GhostProtocol @_GhostProtocol_
#unchained Joined July 2011-
Tweets5K
-
Followers304
-
Following1K
-
Likes4K
So, these threat actors successfully phished an author of multiple open source NPM packages with a total of 2 billion weekly downloads – including debug, chalk, and ansi-styles. Since most companies run at least one React or Angular app, they had the opportunity to execute code…
Every person that ships software is a philanthropist of immense magnitude. Since they could have included malware, but didn’t. Contemporary Mother Theresas everywhere.
Every person that ships software is a philanthropist of immense magnitude. Since they could have included malware, but didn’t. Contemporary Mother Theresas everywhere.
Eberechi Eze: “I remember the day I got released, my mum said a prayer. She was praying that this reverse would happen. For me, this is a realisation of a prayer that we prayed 20-odd years ago. This is deeper than anyone can understand. I know it’s meant to be.” 🙏❤️
@tafolaI8 😂😂😂 The people who go into entrepreneurship because they want “freedom” soon find that you were better of letting someone else take responsibility for your failures.
Wait til you have to do deals for your own business😂😂😂😂😂😂😂😂
Wait til you have to do deals for your own business😂😂😂😂😂😂😂😂
PS: contractshark is still in Cursor's trusted publishers for thousands of users. Check yours: Settings > Extensions > Trusted Publishers If you see it, you're compromised.
16/ Action Items for the Community: 1. Audit your extensions NOW 2. Move keys out of .env files TODAY 3. Implement hardware wallet only policy 4. Share this thread 5. Report suspicious extensions We're all targets. Act accordingly.
14/ Why I'm Sharing This: Pride hurt? Yes. Embarrassed? Absolutely. But if one dev avoids this because of my thread, it's worth it. We need to normalize discussing failures. Security through obscurity doesn't work.
12/ If You're Compromised: IMMEDIATELY: 1. Rotate ALL keys in the project 2. Check Etherscan for unauthorized txns 3. Revoke all token approvals 4. Generate new wallets 5. Document everything for taxes/insurance 6. Contact @_SEAL_Org
11/ For Cursor/VS Code Users: Immediately run: # List all extensions code --list-extensions # Check for contractshark ls ~/.cursor/extensions | grep -i contract # Review trusted publishers sqlite3 ~/Library/Application\ Support/Cursor/User/globalStorage/state.vscdb \ "SELECT…
10/ My New Development Setup: 1. Separate VM for smart contract work 2. Hardware wallet only (no hot wallets, period) 3. Secrets in encrypted vaults (1Password CLI) 4. No .env files with keys, ever 5. Extension whitelist only
9/ CRITICAL OpSec Rules (learned the hard way): NEVER: - Store private keys in .env files - Trust download counts alone - Install extensions while rushing - Use hot wallets for anything valuable ALWAYS: - Verify publisher carefully (check for l vs I) - Check GitHub repo - Use…
8/ Red Flags I Missed: ❌ Publisher "contractshark" vs legitimate "juanblanco" ❌ No GitHub repository linked ❌ High downloads but no reviews ❌ Published recently (July 2025) ❌ Typosquatting common extensions Rush to ship = ignored instincts
7/ Why This Attack Works: - Targets developers' weakest moment (rushing to ship) - Exploits trust in official registries - No OS specific malware needed (pure JavaScript) - Works on Mac/Linux/Windows - Silent execution, no indicators
6/ The Forensics Process (for victims): Step 1: Check logs ~/Library/Application Support/Cursor/logs (Mac) %APPDATA%/Cursor/logs (Windows) Step 2: Search for extension grep -r "contractshark" [log_directory] Step 3: Check state database for trusted publishers
5/ How I Discovered It: - Wallet drained notification - Checked Cursor logs - Found installation record - Looked into all my extensions - Found Kaspersky/BleepingComputer reports - Part of $500K+ theft campaign
4/ The Damage: Only lost a few hundred $ in ETH because I follow strict practices: - Hot wallets for testing only - Small amounts - Segregated by project - Main funds in hardware wallets Without these practices, I'd be posting a very different thread.
3/ What ACTUALLY Happened: Aug 7, 11:02 - Installed extension Aug 7, 11:03 - Opened my project Aug 7, 11:05 - Extension silently read my .env file Aug 7, 11:06 - Sent my private key to attacker's server Aug 10 - Wallet drained 3 days of access.
2/ The Attack Vector "contractshark.solidity-lang" extension in Cursor/VS Code. Looked legitimate: - Professional icon - Proper description - 54,000+ downloads - From Open VSX (Cursor's default registry) - Publisher "contractshark" seemed reasonable
1/ Background: I'm obsessive about security. Hardware wallets, segregated hot wallets, unique passwords, 2FA everything. In 10+ years, I have never lost a single wei to hackers. Then I rushed to ship a contract last week.
Omina Peters @benjamin4_bliss
827 Followers 6K Following I am a Social Media Consultant, Success Mentor, Speaker, Trainer, and have created a multiple 5 Figure income within my first 12 years in Network Marketing buz.
Cawni @Cawni460
60 Followers 2K Following
Robin @c_robin18
257 Followers 3K Following I don’t chase— I attract. But I’ll definitely keep you on your toes.
Seashar @SeasharGr5
44 Followers 860 Following
RealEstate consultant... @RajMak_and_Co
100 Followers 414 Following A Realtor, Consultant, Surveyor and Valuer. We maintain,Management, Sell, Let,and value all kind of properties such as Plant and Machinery,Land and Building etc
Elormkay @stevequarshk
150 Followers 4K Following Tech enthusiast and AI lover. Passionate about graphic design and skilled in data analysis. #technology #AI #graphicdesigner #dataanalysis
SHEDHUBB @shedhubb
317 Followers 309 Following Tech Expert with a strong background in IT, cybersecurity, cloud services, and digital transformation. Dedicated to delivering innovative, reliable solutions
Nata @mbutan716952
33 Followers 1K Following
Swyshes @SwyshesjOGMB
141 Followers 3K Following
Temme @TemmePz3ecW
5 Followers 456 Following
Tortusl @TortusljuWp2cn
120 Followers 3K Following
Ceffrtir @CeffrtirkMr7DT
109 Followers 2K Following
RosaliaHanes @HanesRosal47753
43 Followers 2K Following
YAYRA ANKU @Yanksed
177 Followers 1K Following
Lori @vanwart_lori17
321 Followers 3K Following
Zoraida @zoraida_cenicer
284 Followers 3K Following
Estelle @e_parks15
279 Followers 3K Following
Delicia @delicia_beuth
2K Followers 3K Following
Billion$Underwriter @BillionDollarUW
923 Followers 4K Following Free thinking Dad, 1.55 Billion in consumer credit underwritten. In life, love, and business — Chaos will Ensue. Best efforts always outweigh perfection.
Ellen @griggsellen93
346 Followers 3K Following
Grace @grace_barraclou
254 Followers 3K Following
Michelle @michelle34walte
353 Followers 3K Following
WiCyS West Africa Aff... @WiCySWestAfrica
118 Followers 65 Following The WiCyS West Africa is an affiliate of the larger WiCyS organization designed to bring passionate women and all cyber security enthusiast together.
Ismael Valenzuela @aboutsecurity
19K Followers 9K Following VP Labs, Threat Research & Intel @AWNetworks ▪️ Ex @Foundstone @Intel @McAfee @BlackBerry▪️ SANS Author & Senior Instructor #GSE 132 ▪️ #SEC530 #ThinkRedActBlue
Papa Ejima 🇨🇦 �... @Lord_Impaler_7
1K Followers 834 Following Arsenal|UFC|I Identify as Violent|Amùnt Violencia, Victoria Agenda For every Tweet, there is a Meme| Memes & Inshallah 🙏🙏
Benami Singh @benamisb
28 Followers 286 Following
TheDumbTechGuy @TheDumbTechGuy
3K Followers 1K Following Daddy of 2 ¦ Autodidact ¦ Avid gamer and retired world changer ¦ I solve problems ¦ Join us @DevCongress ex @Headspace ¦ ex @Andela
ernest odro @JackCobbina
15 Followers 150 Following
Lachlan Brown @lachybe
40K Followers 36K Following Editor and founder of Hack Spirit (@hackspiritorg) a website sharing actionable advice to improve your relationships with others and yourself.
Sandip D- RxCybersecu... @iSandipd
11K Followers 11K Following Sec Architect | Cryptography CoE | Author | CISSP | CCSP | AWS Security | GWAPT | Infragard | CyberSecCanon | Views=mine |#writingcommunity |
Sammy Bryn @SammyBryn5
7 Followers 80 Following
Mark Smith @HiringMark
7K Followers 7K Following Chair @people2people in Australia & UK, Owner & Principal @FrogRecruitment in NZ. Passionate about recruitment, the environment, movies and rugby!
Endemic Emerald @EndemicEmerald
5K Followers 4K Following Producer, worked with Tragedy, Sean Price, Ill Bill, Planet Asia, Ruste Juxx, Wu Tang Fam & More 》Fat Beats 》Ingrooves 》No Cure 》Unique Soul
Baidoo Emmanuel @BaiduKwasi
50 Followers 583 Following Messenger of the gospel, medical laboratory scientists, Teacher, and Advisor
Prince · Design Part... @AIPrompt_Genius
1K Followers 2K Following Your trusted partner in crafting high-converting websites and landing pages 20+ projects completed with seamless collaboration.
Attomus - Total Secur... @AttomusHQ
7K Followers 5K Following https://t.co/DP8mfFrB1C develops innovative #cyber tools and #security assets; as trusted by #Gov and #LawEnforcement Agencies around the globe #CyberSecurity
Maurice Macauley @mauricemac86
15 Followers 102 Following
BlackRoomSec @blackroomsec
39K Followers 515 Following Hacker. Technical muppet. Fun Dip Enthusiast.
AI FOOTBALL TIPS @AISPORTSTIP
64K Followers 7 Following The ORIGINAL AI GENERATED SPORTS TIPS https://t.co/Owgg0YaYzP
NO LOGO @IllGraphic
19 Followers 7 Following
U.S. Graphics Company @usgraphics
40K Followers 448 Following Engineering graphics. Check out our new typeface, Berkeley Mono → https://t.co/dUqr2XXHLU
MC Squared @mcsquared34
32K Followers 11K Following Rhymer/working class grinder; philosopher, dissident, critic of wealth and power; voice of the voiceless; anarcho-syndicalist; deciphering Necessary Illusions
Prompter @PromptLLM
66K Followers 428 Following Teaching those how to ask AI the right questions to transform every aspect of their life.
Mindset Machine @Mindset_Machine
774K Followers 156 Following Building warriors in a world of worriers | Join the tribe of men turning their ambitions into realities.
solst/ICE @IceSolst
21K Followers 2K Following Pentester turned seceng turned meeting canceller - https://t.co/5hHG2R5lRS (-13$ ARR)
lillycremas @Teresam86564630
1K Followers 2K Following 🧠mata Stewart #1 🫡🏆 eater in America ask your baby fava - reveiws in media .. selective and mean . thick and pretty 😍one strike u out forever🇭🇹
HandöfArsenal @HandofArsenal
247K Followers 245 Following Nobody cared who I was until I put on the mask 🥷🏽
Billy Ocean @macbookshawdy
2K Followers 2K Following Principal Solutions Architect. Azure Certified. CyberSecurity. All things tech. #BlackTechTwitter
Ms. Diggs @DiggsandCo
180K Followers 4K Following https://t.co/q5Ts781pc9 3D CAD designer 🇺🇸 100% service connected military war vet PTSD 🇺🇸 #GIA Graduate Gemologist 💎 ⚜️ Originated in New Orleans
Windscribe @windscribecom
186K Followers 69 Following The best, the fastest, the smartest and the most humble VPN service on this side of a flat disk you call Earth.
watchTowr @watchtowrcyber
9K Followers 13 Following watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
SinSinology @SinSinology
12K Followers 674 Following Pwn2Own 20{22,23,24,24.5,25,25.5}, i look for 0-Days but i find N-Days & i chase oranges 🍊
NANA AMA @Adadziewaa_
5K Followers 89 Following Legendary Ghanaian Background Vocalist - Composer | Bookings : +233 26 228 0788 | +447856576523 [email protected] #AfricanBoogie OUT NOW!
Damian Player @damianbplayer
22K Followers 612 Following founder https://t.co/xWnJoHXr06 || helping non-tech people start ai agencies || ai agents for business.
Julian Goldie SEO @JulianGoldieSEO
105K Followers 1K Following Make money with AI 👉 https://t.co/Igg23wYhJD
Geouci @Geouci_com
112 Followers 8 Following ⭐Gardening Tools - Household Goods - Car Accessories Retailer We provide top-quality gardening tools, household goods & car accessories to improve your life.
arthur @arthur_hagend
3K Followers 392 Following We build Crazy quality apps. At the craziest prices. (IOS & Android & Web)( https://t.co/Iv7YtxKy8X )
Golly Express @GollyExpress
7K Followers 82 Following What you need, when you need it - shopped, shipped, delivered!
About40 Clan @soulpee
6K Followers 2K Following God is Good #Gamer #iSellEverything #iShipEverything #Android #iOS #MobileDev
Nikkita Lyons @nikkita_wwe
309K Followers 12K Following 🦁 THE LYONESS OF WWE NXT 🦁 • 𝔞𝔰𝔭𝔦𝔯𝔢 𝔱𝔬 𝔦𝔫𝔰𝔭𝔦𝔯𝔢 • 🎤🎶🎬🥊🎭🥋📸 AKA FaithyJ - Faith Jefferies
New York Shitty @NyShittyNews
68K Followers 0 Following Used to be @TheMyxs now this page is #NYShitty🗽💩- Follow our new Instagram @NYShittyNews
I am Jakoby @I_Am_Jakoby
21K Followers 1K Following Powershell Hacker LOLbin specialist Sniper, skydiver wannabe super spy
Hayes @neatprompts
45K Followers 4 Following 28. AI engineer @ frontier startup. Mapping the edges of intelligence.
Aadit Sheth @aaditsh
518K Followers 215 Following AI investor, engineer, creator, entrepreneur. Tools & resources to implement in your business. Newsletter: https://t.co/VSQ06LS1g9
🥝🏳️🌈 Be... @gentilkiwi
62K Followers 286 Following A kiwi coding mimikatz & kekeo github: https://t.co/eS3LVgU6i0 Head of security services @banquedefrance Tweets are my own and not the views of my employer
KellyKash 🇨🇦�... @kellykashB
4K Followers 1K Following Inspiring my generation to dream a little bigger.
Duncan Ogilvie 🍍 @mrexodia
9K Followers 335 Following Reverse engineer, creator of @x64dbg and 100+ other projects. Love binary analysis and Windows internals. Dreaming about doing open source full time...
National Institute of... @NIST
90K Followers 473 Following NIST promotes U.S. innovation & competitiveness by advancing measurement science, standards & tech to enhance economic security & improve our quality of life.
David Hundeyin @DavidHundeyin
1.2M Followers 3K Following Investigative journalist, author & filmmaker | Founder @WestAfricaWeek | 2023 James Currey Fellow @Cambridge_Uni | https://t.co/07XivAeu4N
ZoomEye @zoomeye_team
9K Followers 508 Following A cyberspace search engine built for security researcher Daily Tricks || Latest Vulnerability Updates Email: [email protected] https://t.co/AUq5jNpKkl
Ablative Technologies @ablativetech
3K Followers 1 Following Established cybersecurity & skill-growth services for businesses, organizations, and individuals. Free certification study resources in link below.
Wes @phishfinding
16K Followers 1K Following Your favorite cybersecurity engineer & wildlife advocate @certtap
Huntress @HuntressLabs
37K Followers 536 Following Managed #cybersecurity without the complexity. EDR, ITDR, SIEM & SAT crafted for under-resourced IT and Security teams.
SHEDHUBB @shedhubb
317 Followers 309 Following Tech Expert with a strong background in IT, cybersecurity, cloud services, and digital transformation. Dedicated to delivering innovative, reliable solutions
Grzegorz Tworek @0gtweet
36K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
ProfDanUSgreencard_EB... @ProfDanUSvisa
2K Followers 9 Following 🎥 Empowering Your U.S. Immigration Journey 📌 EB1 | EB2 NIW | Employment-Based Visas 💡 Simplifying complex processes with actionable insights 📚 InformativeTrends for United States
You might like
