Mudit Gupta
@Mudit__Gupta
Followers
63,884
Following
1,007
Media
868
Statuses
8,868
CISO @0xPolygon labs | Tech @Deltabc_fund | Blockchain Security Researcher | Ethereum & Web3 dev | Advisor & Angel Investor | Opinions are my own 🦇🔊
Joined March 2010
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
WONWOO
• 269222 Tweets
Pedro Sánchez
• 202512 Tweets
Wizkid
• 152217 Tweets
DDAY SB19 JAPAN CONCERT
• 126797 Tweets
#SEVENTEEN_IS_MAESTRO
• 117246 Tweets
#마에스트로_세븐틴의_지휘에_맞춰
• 117176 Tweets
Davido
• 90534 Tweets
SE QUEDA
• 70909 Tweets
17 IS FINALLY RIGHT HERE
• 60031 Tweets
Twitter復活
• 40598 Tweets
為替介入
• 34077 Tweets
Twitter調子
• 30797 Tweets
Don Jazzy
• 24205 Tweets
スレイヤー
• 21575 Tweets
#TMCxMCNuNew
• 20542 Tweets
#RIZIN46
• 13621 Tweets
グリフィン
• 12459 Tweets
Twitter不具合
• 12087 Tweets
Pinned Tweet
I am thrilled to announce that I'm joining
@0xPolygon
as the Chief Information Security Officer.
Polygon is the leading Ethereum scaling platform, and I'm stoked about our upcoming ZK rollups.
Security has been a priority at Polygon, and I will be pushing it to the next level.
477
294
3K
I now understand why Elon wants employees to come to office instead of working remotely.
There are certain things you just can't do remotely.
76
197
4K
The ledger issue is now fixed.
To make sure you don't have the malicious library cached, go to and ensure the version is 1.1.8.
If it's not, clear your cache. chrome- F12> Chrome Developer Tools > Application tab > Storage in left tree> Clear site data.
188
2K
4K
Ledger just released a new update for Nano X that allows social recovery of your seed phrase.
It encrypts your seed in 3 shards and sends it to different entities that can then reconstruct the seed for you post ID verification.
It's a horrendous idea, DON'T enable this feature.
358
661
2K
UST fiasco is very fishy.
- Terraform Labs removed $150m of UST liquidity from Curve yesterday
- 1 minute later, a freshly funded address bridged $84m of UST to Ethereum (Initiated bridging before TFL removed liquidity)
- 4 min later, it dumped the UST, triggering the sell-off
117
379
2K
I don't think the crypto space has ever seen anything of this magnitude and severity before.
Even the DAO hack feels nothing compared to the Terra crash.
This is going to have long-lasting consequences. It's bad for the whole space.
Prepare for a long bera. Winter is coming.
107
153
2K
gm
- Andre and Frog Nation will launch a new product with a new token on Fantom in the next week.
- Hundred finance is paying 70% APY on DAI on Fantom.
- Gas price on Matic is being sustained at over 500 gwei due to a play-to-earn game.
FTM is looking really good right now.
64
208
2K
- Alameda paid their DeFi debt (Abracadabra) before their CeFi debt (FTX) because DeFi positions are public, can affect optics and DeFi protocols WILL liquidate you without a warning. This cements the usefulness of DeFi. I'm more bullish than ever over long term.
58
233
1K
Not a good day for Blockchains.
- Solana is currently down.
- Arbitrum went down, came back up, went down again.
- Someone tried a 550 bock reorg attack with fake PoW on Ethereum, managed to fool some nethermind nodes.
150
217
1K
Buildooor: Yo, what if I took money from people, put it in anchor to earn 20%, and pay 13% back to investors?
Also, we'll sprinkle some false advertising to hide the risks, launch a token, and use web3 to avoid registering this mutual fund.
VC: Holy shit, take this 5m funding.
50
69
1K
Cream hack early analysis -
1. Using account A, Flash Borrow 500m DAI
2. Deposit 500m dai into yDAI
3. Deposit ~500m yDAI into yUSD
4. Deposit ~500m yUSD into yUSDVault
5. Mint ~$500m crYUSD (it used yUSDVault as underlying)
39
282
1K
A rogue validator on Flashbot seems to be exploiting MEV bots. Over 25m USD already stolen.
The validator takes a sandwich bundle from the MEV bot and replaces the victim transaction with it's own that exploits the MEV bot instead.
Here's how it works -
83
288
1K
Harmony Protocol's Horizon bridge was hacked and $100 million were drained earlier today.
The bridge was essentially a 2 of 5 multisig. If any 2 addresses told it to transfer funds to someone, it did.
The hacker compromised 2 addresses and made them drain the money. 🧵👇
86
264
1K
This is how ve(3,3) was born. The tokenomics seems Solid.
28
147
1K
Wen Netflix series about DeFi Drama?
We already have content for like a hundred seasons.
72
89
1K
The $FTM season is just starting.
- 750% APY by folding MIM on
@ibdotxyz
- 100% APR by staking MIM on
@0xDAO_fi
- 60% APR by staking MIM on
@HundredFinance
@AndreCronjeTech
hasn't even launched solidly yet.
If you don't want to actively manage, put it in
@iearnfinance
vault.
Market Cap of the coin and TVL in DeFi are two important KPIs for Blockchains but they can sometimes go out of sync in the short term. This table reenforces our believe in investing in multi chain
6
16
60
51
213
942
Poly Network hacked for over $600 million across Ethereum, Polygon, and BSC.
Poly network hasn't even verified their contracts on Ethereum so it's tedious to analyze. Here are my current thoughts 🧵👇
69
358
922
What now?
FTX customers and Alameda likely rekt but this might have a spiraling domino effect.
Here are my predictions. Not financial advise:
- Alameda might have to liquidate their positions so their liquid holdings like FTT, Sol, Crv, Uni, Sushi etc may have a hard time.
50
163
939
Wintermute was hacked for ~160m a few hours ago.
I took a quick look and my best guess is that it was a hot wallet compromise due to the Profanity bug that was publicly disclosed a few weeks ago.
44
182
795
I am excited to announce that I've joined
@SushiSwap
's
core dev team🍣
Sushiswap is one of my favorite projects in this space and I'm happy to be a part of their journey.
Tune back in on 20/07/21 for some exciting news 😉
50
27
866
Popsicle Finance exploited, hacker drained ~$25m. The hack was complex but the bug was simple. TX Hash:
Basically, Popsicle doesn't transfer the reward debt when users transfer their shares. This exposes multiple exploits, one of which was used here 🧵👇
34
191
838
I'm thinking of doing a live educational session where I review some smart contracts and explain my approach to audits. Who'd wanna watch that?
ps If you have a small contract that you'd like to be reviewed live, post the link below. I'll pick some random ones for the session.
78
40
832
@nicksdjohnson
@ensdomains
It was expected and a safe choice from PR perspective but I can't say I'm happy about this.
I hate his views and stance but I have never seen him treat anyone differently because of his views. I wish we judged people based on their actions, not their words.
29
25
808
Public RPC gateway provided by Ankr for Polygon () and Fantom () were comprised via DNS hijack earlier today.
Polygon and Fantom foundation have no control over services provided by others.
Use Alchemy or others while this is fixed.
89
362
796
MIM held its peg better than UST. Not all cartels are built the same.
30
48
809
Web3 is not about forced decentralization.
Web3 is about the ability to be decentralized. It's about having the choice.
Infura/Alchemy are not bad as long as you have the choice to run your own node.
Custodians are not evil as long as you can self custody as well.
45
105
756
First they ignore you,
then they laugh at you,
then they fight you,
then you win.
38
99
713
Reminder that Testnet Ether is supposed to be free.
If you buy or sell it, you are part of the problem.
If you are draining faucets and trading it for profit, you are a piece of shit.
59
48
706
An attacker left a 120k ETH (~$320m) hole in Wormhole today.
The Wormhole team has promised to cover the loss to save users from bearing the cost.
Let's explore how Wormhole works and how it was exploited (Bonus Wonderland / Sifu connection and memes inside)🧵👇
34
133
652
OFAC just sanctioned this contract.
All it does is echo what you say to it.
This perfectly illustrates the subject matter expertise of the folks over there.
H/T
@wadeAlexC
29
118
667
SafeDollar was exploited today and dumped on the open market for ~$250k. It was an infinite mint exploit. The market cap of $SDO was ~$248mm but there was just $250k in exit liquidity,. The attack happened because SafeDollar incentivized a token that has a fee on transfer. 🧵👇
23
153
632
Underappreciated blockchain projects and tools 👇
-
@eth_tx
-
@StarkWareLtd
-
@HardhatHQ
-
@DeFiSaver
-
@streamingfastio
-
@MEVprotection
- Flashbots
-
@DeBankDeFi
-
@Rabby_io
-
@aztecnetwork
-
@yield
-
@NotionalFinance
-
@TenderlyApp
Share your hidden gems in this thread
53
117
639
FTX has been hacked.
Their wallets are being drained, hundreds of millions of dollars have been stolen.
The website is non-functional.
The mobile app got a new update which might be malware. Uninstall it ASAP.
500m+ drained already. Might be the biggest hack or rug pull ever.
115
306
604
Visor Finance was hacked multiple times over last 2 days.
User funds were lost in the first incident but will be reimbursed. The rest of the pools were apparently test pools with only team funds (100k+).
Hello, one of DeFi's oldest exploits - Trusting spot price of a DEX. 🧵👇
18
99
607
You can't make this shit up
Solana's blockchain clock loses track of time, now running 30 minutes behind (via
@OsatoNomayo
)
234
274
1K
39
51
574
People who aren't efficient will tell you that you can't make it without working 60 hours/week.
It's not their fault, they don't know what a determined person can achieve in 40 hours.
Don't listen to others' bullshit. Find the right balance for yourself. Everyone is different.
39
41
606
KyberSwap attacker sent a new message onchain. He wants to take over Kyber lmao. The dude is unhinged, just like someone we all know.
tx:
75
58
594
Goerli eth is trading for ~$0.69. Not nice.
Testnet ether is supposed to be free but is being marked up by speculators.
Keyboard warriors will tell you that the developers are buying it but no, they are not. Maybe 0.1% are buying for consumption.
72
67
584
Capital of India - Delhi
Finance capital of India - Mumbai
IT capital of India - Bengaluru
Crypto capital of India - Dubai
36
45
558
Wild Credit was exploited earlier today and the hacker took 125k BNT tokens worth ~$650k. The hacker could have taken all of the 10m TVL locked in the system. The exploit happened due to a very basic issue in the smart contracts that I bet most of the followers can detect. 🧵👇
53
114
550
How to beat Casinos
1) Buy chips using credit card
2) cash out chips in cash
You just got free credit card points and cash withdrawal.
Super helpful when you're in a foreign country and don't want to pay ATM fees and fx charges on your debit card for cash withdrawal.
49
26
550
If someone does a porno to pay for their college / other bills, I have nothing but respect for them.
Shame on you if you throw dirt at someone because they hustled their way through the system rather than being born with a silver spoon.
35
24
549
As a brown guy who is often the youngest in the room, you wouldn't believe how many times people have underestimated me.
I've also noticed that women have it worse than me.
Mad props to all the ladies that have to put up with this shit.
29
13
544
Compound Incident Analysis:
Compound upgraded their comptroller contract to which had a one letter bug on L1217.
This led to a reverse rug pull in which Comptroller is giving away more rewards to (past) Suppliers than expected. 🧵👇
15
144
534
⚠️Spicy content ahead. Turn away if you can't handle spice⚠️
- Appchains kill composability. Not great for DeFi.
- Consensus algorithms are not bottlenecks. Swapping them won't increase throughout. Eth's consensus algo is basically "biggest numba win". Computers are good at it.
38
45
528
Curve is the largest Mafia in this space
- Takes bribes to protect your pools
- Has more liquidity/cash than anyone else
- Has killed off numerous competitors
- Makes the most money from wars and FUD
- Those who invest more in the mafia earn more
- For clarity, this is a joke
28
42
523
All TWAPs are subject to manipulation.
Devs must carefully analyze and monitor pools for which they use TWAPs.
Concentrated liquidity makes it cheaper to manipulate TWAPs. Even the most liquid stablecoin pool is manipulatable.
A community pool in Rari paid the price today 🧵👇
26
126
512
Weekly reminder that if you create a sell order and then the sell order executes, it's not a vulnerability on the exchange.
25
39
516
HR did not accept my request to call Polygon employees Polygoons 🫡
48
10
508
An attacker stole $30m from MonoX across their ethereum and polygon deployments a few hours ago.
One of the tx:
The exploit was caused by a smart contract bug that led to incorrect price updates when doing token swaps. 🧵👇
20
129
507
We need better critics in the space. The recent criticisms against Polygon make no sense.
Polygon bought and built on top of existing tech rather than reinventing the wheel. Imagine thinking rebuilding the wheel everytime is somehow better and smarter lmao.
31
26
488
Ronin network was hacked for $600m+ because the private keys of their validator were compromised.
My first thought is that the keys weren't directly compromised but the server running the validator was compromised and the keys were available in plain text on the server.
22
63
482
Top DeFi devs will soon be traded like football players.
Two transfer seasons, per year.
Free agents costing more in weekly wage but no transfer fee.
Buyout clauses that nobody expects to be met but then comes the next bull cycle.
Old devs retire and go work on BSC for money.
26
38
469
Agave and Hundred Finance were exploited today on Gnosis chain (formerly xDAI).
The underlying reason for the hack is that the official bridged tokens on Gnosis are non-standard and have a hook that calls the token receiver on every transfer. This enables reentrancy attacks.
23
119
478
An auditor just quoted $100k for 400 lines of code.
DM me if you wanna start a new auditing firm. We're gonna undercut these quotes and do 400 LOC for just $99k.
42
26
477
I'm surprised nobody has front run Andre with a deployment of Solidly and given an airdrop to *all* projects on DeFiLlama. Yet.
27
23
462
What the fuck did I just watch
91
30
451
Solidity pro tip: Functions marked as payable are 24 GAS cheaper than their counterpart. Payable go brrrrr!
In non-payable functions, Solidity adds an extra check to ensure msg.value is zero.
It's right on the top in the list of dumbest things that Solidity does.
30
55
446
Leaked footage of Polygon PoS being upgraded to Validium.
ft Polygon zkEVM team in Blue tuk tuk, handing over the prover to PoS.
32
45
447
Twitter's ex-CEO
@jack
has been talking crap about VCs, especially a16z.
Twitter's new CEO
@paraga
is married to a16z's GP
@vintweeta
.
Coincidence?
35
42
435
Anyone remember when some anon launched the crv token for
@CurveFinance
and everyone just accepted it and played along? Fun times.
22
10
440
This was not a failure of crypto or defi. This was a failure of opaque and centralized tradfi.
Web3 and blockchains literally prevent situations like this.
The whole idea behind decentralized finance is that there's nobody like FTX in between that can misplace/misuse funds.
44
101
434
The funny bit about this banger is that I can retweet this after 6 months and it'll still be a banger but for different reasons.
5
0
416
Wasn't expecting my first rug of 2022 to come from a real nation
25
16
410
Hey
@techleadhd
, your videos were always clickbaity and shitty but at least you weren't committing a federal crime.
Your new token is a scam and a financial fraud.
Even if you don't care about others, at least think about your future. Stop and get some legal advice ASAP.
19
16
414
If GitHub says that your Solidity project is in Solidity, you don't have enough test cases.
15
32
405
Even the leading news agencies can't tell the difference between Binance and BSC 🤦
65
27
400
Save yourself from being cancelled - search and review the risky tweets that you might have posted using
73
51
394
If you won't sleep nights and weekends in your 20s, you won't have a successful career. Sorry.
27
13
401
No context hot takes:
- Flat orgs don't work, there needs to be a hierarchy.
- Indecision is worse than wrong decision.
- Pudgy Penguins are the cutest PFPs.
- Teams need autonomy on their work, but should provide transparency.
- Nobody wins in a civil war.
29
22
403
It is and was always possible.
If a centralized company with closed source firmware tells you otherwise and you believe it, the joke's on you.
You also know that your browser wallet can be malicious and show you an innocent tx but make you sign a malicious one, right?
33
51
384
Creamed Cream – Learn the Secret Recipe.
Here's my analysis of the $130m+ Cream hack -
21
104
395
I have so much to say about the cream hack. Twitter threads aren't gonna cut it. Expect a blog post soon.
This was a cleanly executed attack. Fun to analyze.
*puts on tinfoil hat*: Two people involved, shared account. Attackers are DeFi devs, not traditional security folks.
gn
9
18
389
9 audits from top firms, yet all audits were able to find new bugs.
This proves that no audit guarantees 100% security.
Audits are super important and helpful, but everyone, please stop using them as certification.
A Lido V2 Audit Update:
Security is a top priority. To this end Lido DAO dedicated significant effort to 9 independent V2 audits.
These audits have uncovered important findings, all of which have been either acknowledged or fixed.
🧵
12
35
222
19
60
384
Jack rage quit because rest of the Twitter leadership wants to integrate NFTs, Ethereum tipping, Tokenization, and other Ethereum goodies.
Maxis will literally quit their company than go to therapy.
14
25
379
🚨 (Twitter) PHISHING SCAM ALERT 🚨
emails can be easily spoofed as they do not have their DMARC/DKIM records setup.
Do NOT interact with any email coming from
Twitter is still using…
23
117
371
Hired a guy for $5 from fiverr to sign me up for all token 2049 side events.
Best 5 bucks I ever spent.
42
8
380
Belt Finance got hacked today, losses worth ~$13mm. Withdrawals have been paused to prevent further losses. The exploit happened due to an incorrect valuation of 3eps shares. This was one of the more complex hacks in recent times🧵👇
11
87
363
Brantley was retained but Dame got fired this week. Guess the tables have turned?
43
9
353
This is the start of the end of Goerli testnet. It served us well.
My faucet distributed 6 million or so Goerli eth for free. Worth around 4 million USD at current prices 🙃.
My RPC node served over 100 billion requests.
They are both non functional now. I'll miss Goerli.
30
18
359
PSA: A rogue dev from SharedStake has pulled the rug. Withdraw all SGT and vETH2 liquidity ASAP.
42
72
346
- Terraform Labs removed another $100m of UST liquidity from Curve soon after
- As UST started to depeg, an unknown actor started dumping ETH and buying UST ($100m+)
- As UST was trading below peg, they made a profit all while avoiding bad optics around dumping Ether
8
15
352
Oh but it is secured by ID verification!
You know what else is secured by ID verification? Mobile number porting.
Do you know how many high profile sim jacking cases happen every day? Too many.
Anything secured by "ID verification" is inherently insecure. Too easy to fake.
8
17
352
I feel like Balaji is most likely running a social experiment
Or he got hacked
Or he is going mad
Or he is defending a stupid liquidation price
Or something else but this week Balaji is quite different from the old Balaji.
68
10
352
This video portrays the past few months of Sushi quite well. Bearish sushi, sleeping in a dark time.
Can someone make a future version? Bullish sushi, being active in the daytime.
14
29
350
PSA: Verify the whole address rather than only first and last few characters when interacting with it.
We're seeing more and more phishing attempts where the attacker tries to impersonate a trusted address by vanity generating an address with same first few and last few chars.
23
96
349
dev: geth --miner.gaslimit brrrr
investors: Holy shit, they solved blockchain scalability. Buy, buy, buy! Ethereum is dead. No innovations in 4 years.
10
32
342
dApps blocking OFAC sanctioned addresses on their official front-ends to fulfill regulatory requirements shows how broken the system is.
People can just use unofficial UIs, earlier versions of the UIs on IPFS, etherscan directly, and so on.
20
32
342
You are free to draw whatever conclusions you want from this data. You are also free to research more.
I have formed my own conclusion but do not feel confident/comfortable sharing it.
22
16
334
I will do live security reviews of Ethereum smart contracts and share my approach to auditing on a stream.
The live stream is scheduled to start in about 21 hours at 3.30 PM GMT on Sunday (22/08/2021)
17
48
333
Indexed Finance was exploited today and ~$16m of tokens were stolen from their Indices.
There's already a good post mortem published by the team -
However, let's dive a bit deeper from a technical perspective 🧵👇
13
76
339
Billions of dollars have been lost because projects transferred the flow of execution to an untrusted contract when all they wanted to do was to send some ether.
I'm proposing a new opcode that transfers ether without calling the recipient -
14
47
336
How did Telegram become the goto chat application for crypto people?
The chats aren't even encrypted by default 🫡
89
12
327