EMir

I didn't spend countless sleepless nights last year learning from cyfrin updraft to quit now!

I recently turned 33, and every year I want to go back to 21-year-old Patrick with a list of lessons. If you're in your 20s, these are for you. Most lessons only land after an ass-whooping. And even then, you usually miss them the first time.

Do you remember when you joined X? I do! #MyXAnniversary 🥳🥳🥳

Don't mind the difference in handwriting, I'm slightly ambidextrous

Taking time out to study what you've learnt before is how you stay stay relevant in this field Did a refresher on Smart contract Material: Mastering Ethereum 2.0

I am currently building a yield farming protocol from scratch using the Diamond standard and chainlink CRE and the complexity is mind blowing

I really give it to the engineers who first built the complex DeFi protocols we use today, Lending pools, yield farms, swaps, bridges etc..., building them from scratch at a time when there was barely any reference to depend on is pure sorcery

A computer scientist who invented object-oriented programming and the modern graphical interface realized one terrifying truth: We are building rigid machines when we should be building biological systems. His name is Alan Kay. He pioneered OOP and the overlapping-window GUI we use today. He argued that we obsess over writing linear lists of instructions and completely ignore how complex systems scale in nature. Here are 4 operational frameworks he used to redefine how software is built:

sad state of the world rn with all the hacks. idk if hackers evolved their game with claude/gpt at this point, but a total of $700m+ have been stolen so far just in 2026. a small list: - Kelp DAO: $293M (largest of 2026, April 19) - Vercel breach (April 19): ShinyHunters selling data for $2M on BreachForums: source code, GitHub tokens, NPM tokens, API keys, 580 employee records, internal Linear + user management. crypto projects might be affected. - Drift Protocol (Solana): $285M (2nd largest Solana hack ever, DPRK linked, April 1) - Hyperbridge: $2.5M (revised from $237K, MMR proof bug, 1B fake DOT minted) - Grinex: $13.7M USDT - Flash loan BSC pool: $1.6M - CoW Swap: $1.2M (domain hijack, April 14) - Dango bridge: $410K (contract bug) - Silo Finance: $392K (oracle misconfig, April 3) - Resolv Labs $USR: $25M (AWS KMS, 80M infinite mint, contagion into Morpho / Euler / Fluid) - Sillytuna: $24M - some Kraken whale: $18M (social engineering) - Prisma Finance: $11M (borrowing bug, partial white hat return) - NFPrompt: $3M (compromised credentials) - YieldBlox (Stellar): $10M (oracle manipulation, $7.2M frozen) - IoTeX ioTube bridge: $8.8M (private key leak) - CrossCurve: $3M (contract bug) - FOOM Cash: $2.3M (crypto verification bug, $1.8m recovered) - Moonwell: $1.8M (malicious MIP-X43 proposal, Feb 15) - Trezor phishing victim (1 person): $284M - Step Finance (Solana): $30M - Truebit: $26.4M (integer overflow) - SwapNet: $13.3M (approval hygiene) - CrossCurve: $3M

I want boring and safe DeFi. Can we build a DeFi where you can park ETH in a protocol for 1.7% APR (considerably less than US treasuries yield) and go on vacation? Go somewhere without having to carry a laptop or a hardware wallet and check X to see if you need to take action.

i keep reading all of these messages/tweets etc. where people really think having "2 required DVNs" is better. what is wrong with all of you fucking morons? you fucking build trusted centralised clownshows and think adding an additional signer is the way to go, lmfaoooo, i enjoy watching the full retardedness of this space ngl. in fact, all what happens now is the result of our own fucking nonsense making. like i have zero fucking mercy.

We're competing with TradFi on a stage we'll never win, prioritizing security at the expense of a little user experience is okay imo

The issue lies in the willingness of protocols to relax on some of the core values that form the bedrock of our industry all in the name of wanting DeFi to be easier to use but we all forget that no user experience will ever beat users not losing their money

Geoff removed AntiHunter from his bio and deleted AntiHunter's holders group on Telegram just now. There is indeed 100% rug pull risk.

The .fi hijacks are similar to sim swaps. 1. Attacker impersonates you 2. Tells service provider to change something 3. gg

Somehow this kind of PoC is: 1. You get to be called a white hat. 2. It solves the duplication problem. 3. It guarantees payout. Is this the norm now? Somehow if you do this, it is a white hat act. We skip the platform middleman and go straight to exploit? Seems so wrong for me tbh

This is an insane masterclass move by Tether holy shit

To understand what "good teaching" looks like you must understand the common failure modes of education, such as when designing a course or writing a textbook. I've spent years making hard subjects (like zero knowledge proof cryptography) accessible to engineers. Here's what I've learned are the common antipatterns in education: 1. Difficulty Spikes Video games keep users hooked by ramping up the difficulty very carefully, or at least giving you a strong warning that the difficulty will increase rapidly. Difficulty is part of learning of course, but unexpected difficulty is demotivating. If the teacher doesn't have a good mental model of what the student will find easy or hard, then the learning material will have difficulty spikes. Consider the psychological impact behind this. If I tell you "tomorrow you will have a bad day because of XYZ reasons" then when you actually experience XYZ, it won't be as bad as if it caught you by surprise. Experienced professors will warn students "this homework is harder than normal" but the better solution is to break up the homework into more manageable pieces. 2. Dangling Facts When teaching a subject, a lot of educators fall into the antipattern of "we need to teach this theorem/algorithm/proof because every other textbook teaches it." This tends to create "dangling facts." Facts need to be connected to be memorable. Teaching a student information that will never be used later diverts precious energy from impactful facts they need to put effort into internalizing. Example: most number theory/cryptography courses teach the euclidean algorithm to compute multiplicative inverses. The ZK book treats it as a black box. Multiplicative inverses are intuitive even if you rely on a library to compute them for you. So we spare the reader the effort of understanding the euclidean algorithm and focus on just using multiplicative inverses. The gap can always be revisited later with no harm to later knowledge. 3. Unmotivated Facts Related to the above, if a teacher cannot reasonably answer "why are we learning this" then that teacher isn't good. Motivation is one of the biggest factors in student success. Therefore, the course must be designed around what the student finds motivating as opposed to just telling the student to "trust me, tough it out." Now, I need to make a distinction here. When teaching children, they may not have the wherewithal to understand why they need to remember word spelling or memorize multiplication tables. So my comment has more to do with adult learning. 4. Asking for Generalization Too Early A lot of math textbooks make this mistake. They show a theorem and ask the reader to prove it. Unless the proof is trivial, this is the wrong move. Rather, they should test that the student actually understood the theorem and some first-order implications of it. 5. Underweight visual modality Now that frontier LLMs make creating visual diagrams/animations cheap, there's no excuse to not lead with visuals where possible. A good visual should not just be a sequence that says the same things text says. It needs to convey information in a way that words cannot do efficiently. 6. Bad prerequisite model If you spend time reminding readers how polynomial arithmetic works, but expect them to randomly recall some more advanced theorem from linear algebra, you have a bad prerequisite model which will cause a massive difficulty spike. Anyone who remembers the rank-nullity theorem or kernel-subspace duality probably remembers what roots of a polynomial are, but vice versa is not necessarily true. A good teacher cannot teach a student as a blank slate, but rather must have an update-able prior about what the student is already comfortable with and what they aren't. This model needs to actually reflect the actual distribution of real students.

Hyperbridge exploit story: >single audit, no bug bounty >rude to whitehats, publicly mocking their efforts >April Fool's - "Security Incident Report xD lolllz" >claims they're unhackable >gets hacked 2 weeks later - "Bridge update!" Always respect the whitehat efforts, always🙏

Knock knock Whose there? Your private keys in plaintext Your private keys in plaintext who? You private keys in plaintext are no longer yours

If you are intimidated by large codebases, the most likely problem is that you are approaching the codebase without a framework of prior expectations. Let's use a perp dex as an example. Instead of reading the code and hoping the code will tell you how it works, approach it with a prior expectation. Examples: 1 - "I know it placing a sell order should cause a state change somewhere. How do I place a sell order and what state change occurs?" 2 - "I know the pool must reduce fees for the LP if the LP doesn't balance the assets according to the target ratio. Where are those fees calculated and what state changes occur as a result of those calculations?" Part of being good at exploring large codebases is knowing which questions are good questions to ask. But this is not really a "creative" endeavor. Once you get the sense of which questions are productive, they tend to be reusable across codebases.