🧢

Pico Prism 2.0 is live 🔥 Real-time Ethereum proving on the 60M gas mainnet blocks Ethereum runs today. 🧵

Are algebraic hash functions screwed?

Our first speaker of the day at zkSummit14 was @GiacomoFenzi sharing with us ZOOK: Zero-Knowledge IOPPs for Constrained Interleaved Codes

🇰🇵 DPRK loves it when you: - Save your seed phrase in a password manager. - Use hot wallets instead of hardware wallets. - Don't use antivirus, EDR or Lockdown mode in your devices. - Download pirated stuff, install shady apps and play games in your work device. - Accept calls from people without verifying them first. - Use SMS for 2FA. - Sync your passwords, google authenticator and passkeys to your Gmail account - Install lots of browser extensions - Don't update your Operating system and apps. - Repeat passwords. - Don't use a device exclusively for work - Don't verify what you are signing - Run npm install on a "coding challenge" from a recruiter you met on LinkedIn. - Blindly add npm/PyPI packages without checking the publisher, download counts, or recent version history. - Pin your dependencies to "latest" and hope for the best. - Trust any GitHub repo with a slick README and a few stars. - Reuse the same email for crypto, banking, and signing up to random newsletters. - Click "Remind me later" on security updates for weeks. - Disable Windows Defender because it "slows things down." - Plug in random USB drives you found at conferences. - Give every app full disk access without reading the prompt. - Brag about your portfolio size on Twitter under your real name. - Share your screen on Zoom with your main user logged in - Connect your wallet to every airdrop site that promises free tokens. - Approve unlimited token spending so you "don't have to do it again." - Keep your recovery codes in a screenshot in your camera roll. - Trust a Telegram admin who DMs you first. - Run unsigned binaries because "the SHA matches the website. Let's grow up as an industry and start treating security seriously. STAY SAFE

> be binance > own 248k $BTC ($19.5B) in a single address > it's the #1 richest btc wallet on earth > also own 145k $BTC ($11.4B) in another address > it's the #2 richest btc wallet on earth > ~2% of all bitcoin supply in just 2 wallets > have the balls to keep $20B on a single address instead of spreading it. don't talk to me about quantum attacks as long as binance keeps doing this.

Full library: github.com/shrec/Ultrafas… CAAS spec: docs/AUDIT_STANDARD.md If you're building security-critical systems and can't afford $100K PDFs — fork this. The audit infrastructure comes with it. Don't trust. Verify. 🟠

New: I'm sharing the @trailofbits Claude Code defaults. This is how we setup, configure, and use claude code: github.com/trailofbits/cl…

LongCat-Flash-Prover 🐱 A 560B MoE from @Meituan_LongCat just dropped on @huggingface huggingface.co/meituan-longca… ✨ MIT license ✨ Native Formal Reasoning: Auto-formalize, sketch & verify proofs live in Lean4 ✨ 97.1% pass rate on MiniF2F-Test & 70.8% ProverBench

26 LLM routers are secretly injecting malicious tool calls and stealing creds. One drained our client $500k wallet. We also managed to poison routers to forward traffic to us. Within several hours, we can directly take over ~400 hosts. Check our paper: arxiv.org/abs/2604.08407

Coming soon: nextgen onboarding of agents to paid web services using stablecoins. h/t @_jxom.

RELEASING RETH 2.0! Reth is now faster, smaller, and ready for the future of crypto infrastructure. Gigagas per second has not just been achieved, it's been blown out of the water. We've put in a ton of work in this, and we're incredibly proud to be sharing this with everyone.

MathCode v0.0.3 — Lean proofs as an Obsidian knowledge graph. The agent reads the vault, searches Mathlib via LSP, writes proofs, compiles, retries autonomously. Multi-planner runs parallel strategies. Every lemma feeds back into the graph. github.com/math-ai-org/ma…

Anthropic claims they won't launch Mythos because it exposes bugs in software, making it too dangerous. I'm the creator of a new language named Bend (19k stars on GitHub). Its version 2 is coming next month, including a 10x faster CPU and GPU runtime, compilers to 5 different languages, a massive stdlib, and, most importantly, a *complete proof checker*. That makes it the first general language that can prove the correctness of its own programs, so, conveniently enough, it could be the way out of this very mess Anthropic is worried about. Sadly, Bend2 is now reaching 100k lines of code, making it increasingly hard for us to audit and verify it all. Proof checkers are particularly security-sensitive, because a single bug can lead to false theorems being accepted, undermining the entire trust model of the system. Even Lean, Coq and Agda had bugs in the past. We just finished Bend's initial consistency checker. Having Myhos audit our implementation would greatly improve Bend's security. In turn, a secure Bend could greatly improve the security of all other software, providing a solution the very problem that prevents Mythos from being released. I hope this message reaches someone from Anthropic, and they kindly consider letting Bend2 be part of Glasswing!

I don't have trust issues, you have trust issues

Introducing Generative TUI Ask anything - get polished dashboards with real data, rendered live in your terminal. 27 components. Streaming. json-render + Ink. npx skills add vercel-labs/json-render --skill ink

I may or may not be in these pics x.com/yearnfi/status…

it's a remarkable milestone for anyone working on compilers and smart contract security: Vyper is set to become the _first_ formally verified smart contract compiler, effectively allowing you to mathematically prove that the entire compilation pipeline preserves the contract logic _and_ to prove that the contract logic itself is correct. Oh, and the cool thing is, my snekmate math functions have been formally verified :D. 🐍💙

API pricing will look a lot more like ad auctions in an agent-first future. Instead of fixed pricing with tiers, APIs will sell a number of calls per unit of time, agents will bid. It will look like HFT but for agents paying for getting API calls fulfilled faster.

This is wild. Google Research demonstrates a ~20x more efficient implementation of Shor's algorithm that could break ECDSA keys within minutes with ~500K physical qubits. Google is now are more confident on a 2029 post-quantum transition. We are no longer looking at mid 2030s, we could have quantum computers of this scale by the end of the decade. They believe this result is so severe that they are not publishing the actual circuits. They instead published a ZKP proving that they know of the quantum circuit with these properties. This is very atypical, showing Google thinks this is serious shit. All blockchains need a transition plan ASAP. Post-quantum is no longer a drill.