Marcelo Ruiz de Olano | KPK

Risk automation infra that detected and recovered 100% funds with zero block delay.

Contributing 100 ETH to defiunited.world, personally DeFi is worth defending Hat tip to Stani and Aave for leading the initiative

More than 95% of stolen funds in crypto in the last two years started with social engineering and then infecting a device. All of them would have been avoided by just doing three basic and not expensive things: - Training your team in security awareness. Not the typical SOC2 recorded clip or phishing campaigns, but real in depth web3 threat trainings. -Have your team use an EDR, which stands for Endpoint Detection and Response. The most used ones are Crowdstrike, Sentinel One and Kandji. These are more advanced than an antivirus, as they do not look for specific files, but analize behaviors, so they will detect and stop most of malware and stealers. Training not to be social engineered. EDR in case they download something infected anyways. - Activate Lockdown mode in Apple devices: this will stop many zero-day exploit attacks. Lastly: use hardware wallets and do NOT store seed phrases in password managers (1 out of 5 does this). Stay safe.

Eventful week in DeFi, but @kpk_io Morpho vaults kept churning out yield 7D net APY: - ETH Yield: 17% - ETH Prime: 11.8% - USDC Yield: 9.6% - USDT Prime: 5.7% - USDC Prime: 4.6% - USDC Yield (Arb): 4.1% - EURC Yield: 3.7% Expecting some inflows from capital that withdrew 🫡

For those that don’t know, the EF runs scheduled treasury management every quarter to fund operations They don’t randomly pick days to sell, and they’re transparent about it I get the timing looks bad given how tense things are in DeFi right now. But the EF is consistent and doesn’t play games to manage optics

Just watched @griffgreen talk about @thedaofund. Here's what you need to know: - $150M fund at current ETH prices sourced from edge case DAO funds that were not easily claimable, now being staked - Not intended to pay for audits - Focus areas: Standards, L2 bridge security, Core protocol security, Wallet UX and key management, Infrastructure and monitoring, Threat detection and incident response, AI and agent security - Designed to operate both top down with EF's $1TN security team and bottom up with community input - DAO tooling teams can apply to run funding rounds, especially those that can coordinate large stakeholder groups - Curators who are Ethereum security experts select operators and define scope and budgets - First round is broadly scoped around Ethereum - Working with the EF Grants Management team on eligibility - Projects apply to be included in funding rounds, no direct grants - Final funding decisions are made by external stakeholders - ETHSecurity Badge holders can apply to help influence how funds are allocated - First round is over $1M on @Giveth and opens in 2 days - At minimum check out the projects to understand the Ethereum security landscape, but worth donating as well. Matching is strong and small contributions go far - Expect around 2 more rounds this year - Goal is to grow the security ecosystem - Again, they are not funding audits - Goal is to strengthen Ethereum security from all angles by funding public goods, so fewer things break in the first place and audits matter less

KPK curated vaults and the rsETH incident. On Friday 18 April, Kelp DAO's rsETH was exploited, impacting markets across multiple networks. KPK's curation and execution infrastructure responded immediately. • KPK ETH Prime was the only vault with direct rsETH exposure, capped at approximately 2.3% of vault TVL at the time of the incident. Exit agents activated immediately and withdrew liquidity as it became available. As of yesterday, the rsETH position has been fully exited. No user funds were lost and no bad debt was incurred. Deposits are re-enabled. • KPK ETH Prime and ETH Yield currently have limited withdrawable liquidity due to a Morpho-wide ETH liquidity crunch. Some depositors may temporarily be unable to exit. As a result of the same imbalance, both vaults are currently overweight on certain markets (ETH+ and savETH respectively) relative to documented allocation targets. The underlying protocols behind these markets have exited or minimised their Aave exposure. We do not anticipate long-term impact from this temporary overweight and will rebalance to target allocations as liquidity returns. • USDC Prime, USDC Yield, USDT Prime and EURC Yield are fully operational with no direct or indirect exposure to the incident. We will share further updates as the situation evolves.

Least privilege policy should ALWAYS be the default. If one person, even the CEO, can make too much harm to the organization, you have a problem.

Real impact is measured in opportunities created. In this testimonial, Liliya Valihun, Co-founder of Hebron IT Academy, shares what this support means for their students. At DeFi for Good Foundation, we support initiatives that turn potential into real opportunity.

The threat landscape has fundamentally shifted. Every company shipping needs to level up their Operational Security NOW. Axios, Resolv Labs, Drift Protocol, LayerZero + Kelp, Vercel, Lovable, CoW Swap, Zerion, Silo Finance: all compromised in the last few weeks. This is not a bad stretch. It's the new baseline. And it's going to get FAR worse before it gets better. No one is prepared for what's coming.

Statements from teams we will be seeing for the time being - will be 100% damage control legal wordsalad. It's understandable, but it doesn't make user lives better. Hopefully, the impacted teams come up with action plans behind closed doors asap (since they won't be doing it publicly), to make sure all their mutual users aren't getting impacted by contagion even further. The longer it takes, the more equity is eroded from users. The situation is obviously difficult, everyone will deflect blame, etc. - so lawyers are having a field day... We will all speak about higher security later, but let's not dance around the graves right now. What we need right now is some certainty and action plans, and I hope those come soon.

We're aware of the ongoing situation involving rsETH from Kelp DAO. KPK team is actively monitoring and coordinating response across products. We'll share an update as the situation develops.

This week's APY was >100%, but you wouldn't believe me. The past month, you could have consistently been earning ~30% APY by looping an AAA CLO from BNY and @Securitize DM or reply if you want in 👀 (NFA)

1/ Two new markets live on @Morpho, deployed and curated by KPK: • rETH/USDC — @Rocket_Pool's liquid staking token as collateral • tETH/WETH — @TreehouseFi's liquid staking token as collateral New borrowing venues for looping strategies, now onboarded into KPK vaults.

One week ago, we hosted Scaling DeFi Cannes. The room spoke for itself. 🇫🇷 Powered by @eulerfinance, @GearboxProtocol, @Anchorage and @redstone_defi. Episode coming soon via @0xResearch x @Blockworks.

1/ KPK USDT Prime vault is now live on @Morpho A curated USDT lending vault built for capital stability, with strict collateral requirements and robust liquidity depth.

Dedicated devices are somehow needed, but definitely not the top priority for a signer. Dedicated laptops for signers would not have prevented the Bybit hack, for example. I would go like this: - Proper seed generation and storage (in case it's stored, as some councils delete them depending on plicies) - Proper Hardware wallet setup, configuration, backups, etc. - Alternative frontends for signing UIs - Tools to simulate and verify transactions, understand call-data, etc (safe-tx, tenderly, etc) - Training on how to properly use these tools - Policies and procedures on how to create and operate multisigs based on value protected. - Communication channels, incident response plans, live drills, playbooks, tabletop exercises. - Dedicated devices: this is in my opinion the last one, if you don't have the rest, it's not so useful.

1/ Today, The Ethereum Foundation will convert 5000 ETH to stablecoins via @CoWSwap's TWAP feature as a part of our ongoing work to fund R&D, grants and donations.

Announcing KPK App One interface for curated Vaults and Funds, designed for risk-managed onchain yield.

Ethereum DEXes are underfunded. Deep liquidity provision for ETH pairs will make mainnet the top venue for ETH price execution. Once execution quality is there, volume moves from CEXes because aggregators route to best price regardless of venue. That shift is self-reinforcing. Deeper onchain markets for ETH are a requirement for large institutional players who need to liquidate positions without moving prices, and make ETH a better reserve asset. On top of that, the strategy is more profitable than ETH staking long term, fees beat inventory risk for holders who are permanently long.

Not sure many realize it, but we probably need to reprioritize building deep liquidity for spot trading ETH onchain on Ethereum Mainnet. I had no idea pool liquidity for swapping ETH with major ETH derivatives like wstETH and weETH had shrunk so much. I'm not sure if this is so striking because AMMs have become so much more capital efficient, meaning less TVL is necessary or if that much liquidity has simply exited to other parts of DeFi (ie Aave V3, staking, vaults). @kpk_io wrote up a post about this in Aug 2025 prior to the market topping in October, probably time to revisit this.

If you must watch only one panel from ethcc last week, it's this one