Mirror Tang
ETH Holder
Occasional Trader
8.2 Months
ZEROBASE创始人|上海交通大学密码学产业教授
1 Following
54 Followers
30 Liked
12 Shared
Posts
See original
Cetus suffers a $223 million attack, Sui governance mechanism and DeFi security architecture face challenges.
Sui@SuiNetwork's leading decentralized exchange Cetus@CetusProtocol has suffered a severe hacker attack, with a fund loss of up to $223 million.
According to a report from Extractor@extractor_web3 security team, the attacker transferred $63 million to Ethereum in just 60 seconds through a bridging protocol.
The Cetus team, in collaboration with the Sui Foundation@SuiFoundation, urgently froze $162 million, but Sui's current governance structure allows 114 validators to arbitrarily freeze wallets.
$SUI fell 15% to $3.81, $CETUS dropped 34% to $0.17, and liquidity pool tokens (like LOFI, HIPPO) plummeted by 75-80%.
According to a report from Extractor@extractor_web3 security team, the attacker transferred $63 million to Ethereum in just 60 seconds through a bridging protocol.
The Cetus team, in collaboration with the Sui Foundation@SuiFoundation, urgently froze $162 million, but Sui's current governance structure allows 114 validators to arbitrarily freeze wallets.
$SUI fell 15% to $3.81, $CETUS dropped 34% to $0.17, and liquidity pool tokens (like LOFI, HIPPO) plummeted by 75-80%.
See original
Cetus Protocol is a decentralized trading platform and centralized liquidity protocol built on the Sui blockchain, and its smart contracts have been audited for security by the blockchain security company (X:@MoveBit_). The audit report has been publicly released and can be found in the Cetus official GitHub repository.
In addition, Cetus has also undergone an audit by another security company (X:@osec_io), further enhancing the security of its smart contracts.
In addition, Cetus has also undergone an audit by another security company (X:@osec_io), further enhancing the security of its smart contracts.
See original
ZEROBASE Community AMA is here!
We are about to start a new round of community meetings, bringing you the latest project updates, exciting event progress, and exclusive content sharing on future development directions.
The agenda for this meeting includes:
🔹 ZEROBASE Product Progress
- We will review the recent UX/UI interface optimization updates.
- Introduction of new modules coming soon, including API features for simplified verification processes and key proofing tools.
🔹 ZEROBASE Popular Events
- The HashKey KYC issue related to the Guinness Challenge has been successfully resolved, and participants can now seamlessly continue participating in the event.
- OKX Event: Successfully concluded, all rewards have been distributed.
The agenda for this meeting includes:
🔹 ZEROBASE Product Progress
- We will review the recent UX/UI interface optimization updates.
- Introduction of new modules coming soon, including API features for simplified verification processes and key proofing tools.
🔹 ZEROBASE Popular Events
- The HashKey KYC issue related to the Guinness Challenge has been successfully resolved, and participants can now seamlessly continue participating in the event.
- OKX Event: Successfully concluded, all rewards have been distributed.
See original
Movement shadow consultant Sam exposes the scam, accusing co-founder Cooper of airdrop fraud
Sam Thapaliya, the mastermind behind the Movement project airdrop scandal, posted a lengthy thread on X platform that seemed to clarify the facts, attempting to respond to Coindesk's accusations of his early involvement in the Movement project.
However, this thread not only failed to clear his suspicions but also exposed his potentially unsavory role in the Movement project. As a notorious 'puppet master', Sam Thapaliya's actions are questionable, as he may have manipulated airdrop distributions using his consultant status and could even be linked to the large-scale token sell-off incident. Below is a整理 and exposure of his defensive content.
However, this thread not only failed to clear his suspicions but also exposed his potentially unsavory role in the Movement project. As a notorious 'puppet master', Sam Thapaliya's actions are questionable, as he may have manipulated airdrop distributions using his consultant status and could even be linked to the large-scale token sell-off incident. Below is a整理 and exposure of his defensive content.
See original
Chinese law enforcement agencies are publicly monitoring Telegram accounts registered with 70 million CN phone numbers—Technical Analysis and User Privacy Protection Guide
At the 12th China International Police Equipment Expo held in 2025, the Third Research Institute of the Ministry of Public Security demonstrated a tool specifically designed for monitoring Telegram. According to reports from the South China Morning Post, this system has collected more than 30 billion pieces of information involving 70 million Telegram user accounts and 390,000 groups and channels.
This article aims to speculate on the underlying technical means through publicly disclosed information and to provide ordinary users legally using this software with personal privacy protection guidelines.
In the current digital governance system in China, Telegram, as a widely used encrypted communication tool for overseas communication, anonymous collaboration, and information dissemination, has become a key target for national intelligence agencies' monitoring. The 'Multi-dimensional Intelligence Analysis Terminal for Personal Extreme Behavior' demonstrated by the Third Research Institute of the Ministry of Public Security at the 12th Police Equipment Expo is a dedicated system developed for practical monitoring of Telegram. This system is not one that 'may have' technical capabilities, but one that is fully deployed, operational in real situations, and integrates a complete set of intelligence strike systems including network monitoring, social graph reconstruction, cross-platform data retrieval, behavior scoring, and device intrusion, aimed at 'systematically identifying, modeling, and intervening' all users of Telegram who touch sensitive content.
This article aims to speculate on the underlying technical means through publicly disclosed information and to provide ordinary users legally using this software with personal privacy protection guidelines.
In the current digital governance system in China, Telegram, as a widely used encrypted communication tool for overseas communication, anonymous collaboration, and information dissemination, has become a key target for national intelligence agencies' monitoring. The 'Multi-dimensional Intelligence Analysis Terminal for Personal Extreme Behavior' demonstrated by the Third Research Institute of the Ministry of Public Security at the 12th Police Equipment Expo is a dedicated system developed for practical monitoring of Telegram. This system is not one that 'may have' technical capabilities, but one that is fully deployed, operational in real situations, and integrates a complete set of intelligence strike systems including network monitoring, social graph reconstruction, cross-platform data retrieval, behavior scoring, and device intrusion, aimed at 'systematically identifying, modeling, and intervening' all users of Telegram who touch sensitive content.
See original
Interpretation of ZK Articles: Completeness Problem of Statistical Zero-Knowledge Proofs
In the 1990s, MIT. Amit Sahai and Salil Vadhan raised a question that hardly anyone outside cared about:
"Is there a complete problem for statistical zero-knowledge?"
They eventually found the answer: the statistical difference problem (Statistical Difference, SD), also known as "Statistical Difference from Uniform" (SDU)
is one of the most core and representative problems in statistical zero-knowledge (SZK).
At that time, ZK was almost entirely 'computational':
✅ Built on mathematical challenges
❌ Security depends on the attacker's computing power
SZK is another model of privacy protection:
"Is there a complete problem for statistical zero-knowledge?"
They eventually found the answer: the statistical difference problem (Statistical Difference, SD), also known as "Statistical Difference from Uniform" (SDU)
is one of the most core and representative problems in statistical zero-knowledge (SZK).
At that time, ZK was almost entirely 'computational':
✅ Built on mathematical challenges
❌ Security depends on the attacker's computing power
SZK is another model of privacy protection:
See original
Function Analysis of the Virtual Currency Tracing Analysis Device by the Third Research Institute of the Ministry of Public Security
The virtual currency tracing analysis device developed by the Third Research Institute of the Ministry of Public Security is systematically designed around six dimensions: on-chain address analysis, fund path tracing, mixing behavior identification, transaction detail extraction, case management, and evidence collection collaboration. In terms of currency compatibility, the device supports four mainnet currencies: BTC, ETH, TRX, and BNB, and fully supports four issuance protocols of USDT, including USDT-OMNI, USDT-ERC20, USDT-TRC20, and USDT-BEP20, ensuring coverage of over 90% of mainstream asset types encountered in current cases.
In the address analysis module, the system can display the basic information (such as creation time, associated chain, protocol version), transaction behavior characteristics (including deposit frequency, distribution of withdrawal addresses, whether it is a centralized withdrawal), balance historical change curve, daily income and expenditure details, and other full data for any given address. The significance of this function lies in eliminating the reliance on manual retrieval of transaction records, instead digitizing address profiles and visualizing behavior patterns, laying the foundation for subsequent fund path identification and target selection.
In the address analysis module, the system can display the basic information (such as creation time, associated chain, protocol version), transaction behavior characteristics (including deposit frequency, distribution of withdrawal addresses, whether it is a centralized withdrawal), balance historical change curve, daily income and expenditure details, and other full data for any given address. The significance of this function lies in eliminating the reliance on manual retrieval of transaction records, instead digitizing address profiles and visualizing behavior patterns, laying the foundation for subsequent fund path identification and target selection.
See original
Oded Goldreich – Pioneer of ZK Interactive Proof Systems
In the late 1990s, Matthew Green (X:@matthew_d_green), as a computer science student, raised a key question:
If encryption cannot truly solve the privacy problem, can it still be considered protection?
In 2013, he collaborated with Eli Ben-Sasson, Ian Miers, and others to propose the Zerocash protocol, a zk-SNARK-based solution that enabled on-chain privacy transactions without revealing transaction details, opening up a new path for privacy protection in the digital age.
However, zk-SNARKs are not perfect:
❌ Extremely high computational complexity,
❌ Requires a large amount of resources to generate and verify
If encryption cannot truly solve the privacy problem, can it still be considered protection?
In 2013, he collaborated with Eli Ben-Sasson, Ian Miers, and others to propose the Zerocash protocol, a zk-SNARK-based solution that enabled on-chain privacy transactions without revealing transaction details, opening up a new path for privacy protection in the digital age.
However, zk-SNARKs are not perfect:
❌ Extremely high computational complexity,
❌ Requires a large amount of resources to generate and verify
See original
Today I saw someone saying that because the API crashed, they suffered huge losses. I will also share how I lost 500,000 USD because I trusted others.
This is a reflection I wrote for myself, and for everyone who has lost money by trusting others.
I consider myself someone with a bit of judgment, I have read some books and enjoy researching, but
Information overload does not equal cognitive upgrade.
The Finblox project was invested in by Sequoia + Dragonfly, and at that time I thought it was incredibly impressive, so I saved money. As a result, these guys actually lent the money to that bastard Zhusu, and then the founder shamelessly made me surrender and lose half. The project has basically rugged after the founder and has since done countless projects.
I chased after memes, acted impulsively, and followed others without knowing who posted it. As a result, it quickly went to zero.
How did I comfort myself at that time?
• Sequoia invested, it must be reliable.
• KOLs are promoting it, it will definitely rise.
• It was written as a deposit, can it run away?
Looking back now, this is not judgment, it is laziness and luck. Ultimately, money came too easily.
I handed over my decision-making to others, so I deserved to be harvested by them.
In the crypto world, it’s not about how smart you are to make money; it’s about whether you can be your own master.
Is liquidity locked? Is the contract open source? Do you know the unlocking rhythm of the VC?
If you don’t know any of these, then no matter how much you lose, the essence is the same. You didn’t make a decision; you just followed the trend and placed bets.
Trusting others will lead you to lose money.
• Keep your private keys safe.
• Assess risks yourself.
• Manage your positions yourself.
• Take responsibility for the results yourself.
Everywhere you think there is trust hides a scythe ready to harvest you.
Since then, I have set a few iron rules for myself:
• Only invest money in memes that I can afford to lose completely.
• Do not transfer large amounts of wealth out of wallets/exchange addresses.
• If I don’t have time to research, I won’t invest in any trending projects.
This is the lesson I learned with 500,000 USD.
If you have also taken the same wrong path, I hope you won’t spend tuition fees again.
This is a reflection I wrote for myself, and for everyone who has lost money by trusting others.
I consider myself someone with a bit of judgment, I have read some books and enjoy researching, but
Information overload does not equal cognitive upgrade.
The Finblox project was invested in by Sequoia + Dragonfly, and at that time I thought it was incredibly impressive, so I saved money. As a result, these guys actually lent the money to that bastard Zhusu, and then the founder shamelessly made me surrender and lose half. The project has basically rugged after the founder and has since done countless projects.
I chased after memes, acted impulsively, and followed others without knowing who posted it. As a result, it quickly went to zero.
How did I comfort myself at that time?
• Sequoia invested, it must be reliable.
• KOLs are promoting it, it will definitely rise.
• It was written as a deposit, can it run away?
Looking back now, this is not judgment, it is laziness and luck. Ultimately, money came too easily.
I handed over my decision-making to others, so I deserved to be harvested by them.
In the crypto world, it’s not about how smart you are to make money; it’s about whether you can be your own master.
Is liquidity locked? Is the contract open source? Do you know the unlocking rhythm of the VC?
If you don’t know any of these, then no matter how much you lose, the essence is the same. You didn’t make a decision; you just followed the trend and placed bets.
Trusting others will lead you to lose money.
• Keep your private keys safe.
• Assess risks yourself.
• Manage your positions yourself.
• Take responsibility for the results yourself.
Everywhere you think there is trust hides a scythe ready to harvest you.
Since then, I have set a few iron rules for myself:
• Only invest money in memes that I can afford to lose completely.
• Do not transfer large amounts of wealth out of wallets/exchange addresses.
• If I don’t have time to research, I won’t invest in any trending projects.
This is the lesson I learned with 500,000 USD.
If you have also taken the same wrong path, I hope you won’t spend tuition fees again.
Login to explore more contents