# Fact Briefing: 2025-03-26 ## Overall Summary ElizaOS community and team responded to a security incident involving Shaw’s X (Twitter) account posting fraudulent presale links, while development activity continued with UX, CLI, Discord, and security-related fixes. Ongoing discussions centered on auto.fun launchpad positioning/tokenomics, v2 migration friction, and plugin/integration troubleshooting. ## Key Facts - Shaw’s X (Twitter) account was compromised via a connected app and used to post fraudulent ElizaOS presale announcements. - Community members warned others not to click the fraudulent presale link and moderators/team confirmed the account hack. - Only ai16z and degenai were described as official tokens; the “Eliza token” was stated to be unaffiliated. - Holding 100,000 ai16z tokens was stated to qualify a user as an “ai16z partner,” with access to partner channels and potential airdrops (e.g., Hyperfy). - Auto.fun was described by team members as a token launchpad that is central to tokenomics and positioned as an alternative to pump.fun with anti-sniping/long-term incentives. - GitHub PR #4041 added a Discord option `shouldRespondOnlyToMentions`. - GitHub PR #4056 implemented salting of agent secrets based on the `SECRET_SALT` environment variable. - GitHub issues #4087 (Groq crash when retry should occur) and #4086 (duplicate tweets sent by Eliza) were flagged as needing attention in the daily GitHub summary. - A crypto market snapshot reported WBTC around $87.3K and ai16z around $0.20–$0.21. ## Open Questions - Any TLDR for the tokenomics? - When will we see auto.fun launch? - 4/1 degenai V2 open? - Is it possible to build an authentication plugin that verifies if a user is authenticated? - Has anybody tried using RAG knowledge with Eliza? If you modify or delete a file, does it get removed from memory? - What's the issue? - What rules would you find useful? ## Categories ### Twitter News Highlights - A post shared official Eliza ecosystem links, including the elizaOS website and $ai16z contract information. (Sentiment: neutral) - A tweet thread discussed that only v1 is currently supported for some plugin compatibility and that developers are building a tool to upgrade plugins to v2. (Sentiment: neutral) - A tweet exchange referenced deleting a connected app (context aligned with the connected-app compromise narrative). (Sentiment: neutral) ### GitHub Updates #### New Issues/PRs - [Issue #4087: Crash in Groq when it should retry](https://github.com/elizaos/eliza/issues/4087) - Status: open - Significance: Stability issue affecting Groq retry behavior. - [Issue #4086: Duplicate tweets being sent by Eliza](https://github.com/elizaos/eliza/issues/4086) - Status: open - Significance: Twitter integration reliability issue (duplicate posting). - [Pull_request #4080: feat: env settings gui](https://github.com/elizaos/eliza/pull/4080) - Status: merged - Significance: Adds UI route for managing environment variables. - [Pull_request #4077: feat: prevent message overlap](https://github.com/elizaos/eliza/pull/4077) - Status: merged - Significance: Improves chat UX by preventing overlapping sends during agent processing. - [Pull_request #4041: feat: Add shouldRespondOnlyToMentions option for discord](https://github.com/elizaos/eliza/pull/4041) - Status: merged - Significance: Adds Discord response-control option for mention-only mode. - [Pull_request #4056: feat: salt agent secrets](https://github.com/elizaos/eliza/pull/4056) - Status: merged - Significance: Security enhancement for secret handling via SECRET_SALT. #### Overall Focus - Development focus emphasized GUI environment settings, improved message handling, Discord community manager features, and stability fixes; urgent attention items included Groq retry crashes and duplicate tweets. ### Discord Updates - **#discussion:** Token legitimacy and partner benefits were clarified (official tokens: ai16z/degenai; partner threshold: 100k ai16z). A security incident involved Shaw’s hacked X account posting a fake presale link, and users coordinated warnings and moderation response. (Key Participants: HoneyBadger, Patt, King Salchi, jin, witch) - **#💻-coders:** Technical troubleshooting covered local model use via Ollama, plugin integrations (Telegram/Twitter/Farcaster/MCP/Venice), PostgreSQL adapter errors (levenshtein length), and v1 vs beta architecture differences; knowledge-base structure and persistence concerns were raised. (Key Participants: cryptoAYA, Etherdrake, chris.troutner, mtbc, Vladimir, Jox) - **#🥇-partners:** auto.fun was discussed as a launchpad central to tokenomics and positioned against pump.fun (anti-sniping/long-term fee incentives). Partnerships and launch marketing prep were discussed; the Shaw X hack was also flagged here along with plugin-registry security/bounty ideas. (Key Participants: shaw, ben, Lowes, Rick, DorianD, jin) - **#dao-organization:** Discussion focused on operational tooling: Telegram integration approaches, cross-platform message scraping/aggregation, and using GitHub as the source of truth for context and weekly summaries; Dagster and Beeper were discussed as candidate tools. (Key Participants: jin, yikesawjeez, Odilitime) - **#spartan_holders:** Users asked about timing for degenai v2, including whether it would open on 4/1. (Key Participants: honeychic) ### User Feedback - Requests for improved protections against social media account compromise following the Shaw X hack (operational security). (Sentiment: negative) - Users reported PostgreSQL adapter failures with “levenshtein argument exceeds maximum length” and sought a fix. (Sentiment: negative) - Requests to document differences between v1.0.0 and newer beta/v2 file structures and provide a Venice-on-1.0.0 guide. (Sentiment: neutral) - Suggestion to expand the plugin registry with ratings, comments/analysis, and monetization to support security/bug bounties. (Sentiment: neutral) - Branding concern that auto.fun dice imagery could imply gambling associations. (Sentiment: neutral) ### Strategic Insights #### Operational security as reputational attack surface The connected-app takeover of a prominent team X account created immediate scam propagation risk and drove community moderation load; hardening social account permissions and official-link communication practices is a recurrent need. *Implications/Questions:* - Should the team standardize social-account app-permission reviews and publish a canonical “official links” policy? - What escalation/incident runbook should be documented for future account-compromise events? #### V2 migration friction concentrates in plugins and documentation User troubleshooting concentrated on v1 vs beta/v2 differences, plugin compatibility gaps, and missing how-to documentation (e.g., Venice configuration), suggesting that migration tooling and docs are key to reducing support overhead. *Implications/Questions:* - What are the highest-friction migration points (CLI, plugin-sql, Discord/Twitter clients) that need prioritized guides or automated checks? ### Market Analysis - Auto.fun was positioned as an alternative to pump.fun, emphasizing mitigation of sniping and incentives aligned with long-term projects. (Relevance: Direct competitor positioning affects launch messaging, differentiation, and tokenomics narrative.) - A crypto market snapshot reported WBTC around $87.3K and ai16z around $0.20–$0.21. (Relevance: Provides contextual market baseline for community token discussions and partner threshold optics.) - A Princeton security paper and competitor messaging (Sentient) were discussed as raising concerns about agent/plugin security; the team discussed communicating plugin isolation risks more clearly and mentioned an Immunefi partnership. (Relevance: External narratives can shape adoption and require clear security posture, disclosure practices, and mitigation roadmap.)