Over the past few weeks I’ve been working on changing my role as one of the cofounders of Higherrrrrrr. I want to do less public posting, and more just building, mostly for no other reason that there are people in our community now that are better at the posting than me, and really, the building part is what I’m uniquely good at (it’s what I love to do). I think we can build a much better product this way anyways.

Yesterday, I put out a blog post highlighting these learnings, and talking about this transition. You can read about it here. I wrote the post yesterday AM, and shared a draft with Zander my cofounder (he’s anon, but a real person, we’ve met in real life, truly good human).

At the same time as we were moving this change, there was some, interesting, to say the least activity on a competitor platform on a different chain. There’s a lot of manipulation in crypto, this was typical, and we’ve been vocal across different platforms about calling it out. Zan (who is anonymous) and a couple of other community members (also anonymous) started calling out the behavior on Monday night and I wasn’t tracking the tweets fully. When I was working yesterday morning, I finally caught up with the content and put out a tweet supporting our community and making a slightly negative but truthful statement about the competition. In a semi-private community chat, I made statements that were negative against the competitor.

This is when the security incident started that we’re still investigating. The Higherrrrrrr team is taking measures to roll keys on any key accounts (including our multisigs), and the way our protocols are engineered, everything that moves money is safe, and we have never had a money-moving security incident. The protocol admin / upgrade keys on Base and Solana under both architectures are burned, so funds are safe and secure.

The problem with the anonymity in crypto is that when things like this happen, it’s impossible to tell who is doing them. Because we are a popular platform that is doing a migration that will hopefully bring a lot more activity, there are many folks with financial incentive to do this (some of which we don’t know, probably hidden market markers etc). When you start threatening someone’s money or profit, bad actors will do evil things to keep profiting. With enough time / money / resources, it’s possible to uncover certain actors, but it’s prohibitively expensive under most circumstances.

Below is the timeline of the incident:

Monday Evening: Higherrrrrrr affiliated accounts push tweets calling out a specific coin promoted by another community. The structure of the coin and uncertain nature points to possible bad behavior. Our community doesn’t lie and say that it’s for sure bad, but given a pattern of behavior, that is highlighted. Coin is at a 30m market cap with clear retail activity and growing quickly (it might still be, I haven’t checked)

Tuesday Morning (approximately 8am pst): my personal account pushes tweets critical of competition given what we were seeing, that were measured and truthful. Personal opinion statements.

Tuesday Morning (approximately 10am pst): on my personal instagram (which is quite small, and barely doxed, just friends) an account with name xx from “suable“ requests to follow me. My account is private, has less than 50 followers / follows, all friends.

Tuesday Morning (approximately 11am pst): I deleted certain tweets and statements, and asked anyone directly affiliated with higherrrrrrr to stop too, talk to Zan on the phone .

Tuesday Afternoon (approximately noon): I contact some of our external security and legal folks just to assess the situation and record what was happening.

Sometime Tuesday Afternoon (between noon and 3pm): There’s a ATO against one of my personal phone numbers that is private while I’m out with friends in the city. I’m still assessing how the number was used. The number isn’t listed as a 2fa on any key higherrrrrrr accounts, we use authenticators and security keys for everything critical. I’m still tracking down when this happened because I was with friends for the afternoon and using my phone a bit.

Tuesday (approximately 6pm pst): I work with my phone provider to regain access to my account, reset my security questions.

Wednesday morning (now): rolling any critical money-moving keys and passwords. And continuing to monitor and assess impact.

Because of the anonymity in crypto, it’s really hard to assume who is doing this, but generally given the timeline of events, these are my assumptions:

• Over the past few months, with our communications we’ve damaged some of the businesses of some market actors, who are not happy

• These are sophisticated folks, who have incentive to harass anyone on our team who is public and doxed (this is primarily me, because I’m the one putting my face on everything)

• They are willing to go to certain lengths, back handed threats to sue me, low effort hacking that can’t be tracked etc - stuff that isn’t fraudulent, but annoying (and sometimes scary because you don’t know who’s behind the account)

• If we escalate the comms against anyone doing these things who is anonymous (esp from my accounts), they will harass me and people on our team more (harassment lawsuits from random legal teams that do class actions over nothing etc) - this would just slow us down, given the activity on our platform up until this point, there is nothing worth suing over

The thing that’s funny about it, is that I was planning on taking a back seat as the public face anyway. At least to the whole public comms thing. I’m just an engineer and truthfully, I suck at public comms. I always say stuff either before I should or set too aggressive deadlines for myself because I think I’m actually that good of an engineer (most of the time I’m close lol, which is still pretty cool). Overall, I’m much better at just making jokes (which are sometimes quite edgy), having fun, and building stuff. The other thing I’ve realized is that I like working with people who I can actually meet in person, crypto has become so PvP that it’s really hard to tell who’s trustworthy.

My personal plan is just to be a little quieter (mostly on twitter) and focus on building. We’re going to launch the Solana platform on Friday (planned) and see how things go. Hoping this can just be a footnote in this journey and I can get back to doing what I love - building great software and joking with my friends.