ian c rogers

@Ledger @ParisBlockWeek @moonpay @shisa_ai If you're building agents that touch real value and need a security partner, come find us. Full post: ledger.com/blog-2026-ai-s… Bookmark this thread. RT the opener if you know someone who should read it: x.com/iancr/status/2…

Swap is crypto's purest expression of autonomy. Any asset, any time, 24/7, no permission needed. With the new Ledger Wallet 4.0 Swap Tab, we rebuilt this from the ground up. Here's how. 🧵

Speechless. Congrats @wemby. Becoming the first unanimous NBA Defensive Player of the Year isn’t just a win, it’s history in the making. @Ledger is proud to be part of the journey.

Two days ago, Kelp DAO suffered a $292 million exploit, the largest DeFi hack of 2026. The attack is elegant in its simplicity, terrifying in its implications, and a case study in how a single misconfiguration can cascade through the entire DeFi stack. ▶ The Setup Kelp is a liquid restaking protocol. It creates rsETH -- a liquid token representing ETH restaked on EigenLayer. DeFi being DeFi, users want these tokens available across multiple chains. So Kelp uses LayerZero, a cross-chain messaging protocol, to bridge rsETH between networks. The core idea behind any cross-chain bridge is straightforward: - A user locks (or burns) tokens on Chain A - An oracle observes and verifies that transaction - The bridge mints an equivalent amount of tokens on Chain B LayerZero's oracle mechanism is its Decentralized Verifier Network (DVN), a set of independent verifiers that must agree a cross-chain message is legitimate before it is executed. The critical word here is "independent." And that's where things went wrong. ▶ The Vulnerability For reasons that remain unclear, Kelp had configured a 1-of-1 DVN setup. One verifier. No redundancy. No independent confirmation. LayerZero had explicitly warned against this configuration. Kelp ignored the warning. A single point of failure in a system securing hundreds of millions of dollars. ▶ The Attack The attackers, preliminarily attributed to North Korea's Lazarus Group, didn't need to break any smart contract. They went after the infrastructure layer. To verify blockchain state, a DVN relies on RPC nodes, the servers that synchronize and serve blockchain data. The attackers compromised two RPC nodes used by Kelp's lone DVN, then launched a DDoS attack against the remaining healthy nodes, forcing failover to the poisoned ones. From there, it was trivial. The compromised RPC nodes presented a fabricated blockchain state to the DVN, pretending that 116,500 rsETH (~18% of total circulating supply) had been legitimately deposited on the source chain. The DVN, seeing no contradicting signal from any other verifier, approved the message. The attacker retrieved 116,500 rsETH freshly minted on the destination chain. ▶ The Liquidation The attacker deposited the stolen rsETH as collateral on Aave V3 and Compound V3, then borrowed approximately $236 million in (W)ETH against it. By the time lending protocols reacted, freezing rsETH markets, halting new deposits, restricting withdrawals, the damage was done. Aave now carries an estimated $177-196 million in bad debt. Its TVL plunged from ~$26.4 billion to ~$17.7 billion as panic withdrawals exceeded $5.4 billion. Whether Aave's safety module can fully absorb the loss remains an open question. Not the decentralized and trustless ideal we went for... The Deeper Problem Poisoning a handful of RPC nodes and DDoS'ing a few others was enough to fabricate $292 million out of thin air and erodes trust across the entire DeFi ecosystem. No smart contract exploit. No zero-day. Just a misconfigured verifier and an infrastructure-level attack on the nodes it relied on. But the root cause runs deeper than Kelp's configuration. The fundamental problem is the trust model. Kelp's bridge, like most bridges and many Layer 2 rollups, relies on oracles reading blockchain state from RPC nodes and attesting that "this thing happened." The security of the entire system reduces to one question: can you trust the nodes feeding data to your verifier? The Kelp hack proves the answer is no. Not the decentralized and trustless ideal we went for... There is a fundamentally different approach: validity proofs. Instead of trusting oracles to honestly report what happened on another chain, you require a cryptographic proof, a zero-knowledge proof, that the state transition actually occurred according to the protocol's rules. The verifier on the destination chain doesn't trust any RPC node, any oracle, or any DVN. It checks the math. Either the proof is valid or it isn't. This is exactly the model ZK rollups use to settle on Ethereum. The L1 doesn't ask an oracle "did these transactions happen?" It verifies a succinct proof that they did. ▶ The Goose That Lays the Golden Eggs One could argue the attacker showed restraint. With a 1-of-1 DVN, they could have minted any amount, $292 BILLION, if they wanted. There are liquidity arguments (you can only extract what lending markets will let you borrow against) and detection arguments (the larger the mint, the faster the response). But there's a more cynical reading. The Lazarus Group and similar state-sponsored actors are in a peculiar position. They could mint an amount large enough to collapse the entire DeFi ecosystem. But doing so would kill the very system they profit from. So they calibrate, enough to fund their operations, not so much that the ecosystem loses confidence and collapses. The goose must keep laying. The DeFi ecosystem likes to talk about trustlessness and decentralization. But when a handful of poisoned RPC servers can drain nine figures and trigger a systemic crisis, we should be honest about where we actually are, and serious about the cryptographic tools that can actually get us there. Stay safe.

Congrats @spurs, love seeing this 😎 Spurs is backed by one of the most powerful fan communities in the world, and @Ledger is proud to be part of this journey.

Highly recommend visiting and speaking with @solienne_ai tomorrow: luma.com/rented-gaze 📸 by @seth

@Ledger has long been the gold standard for cryptographic security We’re rapidly transitioning to a new agentic world, where the focus shifts from secure self custody of financial assets (BTC, ETH digital art etc) to securing the autonomy of AI agents In a world of agentic flows, your hardware isn’t just a vault for wealth — it’s the root of trust for identity, policy and intent As agents increasingly transact and act on our behalf, Ledger is the only brand positioned to be the secure layer that ensures human remains in control🛡️🤖 🤖

We are live!

🚨 UPDATE: Ledger unveils AI roadmap to secure agents managing wealth and identity.

I’m particularly concerned about the rise of one-day exploits. AI is exceptionally effective at uncovering vulnerabilities in large codebases and even more so at turning them into working exploits. Security patches will have to be released more frequently than ever. Yet for attackers, the barrier to entry is collapsing: asking an LLM to analyze the security-relevant differences between two versions of a binary and generate an exploit is faster, cheaper, and far more efficient than before. Meanwhile, individuals and organizations remain slow to update their software stacks. The result is a widening gap, and a landscape where nothing is secure anymore. x.com/i/status/20364…

Today marks a major milestone for @Ledger. Ledger’s Chief Experience Officer, @iancr, is stepping into a new role as Chief Human Agency Officer. At the same time, we’re unveiling our Strategic AI Roadmap. This is more than a leadership change. It signals a fundamental shift. For over a decade, Ledger has built the infrastructure to secure digital ownership. But as AI agents begin to act on behalf of individuals, ensuring that a human remains the ultimate decision-maker, on trusted screens, becomes critical. As Chief Human Agency Officer, Ian will lead our efforts to preserve human agency in an increasingly AI-powered world. In parallel, we’re introducing our AI Roadmap, laying the foundations for a secure agentic economy where AI agents can operate autonomously while humans stay in control. Starting in 2026, we will roll out a new set of capabilities to bring this vision to life. Developers can already integrate Ledger hardware to enforce human validation, MoonPay is live. Next, we will introduce hardware-rooted agent identities, powered by the Ledger Key Ring Protocol, securing secrets at the source, strengthening integrity, and enabling full traceability. By year-end, we will deploy progressive “Proof of Human” attestations, verifying that a unique individual is behind each agent, reducing bot-driven noise while preserving privacy. Ledger is uniquely positioned to meet this challenge through secure hardware, a proprietary OS, and a deeply held belief in digital ownership. Digital ownership has always required strong security. In the age of AI, it also requires human agency. This is what we’re building next. Ledger's 2026 Agentic AI Roadmap: ledger.com/blog-2026-ai-s…

@Ledger @ParisBlockWeek @moonpay @shisa_ai If you're building agents that touch real value and need a security partner, come find us. Full post: ledger.com/blog-2026-ai-s… Bookmark this thread. RT the opener if you know someone who should read it: x.com/iancr/status/2…

The agent logic, the model, the tools — that's the software layer. But the moment an agent proposes to do something consequential, @Ledger is the layer that ensures the right human authorized it. We built it for crypto. It turns out we built it for this.

Last October I stood on a stage and said "An agentic future where we give agents our logins, credit cards, and identities is a security nightmare." Silence. Stares. Six months later, every agent conversation comes with a security warning.