Victor Deleau

@elonmusk youtube.com/watch?v=lB8F85…

Orbital March of the Ten Thousand

people going crazy about the EF mandate and CROPS don't understand that this is completely orthogonal to other areas of improvement — there are NO tradeoffs

@safetyth1rd @VitalikButerin The Ethereum Foundation was never supposed to be decentralized and DAO-like. It is here to defend a certain idea of Ethereum: Vitalik's vision, aka the original vision

I used to really believe that Ethereum foundation is decentralized , DAO like and meritocratic But everything I hear about EF is the opposite EF is basically @VitalikButerin s thing , you’re on board or you’re not. That being said the EF does fund and support other orgs like @Etherealize_io which seem to be more independent And Ethereum development itself seems decentralized But the EF isn’t a decentralized DAO as much as a traditional foundation led by V, so the CROPS mandate signing is tbh not that surprising, just making implicit in grouping more explicit

time to build @Bulkman3D

@exk200 onchain access controls should be standardized, follow best practices, and be monitored in real-time there is no technical blocker to this

A lot of things went wrong after the Resolv exploit that exacerbated the impact But the root cause, which came down to key mgmt opsec, is hard to DD as a curator, and p much impossible as a retail user. This type of tail risk can exist for bridges, exchanges, even chains

@ResolvLabs looks like you assigned the (uncapped) minting role to an offchain EOA

We are currently investigating a security incident involving unauthorized minting of USR. At this stage: The collateral pool remains fully intact. No underlying assets have been lost. The issue appears isolated to USR issuance mechanics. Our immediate priority is to: 1) Contain the incident 2) Assess impact 3) Ensure legitimate users are not affected We are actively investigating and will share more updates shortly.

@zacodil btw regular smart contract audits do not necessarily catch this, as role assignation is configuration, not code

@zacodil And that's why comprehensive, independent protocol review is necessary. This role should have been assigned to a multisig with a timelock

The Resolv USR exploit wasn't a bug - it was a feature working exactly as designed. And that's the problem. How USR minting works: you deposit USDC, then an off-chain service with a privileged key decides how much USR to mint for you. The contract checks the minimum but has no maximum. No cap. No ratio to collateral. Whatever the key holder says - gets minted. You could deposit $1 and mint billions. This design was live since day one. It wasn't a code bug. The threat model was simply: "the key won't leak." It did. Attacker got the key. Deposited $200K across two txs, minted 80M unbacked USR. Dumped on DEXes, walked away with ~$23M in ETH. Single point of failure: one private key, no on-chain sanity checks. No max mint ratio, no multisig, no timelock. One compromised key = unlimited money printer. The contract worked perfectly. That's the scariest part.

@MidasRWA @chainlink @LlamaRisk @vlayer_xyz @canary_proto I had a great time working on this project, and am confident this type of infrastructure will make DeFi safer. For those interested in the technical details of the SAVE framework used by the Midas Attestation Engine, checkout this blog post -> ionlab.io/blog/save-fram…

We're introducing the Midas Attestation Engine, a smart contract framework that converts critical financial data into permanently anchored, onchain-verified checkpoints. Built with @Chainlink, @LlamaRisk, @vlayer_xyz , and @canary_proto. Explore how it works:

@AHomelyHouse It's a trap

A modest starter castle in France.

@sqfmi very cool, will you create water proof cases ?

Watchy Pip-Boy Technical Drawing

> sometimes you just need a change of perspective

@trent_vanepps i was there

to those who celebrate

At @ionlab_inc, we're bullish on privacy preserving tech. Here is our first technical deep dive on @UmbraCash, a stealth address protocol. Will explore the ZK world next 🕵️

@CappyTrades @VitalikButerin Between 1500$ and 3000+$ depending on your goal. RAM is very expensive right now, nvme drive will also eat your budget

@Exaparsec @VitalikButerin How much does it cost for good/optimal hardware?

We should be open to revisiting whole beacon/execution client separation thing. Running two daemons and getting them to talk to each other is far more difficult than running one daemon. Our goal is to make the self-sovereign way of using ethereum have good UX. In many cases that means running your own node. The current approach to running your own node adds needless complexity. Short-term, maybe we want some more standardized basic wrapper that lets you install dockers of any client and make them talk to each other easily? Also good that @ethnimbus unified node github.com/status-im/nimb… exists. Longer term, we should be open to revisiting the whole architecture once @leanethereum lean consensus is more mature.

@VitalikButerin Running a node is not hard, and it can be very reliable, but there is a high fixed cost to pay for the hardware, and most people/businesses prefer paying a small RPC monthly subscription fee. Sovereign Ethereum access is not a priority for most

I feel like at every level we've implicitly made this decision that running a node is this oh so scary devops task that it is ok to leave to professionals. IT IS NOT. We need to reverse this. Running your own Ethereum infrastructure should be the basic right of every individual and household. "The hardware requirement is high, therefore it's okay for the devops skill and time requirements to also be high" is not an excuse. Even people who can afford high-end hardware, dedicated staking boxes, etc often do not have a lot of free time. Nodes should be easy.

@Marczeller It was an honor working with you at LlamaRisk

A new chapter is starting today. Yet for Aave, nothing will change in the short term; there's a lot of inertia, and liquidity is sticky, so there's no reason to be concerned. We had quite a few good things in the pipeline, and we will deliver them during the transition period. You already know this, I'm too hungry to retire, so it's the end of a chapter but not of the journey.

@EricLarch Le problème n'est pas la restriction d'accès en fonction de l'âge, mais l'implémentation. Le système voulu révélera notre identité à un tiers privé : donc autant dire à l'état lui même. On comprend vite l'intérêt de la chose

Je suis opposé à la régulation des réseaux sociaux, qu'il s'agisse de la régulation de ce que l'on peut publier ou pas, ou de l'interdiction de l'accès aux mineurs de moins de 15 ans. J'entends le ravage potentiel des fake news, de l'IA et du doom scrolling sur le cerveau des plus jeunes (et des moins jeunes !), mais ce n'est pas à l'État de venir empiéter sur notre sphère privée. La seule réponse saine passe par la responsabilité individuelle, l'esprit critique et le rôle des parents. Oui aux initiatives menées par les plateformes elles-même pour apporter de la transparence sur leurs algorithmes, et mettre des ressources et outils à disposition pour aider à y voir plus clair. Non à l'État nounou qui vient substituer à nos devoirs de vigilance pour nous dire quoi faire, quoi dire et quoi penser. Toutes ces initiatives de contrôle ne pourront qu'évoluer vers un recul intellectuel du citoyen ainsi qu'un asservissement culturel et idéologique. Liberté et responsabilité.

As 2025 draws to a close, we want to express our deepest gratitude to our clients, partners, and fellow service providers building alongside us. From launching LlamaGuard NAV to expanding our team, we are forging a safer DeFi future. Read our full end-of-year statement below 👇 As we close the year, we’ve found ourselves returning to a simple idea that has grounded us throughout 2025: our work is fundamentally an act of service to the people who build, secure, and rely on open financial systems. DeFi is often described in terms of protocols, models, or code, but what inspires us most is the human network behind it: clients, partners, our fellow service providers, and the DeFi users who depend on the systems we help safeguard. This community constitutes a large extended family, and we are grateful to play our small part in supporting it. Thank you for trusting us, challenging us, collaborating with us, and sharing in our vision for a safer, more transparent, and more resilient on-chain world. Highlights this Year This year marked meaningful steps forward in our mission: Make DeFi win through transparent and rigorous risk management. 🔹 Onboarded as Risk Partner for Aave Horizon Horizon represents the frontier of TradFi–DeFi convergence, and we’re honored to serve as its risk partner. Our work spans onboarding asset issuers, implementing risk alerting systems, managing protocol parameters, and helping to ensure safe and competitive growth for the ecosystem’s leading institutional venue. 🔹 Launched LlamaGuard NAV on Aave Horizon We introduced LlamaGuard NAV, a next-generation risk-aware NAV oracle developed with our partners Chainlink Labs and Aave Labs. As DeFi applications scale into more complex data environments, real-time, transparent risk intelligence becomes core infrastructure — and we’re proud to contribute to that foundation. 🔹 Expanded Real-Time Transparency with PoR Systems Our independent PoR work with Ethena strengthened our conviction that the industry needs robust, credibly neutral, high-frequency reserves attestations. This year’s progress set the stage for a generalized, automation-ready PoR framework that can support a broad set of issuers and markets. Stay tuned for exciting updates on this topic. 🔹 Prepared Curve for LlamaLend V2 We supported Curve with research for safe debt ceilings, oracle configurations, and market parameterization for LlamaLend V2. We also developed new interest rate models for looping markets and built the risk foundations for PT markets — now progressing through audit. A Year of Collaboration We’re grateful to our core partners for the collaborations and your continued trust in us this year: @aave, @chainlink, @CurveFinance, @ethena 🎄 As a small nod of appreciation, our holiday card features ornaments representing teams we believe exemplified excellence this year. We’re grateful to be learning from and building with you. Every step forward this year was shaped by the teams who worked alongside us — developers, asset issuers, risk contributors, growth teams, and service providers. Whether we were designing collateral methodologies, refining PoR standards, or implementing new risk primitives, your insight and partnership consistently elevated the work. In a year defined by rapid innovation and increasing complexity, your partnership grounded us. It reinforced our belief that DeFi thrives when we operate as a true extended family: supporting one another, learning from one another, and working collectively to make the ecosystem safer and more resilient for everyone. Looking Ahead In 2025, we focused deeply on a small group of core protocol partners, investing in their systems and communities. That commitment remains unchanged. But the demand for reliable, real-time risk tooling continues to grow — and with it, our responsibility to support a larger share of the ecosystem. To meet this need, we’re expanding LlamaGuard automations, transforming our methodologies into scalable, on-chain risk infrastructure. Our roadmap includes: Risk-managed price feeds that strengthen oracle reliability and market integrity A generalized proof-of-reserves framework adaptable to diverse issuers and asset structures Automated implementations of risk methodologies, enabling continuous, verifiable oversight at protocol scale Delivering these systems requires close collaboration across the stack: working with Chainlink on foundational automation and oracle infrastructure; partnering with risk and growth teams to operationalize their methodologies; and supporting asset issuers in meeting the increasingly rigorous expectations of their clients. Our goal is straightforward: scale high-quality risk management to more protocols, more assets, and ultimately more users. By extending our reach without sacrificing depth, we plan to maximize the benefit to the millions of people who rely on DeFi every day. We’re Hiring The industry’s growing focus on responsible risk management has led to a significant expansion in demand for our work — and we’re scaling our team accordingly. In 2026, we’re hiring across: Quantitative Research Backend & Smart Contract Engineering Business Development Marketing & Communications If you’re energized by the challenge of building the risk infrastructure that will underpin the next decade of DeFi, we’d love to hear from you. Visit our careers page or reach out on Telegram. Final Thoughts As we enter the new year, we remain committed to: putting people at the center of our risk frameworks, building tools that empower protocols and users alike, strengthening the foundations of open, transparent finance, and serving this extended family with humility, rigor, and heart. Thank you for being part of our journey. Wishing you a warm and restful holiday season — from all of us at LlamaRisk. Here’s to a safe, collaborative, and inspired 2026. ❤️