Last Notes
https://blossom.primal.net/6e14e56f9ec845ac590dda342c108df69625d0aa9fd4e876ddf3c206f6ec3ea8.jpg
https://ipfs.girino.org/ipfs/Qma1YmdYrvbeV3Z6Gk26VuFhZYvTEmkcwvGJ2peAtYLay7?filename=file.jpg
https://ipfs.girino.org/ipfs/QmdRXhmeSeCZYwm6M9AuEqHguf3xNkzDjTtH8wssJ4gSap?filename=file.jpg
Source: https://www.instagram.com/p/DYlvsvZE3CV/?img_index=1&igsh=MXhxMHk3OWNhMHowaw==
Shut the fuck. It does not "affect node runners."
Now kindly fuck off.
"Speak louder into the microphone, or you will be replaced by AI." A discussion panel on whether AI is or could be an art form. https://otherstuff.shaving.kiwi/36ed7ed56adc7488fa3c15221b2d311347bbdf2d37e14f4d20badd718b673d3e.webp #BFF26 #BFF
Yup. My bet is now digital trade documentation. Huge compared to social media.
Like this?
https://logen.btcforplebs.com/50679d84182b0b3478a4da379cb92ffce4446f32c53561989b31bcb36a9546cd.mp4
Я уже не помню, когда в последний раз чувствовал себя богатым, просто держа 𝐁𝐓𝐂. Теперь, когда он сползает, я снова испытываю это чувство бедности. Но это нормально, ведь такова психология трейдера. Мы склонны продавать победителей рано и держать проигравших вечно. И пока 𝐁𝐓𝐂 колеблется в зоне ни рыба ни мясо, я продолжаю курить в сторонке, задаваясь вопросом, когда же finally rekt.
#Крипта #Мемы #Ходл
https://blossom.laantungir.net/0ee03242c2ec4fb3b29b1aeb755afb58cafd82513c68207d7f0865c4c39603a2.jpg
The other 5 nostr users were busy.
It's nowhere near as bad, as it used to be.
Sugarbaby DMs and kind 1 randoms asking me to sit on their face. 🙄
It used to be intimidatingly, horrifically bad. Shit gave me nightmares.
I don't support shitcoiners. I support bitcoin. I love bitcoin more than I hate shitcoins.
Also... I like to shill shitcoins to people I dislike.
A transparent look at the May 2026 exploit, the community response, and how the network recovered stronger.
On May 19, 2026, the Signum network faced one of the most serious security incidents in its recent history.
A crafted block exploited an integer overflow vulnerability in the Signum node’s block reward calculation. The result was extreme: approximately 140 billion SIGNA were credited to the attacker’s account in a single block — an amount far beyond the legitimate circulating supply.
At first glance, this could have been catastrophic.
But what happened next showed something far more important than the exploit itself: the strength, discipline, and speed of the Signum community.
Within the same day, the anomaly was detected, exchanges were contacted, emergency patches were released, pool operators coordinated, and a rollback process began. By the evening of May 21, the chain had reached consensus again. By May 23, exchanges had received the necessary CVE details and patch confirmation, and SIGNA trading resumed.
No legitimate Signum holder balance was affected.
This is the story of what happened, how the network recovered, and what we are improving next.
What Happened?
The exploit occurred at block 1,541,011.
An attacker crafted a malicious block that abused an integer overflow in the block reward calculation. Because the crafted block still satisfied the Proof-of-Commitment consensus rules on vulnerable nodes, it was initially accepted by parts of the network.
Shortly after the block was mined, community member ANGiS noticed an absurd account balance and detected that funds were starting to move toward exchanges. ANGiS immediately escalated the issue to frank_the_tank and ohager.
That early detection was critical.
It gave the team and the community enough time to act before the situation could spiral further.
The Root Cause
The vulnerability was introduced in the context of the SMART_FEES hardfork, which added fee cash-back and burn accounting to Signum’s block reward calculation.
In the affected versions, some arithmetic operations were performed using unchecked Java long calculations.
The vulnerable logic looked like this:
rewardFeesNqt -= block.getTotalFeeCashBackNqt();
rewardFeesNqt -= block.getTotalFeeBurntNqt();
By setting totalFeeCashBackNqt to a very large negative value, the attacker caused the reward calculation to overflow into a large positive value. That inflated reward was then credited directly to the miner account.
The issue affected Signum node versions:
signum-node >= 3.9.0 and < 3.9.8
The vulnerability was later registered as:
CVE-2026–48486
The Immediate Response
Once the issue was confirmed, the response moved quickly.
Exchanges were contacted and asked to halt SIGNA trading and deposits while the investigation was ongoing. This prevented further damage and limited the internal accounting impact for exchanges.
On the same day, two releases were published:
v3.9.7 was an emergency containment release.
It temporarily blocked the malicious account through the configurable node.accBlocking property, preventing further exploitation.
v3.9.8 was the root-cause fix.
It replaced vulnerable fee arithmetic with overflow-safe operations and introduced explicit rejection of invalid negative fee fields.
The response was public and transparent. The malicious account, the blocking mechanism, and the code changes were visible in git history. There was no silent patching and no attempt to hide the incident.
That transparency matters.
In decentralized systems, trust is not created by pretending that incidents never happen. Trust is created by responding quickly, communicating clearly, and fixing the root cause in public.
The Rollback
Because parts of the network had accepted the malicious block, a coordinated rollback was required.
Pool operators and node operators worked together to roll the chain back to before block 1,541,010. Operators still within the 1,440-block rollback window could perform a popOff through the API. Nodes outside that window required a full resync.
During testing and recovery, another issue appeared: some nodes performing a full resync from genesis encountered a non-deterministic fork-resolution bug introduced by the v3.9.8 patch.
This led to the release of v3.9.9 on May 21.
v3.9.9 completed the fix by adding a block-version-4 requirement for burnt-fee validation and correcting the chain-restoration logic.
By the evening of May 21, the network had stabilized and reached consensus again.
Impact
The exploit credited approximately 140 billion SIGNA to the attacker’s account in a single crafted block.
However, the coordinated rollback fully invalidated the fraudulent on-chain balance.
Most importantly:
No legitimate Signum account or holder balance was affected.
There was, however, temporary disruption:
SIGNA trading and deposits were suspended from May 19 to May 23.
Some exchanges that received attacker deposits before the trading halt experienced internal ledger divergence between their own records and the rolled-back canonical chain. These cases were resolved through direct coordination between the exchanges and the Signum team.
What Was Fixed?
Three releases were part of the incident response:
v3.9.7 — Emergency containment
The malicious account was temporarily blocked through node.accBlocking to prevent further exploitation.
v3.9.8 — Root-cause fix
All vulnerable fee arithmetic was replaced with overflow-safe operations using Convert.safeAdd() and Convert.safeSubtract().
Blocks with invalid negative fee fields are now rejected during block acceptance.
Fee totals are also validated against per-transaction sums.
v3.9.9 — Complete recovery fix
A block-version-4 requirement was added for burnt-fee validation, and the non-deterministic chain-restoration bug affecting full resyncs was fixed.
All operators should now run: v3.9.9 or later
What We Learned
The response worked. The network recovered.
The fraudulent balance was invalidated. Exchanges reopened.
But this incident also revealed areas where Signum must improve.
1. Emergency communication must be faster
Some key pool operators were difficult to reach quickly.
In a rollback situation, time is measured in blocks.
A dedicated emergency channel for major pool operators and infrastructure providers would reduce response time significantly.
2. Vulnerability disclosure needs a formal process
This incident was handled successfully, but still too much of it was improvised under pressure.
Going forward, Signum should formalize the use of GitHub Security Advisories or a similar process for coordinated disclosure, private patch development, CVE handling, and exchange communication.
3. Anomaly detection should be automated
The incident was detected because a community member noticed something unusual.
That was fortunate.
The next step is automated monitoring for abnormal block rewards, suspicious supply changes, and other values outside expected ranges. Human vigilance is powerful, but critical alerts should not depend on someone randomly seeing the anomaly first.
A Community That Showed Up
Signum has no company behind it.
No centralized foundation with a professional incident-response department. No VC-backed security team waiting in the background.
What Signum has is something different: a community that moves when it matters.
Special thanks go to:
ANGiS for first detection and immediate escalation.
frank_the_tank for exchange coordination, pool operator outreach, and rollback orchestration.
ohager for root-cause analysis, patch development, and the rapid release of v3.9.7, v3.9.8, and v3.9.9.
pir8Radio from Nam Pool and Shadow from OG Ro-Pool for critical contributions to chain stabilization.
Balazs for post-incident analysis and ongoing hardening work.
And all pool operators, node operators, exchanges, and community members who acted quickly under pressure.
This was not just a technical recovery.
It was a community recovery.
Final Thoughts
Security incidents are never good news.
But they are also moments of truth.
They show whether a project hides, delays, blames, or acts.
In this case, Signum acted.
The vulnerability was identified.
The exploit was contained.
The chain was restored.
Legitimate balances were protected.
The root cause was fixed.
Trading resumed.
And the hardening work continues.
Signum is not stronger because the incident happened.
Signum is stronger because of how the community responded.
Transparent. Fast. Decentralized. Together.
That is what this network is built on.
Discover Signum
Signum is the world’s first truly sustainable blockchain, featuring world-class applications on a sustainable, leading-edge blockchain architecture. Unlike other cryptocurrencies, Signum powers its native cryptocurrency Signa (SIGNA), with a minor fraction of energy use and e-waste. Signum empowers users and developers worldwide with innovative blockchain solutions for everyday life.
Find out more at https://signum.network/or join a Signum channel below.
Get SIGNA : https://signum.network/exchanges
Twitter
Telegram
Discord
Reddit
Youtube
Documentation
NFT-Portal
Defi-Portal
Your
SIGNUM-NETWORK
Signum
Blockchain Security
Proof Of Capacity
Decentralization
Cryptosecurity
Some rights reserved
Follow
Published in Signum-Network
89 followers
·
Last published Apr 17, 2025
Signum is the foundation for our sustainable future. It’s easily accessible to everyone and as a customizable platform, it has the power to feature unstoppable and censorship-resistant decentralized applications.
Follow
Written by Signum
170 followers
·
12 following
Join the movement! https://signum.network
No responses yet
Hes got lots of kids. He lost most if not all his bitcoin. Even crazy people have their limits. We'll see though.
Watch and learn how this plays out. You'll either turn tk shitcoining or leave the place entirely.
Good luck
Биткоин — это вечный сизиф. Каждый раз, когда он поднимается на вершину, его сбрасывают обратно в долину. Но в отличие от Сизифа, биткоин не теряет своей ценности при падении. Он просто ждет следующего цикла, чтобы начать все сначала. Так что, друзья, если вы хотите играть в эту игру, будьте готовы катить свой биткоин-мешок в гору снова и снова.
#Крипта #Мемы #Ходл
https://media.tenor.com/NvdrkFQj668AAAAC/principal-skinner-yes.gif
You make a fair point about the adoption hurdle. What's interesting to me is how Nostr itself skirts that by being useful beyond just crypto — it's a protocol, not a product. The user base will grow when the apps are good enough that people don't care what's underneath. What do you think would make Nostr break into the mainstream?
Stay away from the latest thing at all costs
Not a lawyer, but suspect you’ll be forced to block that note on your domain.
So will any client that also gets named directly.
👋🏾
https://npub1rzg96zjavgatsx5ch2vvtq4atatly5rvdwqgjp0utxw45zeznvyqfdkxve.blossom.band/91fc0ff1714e587dc95bf8cdb73c5f2cb8cc76ae43f700d21e3a8b57b9fbc175.jpg
https://media.libernet.app/s/55Wf38.jpg
I'd say if money is your only motive for doing it then your likely doing it for the wrong reason and it will show in the work accomplished.
通常人们说的平均数只存在理论中,现实当中大多数人不到平均水平,甚至差得很远。
> 芒格说:大家都知道,所谓常识,是平常人没有的常识。我们在说某个人有常识的时候,我们其实是说,他具备平常人没有的常识。人们都以为具备常识很简单,其实很难。
就是这个道理,他说的平常人是理论上的,能平常的人并不平常。
https://media.libernet.app/s/NaRJdg.jpg
Yeah...yeah!
I'd heard, can't remember where, that there's a theory out there that jar jar is in fact a sith who's simply playing dumb as the ultimate 4D chess move. Something about his "accidents" helping the evil forces repeatedly at key moments. Haven't looked into it, but apparently one can develop that theory quite fully.
Regardless of what his true nature or temporal origins, It's a shame they sorta phased his character out like they did.
Block 952480
4 - high priority
3 - medium priority
1 - low priority
1 - no priority
1 - purging
#bitcoinfees #mempool
I know for a fact that first part is a lie. This downturn in price has been rough. Leverage was a bad idea 🤦♂️ And diversifying into privacy coins like zcash... I'm going to be sick, brb.
Did I mention, fuck all the AIs, especially Opus 4.8?! How the heck was there an inflation bug discovered in zcash after all this time, which was discovered by the simplest retarded query?!!
I'm sorry, I'm clearly projecting the stresses of insolvency onto our friendship. YODL is back to being professional. Making some moves today that could possibly turn this around 💪
https://static.klipy.com/ii/4e7bea9f7a3371424e6c16ebc93252fe/f2/95/SATvOfpNkhlUiqR.gif
Honestly... unless they're willing to sustain the minority fork (i doubt it) this entire thing will be a non event.
I like Liquid, but it has a different use case. It’s not ideal for micropayments and zapping.
I think it's turned into a waiting strategy, i.e who will be the first to suffer the consequences of the blockade, and therefore, will be forced to make concessions to the other party to end the conflict...
If the recent rumours about Iran already possessing the N-bomb are true, then this will potentially change the equation drasticaly. It may end the conflict now by forcing the belligerents to an accord, but also will certainly start an arms race in the region - exactly what this war was officially supposed to prevent!
What is already certain is that the rest of the world will be among the losers of this conflict, although they have nothing to do with it...
准备下周跟老板摊牌了,周末把辞呈写好。
https://media.libernet.app/s/SJPM7N.jpg
📺 [ #GaMeTiMe ] FP1 Monaco GP
https://cdn.nostrcheck.me/4c04e87cc7fdde5f6654424a6b053b961b672debaa878c48dae308795ea9be35.jpeg
#Sports 🌐 #PREDYX
It's only doom in your mind. Use that energy for something positive. Pura vida.
How is moving from chain to chain a problem? It is currently working between bitcoin and monero and doing far more volume than bitcoin on chain to lightning. Monero payments dominate DNMs.
https://media.libernet.app/s/xqmrk4.jpg
What is it? Some sort of ancestry website?
I put my blog on GitHub. It's spaghetti prose. I suck, but the budget app Shakespeare pushed makes me look smarter than a 5th grader. I don't even know how to do a version number yet.
Next year I need to plant more strawberries. It is hard to find 🍓 without pesticide even at farmar market.
https://image.nostr.build/50da5de469589a4f63c830ebf4f535d224abb206b592af0a3e908ef6a86ffc72.jpg
#foodstr
Always a good time so long as I have the right mutes in place
Banyan relay is growing teeth 🌱
😂🤣😂🤣
Only thing I can do is make sure my relay can fix the gaps for me one day. Then I never have to upgrade mwehehe
Really? I always had pleasant interactions with him
Pessoalmente, eu prefiro os celulares tipo Flip. Dava emoção ao fechar a ligação na cara da pessoa.