Seeyuh Security @versatilitylab

Here is our current plan for OpenAI: openai.com/index/built-to…

We have identified a critical validation vulnerability in the @syscoin Bridge that was exploited to generate approximately 5 billion unauthorized $SYS outputs on the UTXO side through an inflation-style attack. The incident stemmed from a flaw in the bridge relay path, which incorrectly accepted or interpreted a transaction proof. This caused the system to treat an invalid transaction as valid and mint the unauthorized SYS via the UTXO bridge flow. The tainted funds were initially sent to sys1qgaelv690g7wwp2xchfdh0enf5uewzq5sm9wvcw before being moved, spent, and split. The primary large tainted balances are now held at sys1q2k482wnachkgky4lw60973p4vcf7xlh9kzpv33 (approximately 4B SYS) and sys1qx6jjkq89sdaxftfgre3m0nv7vjfd4jeakg5t38 (approximately 1B SYS). The Syscoin team has paused the bridge, confirmed the root cause in the validation logic, and developed a fix. They are actively tracing the full UTXO trail, coordinating with exchanges and ecosystem partners to blacklist or freeze deposits linked to these tainted outputs and all descendant spends, and working to neutralize the unauthorized supply impact on the network. Organizations, users, and infrastructure providers interacting with Syscoin should immediately: • Refrain from any interaction with the paused bridge until official confirmation of reopening. • Avoid accepting, depositing, trading, or otherwise handling SYS originating from the identified tainted addresses or any subsequent spends in the UTXO chain. • Monitor official @syscoin channels for remediation timelines, fix deployment, and updated blacklist guidance. • Review any internal SYS holdings or bridge-related exposures for potential downstream contamination. The team has treated this as highest priority and is finalizing implementation, code review, and the precise rectification process. Further updates will follow as the fix rolls out and the tainted outputs are fully addressed. This event highlights the elevated risks in hybrid UTXO-EVM bridge architectures and the importance of rigorous proof validation in cross-chain systems.

@HandEManAI @OpenAIDevs @isausmanov @iamstevesuarez @anshchopra_ @cerebral_valley congrats!

We have identified IronWorm, a sophisticated supply-chain malware operation written in Rust that is currently targeting software development environments and the Web3/cryptocurrency sector through malicious npm packages. The campaign can enable a range of malicious activities, including theft of credentials, cryptocurrency wallet seeds and passwords, manipulation of GitHub repositories, unauthorized publication of packages, extraction of CI/CD secrets, communication through Tor-based command-and-control infrastructure, and persistence or concealment using an eBPF rootkit. Organizations should inspect repositories for indicators such as retroactively dated commits, unusual branches, unexpected build or deployment hooks, and commits linked to automation-style accounts (for example, claude, dependabot, renovate, or github-actions). Recommended response measures include removing or retiring compromised package versions, releasing verified clean builds, rotating potentially exposed credentials and access tokens, auditing GitHub Actions artifacts, and rebuilding any affected developer workstations or CI environments from trusted, clean images.

OpenAI frontier models and Codex are now generally available on AWS, giving enterprises a new way to build on Amazon Bedrock with OpenAI through the security, compliance, and governance workflows they already use. This is also the beginning of a broader expansion of OpenAI capabilities on AWS, including future availability for cybersecurity capabilities like Daybreak. openai.com/index/openai-f…

The votes are in. @isausmanov’s Agentic OS for a Phone is the Voice Hack Night People’s Choice winner. A voice-first mobile OS. Users talk, agents answer and take action across the phone. Congrats to the team on taking home $50,000 in API credits.

OpenAI Developers @OpenAIDevs

2 weeks ago

🤳 Agentic OS for a Phone A voice-first mobile OS. Users talk, agents answer, and they can take action across the phone. cerebralvalley.ai/e/openai-voice…

28 55 728 147K 273

@isausmanov Congrats!

Come join our livestream tomorrow where we'll preview some exciting updates to the Codex and the OpenAI platform. Tuesday 6/2 at 8:30am PT / 11:30am ET / 4:30pm BST openai.com/business/intel…

Accepted or rejected, either way would take this as a win.

x.com/i/article/2054…

x.com/i/article/2052…

Today we’re launching the OpenAI Deployment Company to help businesses build and deploy AI. It's majority-owned and controlled by OpenAI. It brings together 19 leading investment firms, consultancies, and system integrators to help organizations deploy frontier AI to production for business impact. openai.com/index/openai-l…

x.com/i/article/2051…

It’s 5/5. What are you building with GPT-5.5?

@OpenAIDevs Seeyuh Security. On chain security infra.

After the recent LayerZero exploit, we are taking steps to ensure rsETH is fully secure, which is why we are migrating to @chainlink CCIP. From the April 18 incident, it is clear that LayerZero's own infrastructure was exploited, resulting in $300M in losses across DeFi. Independent reports from SEAL 911, Chainalysis, and other major leading security researchers all point to the same origin. There are questions that the ecosystem deserves answers to. And we are ensuring rsETH is secured by infrastructure that doesn't leave these questions open. That’s why we’re setting the record straight.

Kelp @KelpDAO

a month ago

x.com/i/article/2051…

78 80 539 443K 179

x.com/i/article/2050…

On chain security has never been so important. #Seeyuh

Stacy Muur @stacy_muur

a month ago

Worst month for DeFi ever.

81 25 296 38K 51

Seeyuh