David Mc

New post mortem confirms what we already knew: @LayerZero_Labs' centralized infrastructure was infiltrated by North Korean hackers, which resulted in the $292 million rsETH bridge exploit Turns out this required only a single engineer to be socially engineered, whose laptop was fully compromised for over 6 weeks without detection before exploit was executed, an insane single point of failure and lack of adequate monitoring This only builds on LZ Labs' extensive history of poor opsec, including trading memecoins like "McPepes" on production multisig keys, which weren't rotated for years and Bryan lied about and said was just "PEPE OFT testing" (3 keys on a 2-of-5 LZ Labs multisig were at risk of phishing attacks for years) And nevermind the fact I called out the EXACT centralization risk that resulted in the rsETH exploit 2 years ago, directly to Bryan, who lied and said no project was using LZ Labs DVN in 1-1 config (in reality, multiple projects were) Given it's now abundantly clear to anyone paying attention that LZ Labs' poor opsec was the root cause vulnerability in this situation, but its not clear to me why exactly LZ Labs is not footing the entire bill of the exploit given it was their infra that was compromised, which was used in a config they actively supported and monetized for years Furthermore, LayerZero's extensive roster of VC backers have been awfully quiet during this whole incident, not contributing a single dime to the rsETH recovery fund, despite funneling more than $300 million in funding into the infra that was compromised, including a raise just a few months prior I don't want to belabor the same points again, but I am so fucking tired of pointing out the risks of centralized, insecure VC-slop infra only to watch it inevitably get hacked and destroy DeFi’s reputation in the process This entire situation could’ve been avoided if people had just listened to the warnings that I and many independent security researchers have shared over the years about LayerZero We, as an industry, can do much better, I'm glad to see high quality teams migrate to secure-by-default infra

Most lending actions contain a swap. Borrow this, swap it for that, supply as collateral. Or sell collateral to repay debt. That swap leg matters. Bad execution changes the outcome. With this integration, the swap runs through CoW Protocol - solvers compete to find a better execution, @eulerfinance updates your position automatically.

Great to be working with @eulerfinance again, very cool multiply feature here for the yield maximizers!

@EidJohann @krakenfx 🔥

Incredibly excited to be working with @krakenfx on securing their kAssets cross-chain expansion with CCIP. Kraken has always been a pioneer for the space and I'm excited about the many things yet to come with this collaboration 🤝 DeFi will win!

Excited to see our BD Lead @3_DavidMc joining the judging panel for @superteamIE’s Dublin Demo Day alongside an incredible lineup from across the ecosystem! 💪

The quiet shift.

Meet the judges. Dublin's Demo Day. Deirdre Halligan - Non-Exec Director @krakenfx Johanna Moran - Strategy Lead at @libp2p, prev. Head of Ecosystem @VennBuild @3_DavidMc - Biz Lead @CoWSwap @PeteTownsendNV - GP @NorioVentures and Podcaster @MNSShow Register below.

Our protocol wasn't hacked. But our users were hurt. That's enough for us. CoW DAO is making affected users whole after the April 14 DNS hijack. Here's how. 🧵

"Hello, I'd like to report an explosion."

Lmaooooooo $LINK marines absolutely cooked LayerZero on this one $ZERO

@KelpDAO @chainlink

After the recent LayerZero exploit, we are taking steps to ensure rsETH is fully secure, which is why we are migrating to @chainlink CCIP. From the April 18 incident, it is clear that LayerZero's own infrastructure was exploited, resulting in $300M in losses across DeFi. Independent reports from SEAL 911, Chainalysis, and other major leading security researchers all point to the same origin. There are questions that the ecosystem deserves answers to. And we are ensuring rsETH is secured by infrastructure that doesn't leave these questions open. That’s why we’re setting the record straight.

Swaps on the DungeonClaw just got Smarter🧠 @DungeonClaw is now powered by @CoWSwap for all your in-game trading needs. 🔥 Smart Swap: Automatic best-price routing. 🔥 Zero-Gas Failed Trades: Never pay for a swap that didn't go through. 🔥 Bot-Proof: Built-in MEV protection. Swap your loot with confidence.

Intents just got a major upgrade. 🐮🧵 Introducing Atomic Bundles – a reusable smart contract template that lets developers bundle complex DeFi actions atomically. Looping. Repay-with-collateral. Flashloan strategies. And more. All atomic. All intent-based.

If I’m not in this castle there’ll be murderrr

@alexroan Don't remember anything this bad - AI hacks might have more in store too 🫠

My feed rn: - rsETH depeg, LayerZero 1/1 multisig. AAVE bad debt. - Vercel hacked. Blast radius potentially world ending - eth limo DNS shenanigans - Drift hack, like a week ago, from North Korean in-person social engineering - French wrench attacks at a all time high - Ledger wallets replaced in transit Vibes...? not great 🫥

We’ll continue monitoring as Vercel’s investigation progresses. We have no indication CoW Swap was among the impacted customers. However, we still completed all recommended remediation steps: ✅ Rotated all tokens ✅ Audited deployments -> no malicious code ✅ Reviewed activity logs -> no suspicious access CoW Swap is safe to use.

🚨 BREAKING: Vercel has been breached. A threat actor has listed their customers' data, source code, databases, and keys up for sale. Vercel has also publicly disclosed they've identified a security incident involving unauthorized access to their internal systems.