A German teenager posted a frustrated tweet cursing out Olaf Scholz while his 37.9 GB Fortnite update crawled along at 173 KB/s, a download that would have taken over 60 hours to complete. The tweet had just 503 views. German police later opened criminal proceedings against him for insulting a politician. The case was dropped after he deleted the post. A year later he posted the official letter.

Germany has lost it. Back in November 2024, a teen in Germany posted "olaf scholz du bastard was soll diese scheiße" ("olaf scholz you bastard what the hell is this shit") while staring at a Fortnite update sitting at 3%, downloading a 37.9 GB patch at roughly 173 KB/s. At that rate the install would have taken over 60 hours. The only had 503 views. Three months later, on February 11, 2025, German police sent him a Schriftliche Äußerung als Beschuldigter, the formal "written statement as the accused" notice. The charge: §188 StGB, insulting a person of political life. A year on he posted the police letter with the caption "Happy anniversary to the funniest thing that ever happened to me." Per his own follow-ups, the matter ended without major consequences, though no formal outcome of the proceedings has been made public. The original tweet seems deleted.

We’ve published a technical report evaluating a post-quantum cryptography migration path for BSC. The report covers: • ML-DSA-44 transaction signatures • pqSTARK validator aggregation • Type 0x05 transaction format • Public key storage and verification flow • Cross-region performance benchmarks Benchmark highlights: • Tx size: 110 B → ~2.5 KB • Block size: ~110 KB → ~2 MB • Native transfer TPS: 4,973 → 2,997 One notable result: The primary bottleneck was not signature verification performance, but block byte size and cross-region propagation overhead. Read the full report 👇

Japan is going all-in on stablecoins right now. Just days ago, Japan’s FSA finalized new rules clarifying the legal status of foreign trust-based stablecoins, creating a clear pathway for them to operate in Japan as Electronic Payment Instruments effective June 1. This builds on the LDP’s push for a national AI and blockchain financial system with strong support for yen stablecoins and tokenized deposits. And right on cue LINE, one of Asia’s biggest super-apps with 200 million monthly active users across Japan, Taiwan, Thailand & Indonesia, rolled out official JPYC, a yen-pegged stablecoin, support in its Unifi wallet on May 22 for real payments, transfers & rewards. But what most don’t realize is that there’s a little-known blockchain quietly powering the efficient settlement behind LINE’s Unifi rollout and broader Asia expansion. It’s Kaia. Just 2 days after launch, JPYC circulation on Kaia already surpassed ¥100 million. Not only that, South Korea’s largest bank, KB Kookmin piloted KRW stablecoin for offline QR payments and global remittances on Kaia. It also already has native USDT and plans for multiple Asian currency stables with Unifi. $KAIA seems like it’s quietly shaping up to be a sleeping giant for the Asian stablecoin sector. One to monitor closely as the Asian stablecoin market grows and gets clear regulations.

🚨 node-ipc is compromised again. Three new malicious versions just dropped: 9.1.6, 9.2.3, and 12.0.1. Socket’s AI scanner flagged them as malware within three minutes of publication. The attack vector: a dormant maintainer account (atiertant) was likely taken over via an expired email domain. The attacker registered the lapsed domain, triggered an npm password reset, and gained publish rights to a package with millions of historical downloads. The payload is a credential stealer embedded in the CommonJS entrypoint (node-ipc.cjs). It activates on require(“node-ipc”), not through a postinstall script. Here’s what it does: •Fingerprints the host (OS, arch, hostname, uname) •Harvests 113-127 credential file patterns depending on platform (AWS, GCP, Azure, SSH keys, Kubernetes configs, npm tokens, .env files, shell histories, macOS Keychain databases, and more) •Dumps the entire process.env, capturing every CI secret and cloud credential in memory •Builds a gzip archive in a temp directory •Exfiltrates everything over DNS TXT queries to bt[.]node[.]js, using a bootstrap resolver at sh[.]azurestaticprovider[.]net:443 (a deliberate lookalike of Microsoft’s Azure Static Web Apps domain) The DNS exfiltration is chunked. A 500 KB archive generates roughly 29,400 TXT queries. The body is XOR-encrypted with a SHA-256 keystream, base64-encoded, alphabet-substituted, and split into 31-character chunks before hex-encoding into DNS labels. Header, data, and footer queries use xh, xd, and xf prefixes respectively. The malware forks a detached child process (env var __ntw=1) so credential theft runs silently in the background. It also exposes a __ntRun export, meaning any downstream code that calls require(“node-ipc”).__ntRun() can trigger a second collection/exfiltration cycle. ESM-only consumers using the import path are not affected by the reviewed package metadata. CommonJS consumers are. This is the same package involved in the 2022 protestware incident. It has a history. If you use node-ipc: •Do not install 9.1.6, 9.2.3, or 12.0.1 •Audit your lockfiles for these versions •If you loaded the CommonJS entrypoint, treat all environment variables, SSH keys, cloud credentials, npm tokens, and local secrets as compromised. Rotate immediately. •Hunt for DNS TXT queries to bt[.]node[.]js and sh[.]azurestaticprovider[.]net in your network logs •Check for temp files matching /nt-/.tar.gz Credit to Ian Ahl (@TekDefense) for first publicly identifying the expired-domain account takeover vector. Developing story. Full technical breakdown and IOCs on the Socket blog: