beetroot attack Ticker: PIVOT Image attached:

0 reply

0 recast

2 reactions

Thomas Humphreys pfp

Thomas Humphreys

Do north korean hackers go to crypto conferences?

4 replies

0 recast

2 reactions

Thomas Humphreys pfp

Thomas Humphreys

emphasis on the *possible* bit

0 reply

0 recast

1 reaction

Thomas Humphreys pfp

Thomas Humphreys

$1.5B vanished and we still don't know the root cause

1 reply

0 recast

1 reaction

Thomas Humphreys pfp

Thomas Humphreys

Thanks! Strong believer that passkeys are the future of User Auth

0 reply

0 recast

1 reaction

Thomas Humphreys pfp

Thomas Humphreys

I've been cursor maxxing past year now. Gave windsurf a try recently, but it wasn't that great... my current spend is about $60/month on Cursor and recommend you pay the premium.

0 reply

0 recast

2 reactions

Thomas Humphreys pfp

Thomas Humphreys

thanks for pushing this @jxom 🫡

0 reply

0 recast

1 reaction

Thomas Humphreys pfp

Thomas Humphreys

Super stoked my first contribution to oxlib.sh got merged—my PR now lets you pass multiple credentials when prompting WebAuthn creds. Been using oxlib.sh since day 1 and helped refactor rhinestone's 7579 guide (docs.rhinestone.wtf/module-sdk/u...) along with other 4337 repos. Need help? Reach out!

2 replies

2 recasts

6 reactions

Thomas Humphreys pfp

Thomas Humphreys

Great write-up @adamhurwitz.eth ! keen to grab your thoughts on webauthn security & how to address security risks like blind signing txns thru a compromised frontend? Passkeys are great until the frontend gets hacked.

1 reply

0 recast

1 reaction

Adam pfp

@adamhurwitz.eth

@safe is at the top of Walletbeat for security. The next step is knowing what device accounts like Ethereum Phone, Trezor, and Ledger support fully readable Safe transactions txns on their screen to know exactly what is being signed onchain. You should be able to read the full txn details on the device account before approving onchain. https://www.walletbeat.fyi/

4 replies

1 recast

6 reactions

Thomas Humphreys pfp

Thomas Humphreys

18-24% pretty sure. And it depends on flavour or no flavour. That was brutal

1 reply

0 recast

2 reactions

Thomas Humphreys pfp

Thomas Humphreys

After 2 sojus, I'm either on the floor, passed out.. or I'm rapping in Vietnamese.

1 reply

0 recast

3 reactions

Thomas Humphreys pfp

Thomas Humphreys

Can we add it to lowercase? 🤣

1 reply

0 recast

0 reaction

Justin Hunter pfp

@polluterofminds

I’ve never seen this. Very cool though! Can analyze EVM byte code which is nice if you ever want to check on non-verified contracts. https://evmole.xyz/#0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2/eth/functions

1 reply

1 recast

4 reactions

Thomas Humphreys pfp

Thomas Humphreys

Reach out to us with any questions @notdevin.eth @jamesstevens or visit our website backpack.network to schedule a demo

0 reply

0 recast

4 reactions

Thomas Humphreys pfp

Thomas Humphreys

"Build products that solve a problem and people want." It's not rocket science. If your customers are crypto natives or within crypto, you're not onboarding 1b users. Our customers don't know anything about crypto, yet they reap in the benefits because we give them: - free wire/ach transfers - unlimited card issuance - payment processing - sub accounts - custom policies All self custodial, built with enterprise security and insured.

1 reply

2 recasts

7 reactions