Morph🧬

I’m so fucking proud of this team. They took an extraordinarily difficult technical swing with wafer-scale and connected on the first try. Then they spent years grinding through packaging, cooling, compilers, frameworks, early customers, and everything else required to turn a technical breakthrough into a real company — swinging and missing and learning and trying again. Most importantly, they stayed clear-eyed about what they had (a technical marvel) and what they didn’t (enough advantage in training), saw the opportunity emerging in inference, and adapted. That kind of persistence — not to be confused with stubbornness — is incredibly hard to describe, but absolutely essential in the unstable substrate of AI. The requirements of AI today will not be the requirements of AI tomorrow. But this team will keep figuring it out. And I’m here for it.

excuse me, but how is cumrag called rekt news related to securing ethereum? it's long been replaced with an llm that writes snarky "wow hacked again" articles.

@DadeKuma @ScrewCopper @bytes032 @0x3b33 Conditional pots existed first on C4 before cantina even launched 💀

@ScrewCopper @bytes032 @0x3b33 They introduced conditional pots, which significantly reduced profitability for both platforms and auditors

Contests are dead, cantina killed them

Great work by the @Ripple team on responding quickly to our disclosure, alerting the validators who promptly voted down the upgrade that was scheduled to go live on March 5. Our autonomous bug hunter Apex found this critical bug. Had this been exploited, it would have been the largest security hack by dollar value in the world, with nearly $80B at direct risk.

2026 accelerates the digital economy beyond the standards used to evaluate it. Institutions need a way to evaluate DeFi risk. Teams need a path to institutional adoption. Web3SOC is the institutional due diligence framework, built on a consistent, evidence based methodology.

@hrkrshnn Sounds insane but I was there to witness it

Our autonomous bug hunter has already saved 11 figures' worth of funds at risk.

The AI security tool we’re building surfaced a high-severity vulnerability in Cosmos’ bug bounty, confirmed on HackerOne. We’re designing it for signal > noise so organizations can prioritize real risk. The waitlist is now open.

factorio is unironically the perfect tutorial for agentic coding systems btw.

I’m starting to think there’s one or more entities out there that have developed strategies with AI assistance to find & exploit old protocols. The bar to build, sample, test, exploit strategies has never been lower. Protocol age used to be a sign of security but in this specific period of time I think old protocols with lots of dead money are probably getting targeted now that capabilities have improved. My prediction is that the next 2-5 years are going to be extremely painful for DeFi as builders try to figure out how to navigate the new environment. Highly complex protocols will be locked down with so much control that they are indistinguishable from centralized incumbents. Permissionless systems will need to be designed in ways that can be formally verified. I feel like we are all frogs in a pot rn. The water is starting to boil but none of us seem to recognize the temperature change. People are acting like the security environment is the same as it was this time last year. Newsflash: it’s not. It’s not even close to what it was 3 weeks ago. The rate at which AI tooling is improving should really make us all stop think about the implications of what that means in attacker’s hands. I’m not talking about someone prompting “find me a hack” or some bs. I’m talking about already sophisticated and highly intelligent people or groups having access a toolset that can 100x their ability to construct and test possible exploit paths, quickly scaffold infrastructure for identifying potential vulnerabilities, etc.

They already did.

In the Book of Ethereum, 2025 will be remembered as the year the protocol learned to fortify itself while scaling to meet the world. Cantina's piece captures it well: two great movements - Pectra and Fusaka - advancing Ethereum’l's account design, validator operations, data handling, and cryptographic foundations… all while pairing those changes with rigorous, open security work. This is what real infrastructure looks like: decentralized, upgraded in the open, stress-tested across clients, and strengthened by hundreds of independent researchers. A network doesn't become global money, global settlement, and global coordination by accident. It becomes so through the kind of engineering, humility, and discipline described here. Ethereum's scaling roadmap is not only advancing - it is maturing. And for those building on it, the message is simple: 📖 The foundation grows stronger beneath your feet.

In Web3, every second counts. @Hypernativelabs alerts teams to the threat. Cantina neutralizes it. Together, we’re redefining Managed Detection and Response (MDR) for organizations. Read more: cantina.review/8a7c62

@carlos__alegre @bytes032 @philbugcatcher @bsadiq_ Banger

@bytes032 @philbugcatcher @bsadiq_ U gotta find the clit. It is like a crit but with an L. Still havent found it btw if anyone knows please DM

> Baby says “papa” > I look at baby > Baby makes a funny face and laughs I swear there’s no better feeling

Really disturbing when I ask ChatGPT about an area I know well and it gives me a completely wrong answer Luckily this never happens with topics I don’t know well

@bronze_pickaxe @HackenProof Congrats man, one step closer to the crystal one 🔥

I guess my Pickaxe has been upgraded to Gold!🟡 Thanks @HackenProof ⛏️

Duck db also compromised! We are full war right now with exploiters attacking npm packages so they can supply chain attack them! Please, i urge everyone to take the following actions: Go to your npm projects and use pinned dependencies, e.g. if you use dep: “^1.0.0” change it to dep: “1.0.0” which means to remove the caret ^. This will pin your dependency on a trusted version, not allowing u to pull a malicious dependency. The attackers are using patch versions which easily gets pulled by npm because the caret ‘^’ is allowing that. So next time when u do a npm install and you removed the lock file, the malicious dependency gets pulled. Do not trust your lock files. If you read this and you don’t what i i wrote above, dm me!

RareWeek -- where lead auditors at tier-1 firms study.

@0xz80 @grok I knew it

hey @grok which two of my mutuals are most likely to be secretly in love with each other

@shamelesslymean @renyanng1 @W_Han_01 @MalaysiaBCW @SuperteamMY @shuenrui Yup

@renyanng1 @W_Han_01 @MalaysiaBCW @SuperteamMY @0xMorph @shuenrui you guys attending MYBW 2025?

🎉 GIVEAWAY! 🎉 We're giving away 5 @MalaysiaBCW tickers to lucky winners! 🎁 To enter: 1️⃣ Follow me, @SuperteamMY 2️⃣ Like & RT this post 3️⃣ Share your thoughts on how you think Malaysia's Solana ecosystem is evolving! Winners will be chosen after 24 hours! Don’t miss out! 🙌