aaronov

4.1K posts

aaronov banner
aaronov

aaronov

@aaron0v

Former chief at Step Finance || Solana OG '21 || Exploring new paths

Solana Beigetreten Eylül 2012
574 Folgt1.6K Follower
Angehefteter Tweet
aaronov
aaronov@aaron0v·
Now that I've had time to process things - I want to share a post-mortem on the security incident that led to our treasury being drained - and ultimately what led to the decision to shutdown operations. - This was not a smart contract exploit - It was not a protocol or infrastructure failure It was a long term targeted phishing attack against our team. 🧵
aaronov@aaron0v

Planning to write a post-mortem/learnings on the recent events and the past 5 years working in this ecosystem. Stay tuned.

English
5
16
67
18.2K
Kristin Low
Kristin Low@kristinlow·
Time locks aren’t some magic bullet. If your threat model is focused on mechanism/market/program failure(reasonable!), then imagine sitting there waiting for 8/24 hours (or whatever) watching your project be drained of TVL because the very same time locks prevented intervention sooner. Then everyone would be here blasting any team that uses them. There is no one size fits all solution! It’s also easy to sit here in hindsight and design the “perfect” multisig setup, but complexity carries its own risks: people lose/compromise keys, they die or defect, never mind the challenge of co-ordinating all the regular treasury maintenance activities across X number of people in Y time zones. About all we can take from this is whole thing is that everyone’s trust assumptions are too numerous and generous, and our threat models are too naive. Things will improve, but there is also an irreducible risk here that people really need to come to terms with rather than fixating on whatever mechanism du jour they’ve just become an instant expert in.
English
2
0
4
207
valens
valens@suppvalen·
Series: Trying out privacy-first products Tried @fileverse's dDocs the other day and it's genuinely great. I created a full article there (that will be posted soon), very nice experience. It's efficient, the UI feels way better and smoother than Google Docs, and everything's end-to-end encrypted by default. Just works. We're in an era where privacy products are actually becoming simple to use. Try it (:
English
1
1
2
260
aaronov
aaronov@aaron0v·
fun fact due to kaminos guard rails and swift action working with me directly (on a weekend) we managed to claw back $1m during the step hack
Marius | Kamino@y2kappa

Follow up on this: 1. On a long enough time horizon (t → ∞), risk, which is expectation of future loss, materializes into actual loss. It's pure math. 2. Protocols or risk managers should work as hard as possible to minimise the factors that influence that function (opsec, bad oracles, parameters, smart contract bugs). But they cannot eliminate risk. 3. Protocols and risk managers should make that expectation explicit -> lenders are paid yield to take on risk. They should understand the payoff and risk they are taking and under no circumstance they should be misled that they are not taking risk.

English
1
0
13
1.1K
aaronov
aaronov@aaron0v·
Don't get me wrong. I like @KASTxyz, but if you're using it outside the US (or non USD payments) you're getting hit with pretty terrible FX fees (0.5-1.75%!) Wise is still the best for international travel spending.
jake.ip@Jaseke_

i've tried revolut. i've tried wise. i've tried crypto com. i've tried N26. i've tried paypal. and then i tried @KASTxyz and realized all of them were just... fine. KAST isn't fine. KAST is the thing that makes you wonder why you tolerated "fine" for so long. Just a big thank you to @KASTxyz and the team 🫶🏻

English
9
0
21
3.5K
aaronov
aaronov@aaron0v·
I wish the @DriftProtocol team the best of luck. It's only day 2 for them. It's been 1 month since Step was rinsed and I'm still dealing with the fallout. I can 100% say I understand what they're dealing with and it's going to take time to untangle and come to terms with the reality of it all. "Rollercoaster" might best describe the next couple months.
English
4
0
55
3.7K
aaronov
aaronov@aaron0v·
@justinknox__ Whats missing from the already saturated list of terminals that exist?
English
0
0
1
48
knox
knox@justinknox__·
the solana trading terminal gap is wild we have the fastest chain, cheapest fees, most active users. and the best way to trade on it is still... ? where is the onchain terminal that feels like hype/binance/coinbase pro but for Solana DeFi?
English
54
4
126
13.5K
aaronov
aaronov@aaron0v·
@KASTxyz Always be building 🤝 Airport lounge access with @prioritypasscom or something would be a solid addition
English
1
0
3
112
KAST
KAST@KASTxyz·
@aaron0v Thanks for your feedback/support @aaron0v Wise had a 10+ year head start, and we're quickly providing a better offering powered by stablecoins. More to come 🫡 x.com/katekimmyy/sta…
Kate 🌺@katekimmyy

🚨Transferring via KAST is cheaper than Wise?🤯 - In the world of expats, you have accounts in multiple countries & platforms (USD, AED, USDC, USDT, HKD, EUR), and looking for the solution that fits all can be overwhelming... - Fees are important - Speed is important - Reliance is important - 'No limits' is important - Variety is important The answer is @KASTxyz . All in one place. 💡Transparent Fees: concierge.kast.xyz/hc/en-us/artic…

English
1
0
15
1.7K
aaronov
aaronov@aaron0v·
@FabianoSolana Nice work! We had something similar to this on Step a long time ago. Back when it was much harder to get info and AI couldn’t assist haha. Much glass chewing.
English
0
0
3
171
fabiano.sol
fabiano.sol@FabianoSolana·
If I want to maintain the page (needs daily manual checks) - I need at least 1–2 people who would love to help me with this little project (paid positions) Bonus if you have some coding knowledge (next to DeFi) - I'm also looking for sponsors Feel free to comment below
fabiano.sol tweet media
fabiano.sol@FabianoSolana

I’m tired of losing money So I locked in the past two days and built a website that tracks almost every stablecoin yield on Solana - Risk (audits, multisigs, liquidation risk) - APY (and where the yield comes from) - Airdrops 🔗 solana-yields-two.vercel.app

English
62
2
118
9.7K
aaronov
aaronov@aaron0v·
@toly Right - but humans are lazy. What will be alerting the humans of a rogue transaction? Timelock is great only if people pay attention and can act in time.
English
0
0
0
47
aaronov
aaronov@aaron0v·
@Jaseke_ @KASTxyz @marginfi In my experience the best option is having options. Use each to their advantage and don't be fully married to one protocol, bank, card, etc.
English
1
0
0
66
jake.ip
jake.ip@Jaseke_·
Haha yeah, the points terms are just the usual legal stuff pretty much every rewards program has that, but in practice, they’ve actually been delivering real value for me so far. As for the tiers yeah, Premium/Luxe aren’t for everyone, I get that. I’m not about to drop $10k just for extra points (I mean… if I had the chance, maybe). But even at the lower tiers, the yield on stables plus the whole crypto-native spending experience fits my lifestyle way better than Wise
English
2
0
2
42
aaronov
aaronov@aaron0v·
@NoahShadows @DriftProtocol No, but they still need to be held accountable for having such poor opsec. If this were a bank, people would be screaming at why the bank allowed such a security breach to occur. Users/customers have a right to be angry.
English
1
0
1
62
aaronov
aaronov@aaron0v·
@Jaseke_ @KASTxyz @marginfi Also Premium and Lux tiers? Who is going to pay $1000 or $10,000 for a card just to get a few more % on point earnings? Not worth it. Most credit cards with an annual fee of under $1k give you airport lounge access at least. KAST needs to add *real* perks.
English
1
0
3
102
aaronov
aaronov@aaron0v·
The problem here is you're living on the hopes that points will be worth something... at some "point" (bit like @marginfi lol). Their own terms and conditions even state they could rug the points: kast.xyz/rewards/reward… Agree though on being able to earn a yield. Wise has this but requires extra tax info for less yield, not ideal. If KAST can fix the FX fees (@Decaf_so has none btw) then they become much more top tier for travel choice.
English
2
2
4
463
Metasal
Metasal@metasal·
Can’t believe I have to say this butt… Do NOT clone or fork random peoples repo on the internet AND Just run it / ask Claude to run it JUST DONT Don’t be that guy
Metasal tweet media
English
3
0
8
500
aaronov
aaronov@aaron0v·
Reminder: just insult the “supreme leader” randomly before any call or new chat. > job recruiter? Ask them if Kim likes dudes > long time friend? Randomly shout “Kim is ghhaaaaaaay”
GIF
aaronov@aaron0v

I just had Sam's compromised account contact me. Luckily I knew the account was compromised, so I told them Kim Jong Un was gay. They immediately wiped the chat and disappeared. Keep your wits about you! There are large scale complex phishing attacks aimed at the crypto industry.

English
0
0
5
265

Entdecken

@kristinlow @suppvalen @fileverse @jorge_rl02 @KASTxyz @fusewallet @altitude @0xbraunguy