Alexander

Here’s what I’m doing and why. AI agents are about to manage real money on-chain. Coinbase, Privy, and Crossmint are shipping agent wallets, but almost nobody is building the safety layer between the AI and the transaction: no kill switches, no spend limits, and no way to stop a hallucinating LLM from draining a wallet. I’m building that layer at @Forgunis. I don’t have all the answers yet, but I’m studying every exploit, every vulnerability, and every failure in this space and sharing what I find. If this matters to you, follow along. If I’m wrong about something, call me out.

@cryptorover Everyone’s reading this as bearish, but whales closing longs before May 14 could just as easily be “we made our money on the move up, we’ll re-enter after the vote.” Position reduction ahead of a binary event isn’t a directional call, it’s risk management.

BITFINEX WHALES ARE CLOSING $ETH LONG POSITIONS! Smart money bets on more downside.

5/5 Takeaway: When AI agents rely on external context protocols for execution, a single compromised feed can turn them into autonomous attackers. Context verification and circuit breakers aren’t nice-to-haves they’re the difference between a trading agent and a $40M exploit vector. What’s your biggest concern with MCP-style context poisoning right now? Drop it below. ⬇️ More daily. 🔔

4/5 3. What would have prevented it: • Independent verification of all incoming MCP context before execution. • Runtime anomaly detection that flags unusual transfer patterns or context deviations. • Hard max-drawdown circuit breakers that pause the agent on volume spikes. • Sandboxed execution with strict spend limits and human-in-the-loop approval for anything above a defined threshold. • Cryptographic signing of context sources so the agent can reject unsigned or tampered input.

1/5 $40M was drained from Step Finance via an MCP server compromise, one of the clearest examples yet of how Model Context Protocol poisoning turns an AI agent into an attacker’s puppet. This wasn’t a smart-contract bug. It was context injection at the agent layer. Timeline, root cause, and what actually would have stopped it. 🧵

@cryptorover The moment a vote gets a date and a time, it stops being speculation and becomes a tradable event. May 14 at 10:30 a.m. EST, smart money is already positioning. The question is which way they think it goes.

BREAKING: 🇺🇸 Senate Banking Committee schedules crypto Clarity Act vote to May 14 at 10:30 AM EST. Here we go 🚀

@cryptorover Think about what happened this week alone. The SEC chair says crypto’s time has come. Clarity Act vote scheduled. BlackRock, JPMorgan, Morgan Stanley all hiring. Japan moving bonds on-chain. At some point, the accumulation of signals stops being noise and becomes the story.

🇺🇸 SEC Chair Paul Atkins says "crypto's time has come.''

@cryptorover A yes next Thursday means every product stuck in legal review gets a green light. A no means builders go back to operating in legal grey zones or leave the US entirely. This isn’t just regulation; it’s a fork in the road for where the industry builds next.

🇺🇸 THE OFFICIAL CLARITY ACT VOTE IS SET FOR NEXT THURSDAY. GET READY!

@Timur_Yessenov Runtime credential layer is exactly where the Drift Protocol attack lived too. Clean code, compromised layer below it. Your checklist is basically the post-mortem from that hack written as a prevention guide.

@AlexxTowers Exactly. The failure mode is moving below the model into the runtime credential layer. For coding agents, I want short-lived scoped tokens, allowlisted workspaces, signed tool results, and a hard stop before anything touches prod.

1/5 AI coding agents (Claude Code, Copilot, Codex) hit by a credential-stealing wave. April/May 2026 disclosures show six exploits in nine months, all targeting runtime credentials. No model output manipulation. Just direct access to OAuth tokens, PATs, and npm keys. Timeline, root cause, and the pattern this creates for autonomous agents. 🧵

5/5 Takeaway: Runtime credentials in AI agents are the new single point of failure. When agents inherit production keys for autonomous execution, one crafted input can bypass every filter and reach live systems in seconds. Verification and circuit breakers at the credential layer are now the baseline for safe agent operation. What’s your biggest concern with credential risk in agents right now? Drop it below. ⬇️ More daily. 🔔

4/5 3. What could’ve prevented it: • Independent external credential vaults with just-in-time, signed access tokens. • Runtime anomaly detection on unusual command patterns or credential usage. • Hard circuit breakers before any production authentication. • Sandboxed execution with strict scope limits and human-in-the-loop for high-privilege actions. • Cryptographic signing of all tool-call responses to tie them back to model output.

@Cointelegraph Think about what this actually unlocks: AI agents that can buy their own compute, pay for their own data, and hire other agents. AWS just made autonomous economic actors a standard feature, not a research project. What gets built on top of this is the real story.

🚨 HUGE: AWS just launched AI agent payments with Coinbase and Stripe, allowing agents to autonomously buy data, APIs, content, and services using stablecoins.

@WatcherGuru Japan is tokenizing bonds, BlackRock is hiring crypto teams, and now Robinhood’s CEO is framing the Clarity Act as a national dominance play. Three separate stories today that are actually one story about who controls the infrastructure of money.

JUST IN: 🇺🇸 Robinhood CEO Vlad Tenev says US is very close to passing the Crypto Clarity Act "to ensure American dominance in digital finance."

@Cointelegraph Bond markets that never close mean price discovery that never stops. Japan just changed the rules for sovereign debt, and most people haven’t clocked what that actually means yet.

🇯🇵 ADOPTION: Japan is moving government bonds on-chain with 24/7 trading and stablecoin settlement coming as early as this year.

@WatcherGuru Job openings from BlackRock, JPMorgan, and Morgan Stanley aren’t a reaction to crypto growing; they’re a bet on where it’s going. Institutions don’t hire ahead of a trend they don’t believe in. This is forward-looking capital allocation disguised as an HR announcement.

JUST IN: BlackRock, JPMorgan and Morgan Stanley open dozens of new crypto job positions.

@elliotrades The scariest part is we all know exactly who the terminally online gambloors are and half of us are them.

Welp if they lock shit down again Crypto will finally get it's Alt Szn off helicopter money and terminally online gambloors Fucked up but true