matthew 💭

2nd Bali house acquired ✅ It's all about stacking Sats and flats

+1 It's a classic "straddling" problem I call it the Ice Cream Trap When a product tries to serve two distinct audiences at once, failing to fully satisfy either One group wants vanilla. Another wants chocolate The trap is thinking that offering vanilla chocolate swirl gives you a bigger addressable market It doesn't Neither group really wanted swirl And the market for swirl is a fraction of either single flavor Bigger TAM on paper but smaller real market in practice

Unpopular opinion from someone who builds wallets for a living: No crypto-native product is going to iterate its way into mainstream adoption. The gap between what our current users want and what mainstream retail needs isn't a UX problem. It's a completely different product with a completely different trust model. Our users want sovereignty. The next 100M users want a safety net. You can't give them one without taking it from the other. I've watched teams try. They start adding mainstream-friendly features, the core community gets uncomfortable, and the product drifts into this dead zone where it's too complicated for normies and too watered down for natives. Nobody's happy. The app doesn't feel like anything anymore. The mainstream crypto product that actually works probably doesn't say "crypto" anywhere on the landing page. And it probably isn't built by iterating on what exists today. It's something new, from scratch, with the chain running invisibly underneath. Wallet builders need to start asking a harder question: are we the app, or are we the plumbing inside someone else's app. I don't think most of us are ready for that answer.

@TylerDurden What a time to be alive

You wake up it’s 2021, Bored Apes just hit $500,000 floor, Justin Beiber is tweeting your bags and all the bros are multi millionaires..

Due to the Drift hack, I just made this Solana DeFi Multisig Dashboard → Multisig Addresses → Approval Threshold → List of Multisig Members → Link to Docs of each protocol Very simple, but hopefully useful If you want your project added DM me 🔗 solmultisig.com

Solana Ecosystem Map 2026 for Founders {v.2} The opportunities to build on @solana are massive, so it wasn’t possible to include everything in one post. Here’s an update: 1. Investment communities They can help you get funding on fair terms, often easier than pitching traditional VCs. > Monke Ventures {@MonkeVentures} The investment syndicate of @MonkeDAO, democratizing high-quality deal flow for everyday investors. The syndicate has funded over 40+ teams, with $2M+ in total funding. > Superteam syndicate at the @echodotxyz Lets people invest in crypto startups and token projects by joining private funding rounds alongside top investors. 2. Hackatons Hackathons allow you to test your product in real conditions, receive feedback, secure early funding, and build long-term relationships. > @colosseum: main {twice a year} and Eternal > @solanamobile & @RadiantsDAO focused on mobile apps for Seeker > @superteam's local hackathons 3. Grants {Non-Dilutive Funding} At an early stage, raising large amounts of venture capital is rare. Better start with smaller, strategic funding that validates your project. > @SolanaFndn {~$40 000} > @solanamobile {~$10 000} > @superteam {~$10 000} > @Kalshi {$2 000 000 pool} > @MetaplexFndn {based on DAO decision} 4. Accelerators Accelerators provide structured support in product development, go-to-market strategy, fundraising preparation, and network access. > @colosseum > @OrangeDAOxyz > @incubator > @alliance > @MonkeFoundry > @a16zcrypto > @OnePieceLabs > @venture_launch 5. Conferences and IRL Events Strategic conversations at events often lead to partnerships, funding, and distribution opportunities. > Solana Breakpoint & Accelerate by @SolanaEvents > Events by @MeteoraAG and @JupiterExchange > Solana Summits hosted by Superteams 6. Podcasts To stay in sync with Solana news, opportunities, and learn how others operate, follow pages who consistently share insights. > Billions hosted by @Pedromiranda > Bits to Bricks hosted by @amiravalliani > Open Intelligence hosted by @_rishinsharma > On The Road hosted by @nickducoff > Solana is Global hosted by @afscott > The Stack hosted by @nocircuit > Validated {@ValidatedPod} hosted by @Austin_Federa > The Index Podcast {@theindexshow} hosted by @afkehaya > Lightspeed {@LightspeedpodHQ} hosted by @defi_kay_ > Solfate Podcast {@SolfatePod} hosted by @jamesrp13 & @nickfrosty > Talking Tokens {@_TalkingTokens} hosted by @jacqmelinek > SOL BROTHERS {@SolBrothersPod} hosted by @YouKnowEno & @simonmolitor > Ownership {@ownershipfm} hosted by @8bitpenis Bookmark this map and share it with others. Also check the previous one for more opportunities 👇

@Only1temmy I woke up feeling the same way today We need to learn from our missteps or we will continue to fall

i can't stop thinking about the drift protocol hack. not because of the $280m. we've seen big numbers before. i can't stop thinking about how it happened. and what it says about everything we're building. on april 1st, while people were posting jokes, an attacker drained $280 million from drift protocol in minutes. the team had to literally tweet "this is not an april fools joke." but this didn't start on april 1st. it started on march 23rd. that's when the attacker created four durable nonce accounts. two tied to drift's own security council multisig members. two controlled by the attacker. quietly. no alarms. no flags. on march 27th, drift migrated their security council due to a routine member change. by march 30th, the attacker had already compromised a signer on the new multisig too. then on april 1st, they executed. a test transaction first. then one minute later, two pre-signed transactions fired four slots apart. admin takeover. withdrawal limits removed. a malicious asset introduced. every vault drained. jlp. sol. btc. usdc. over 15 tokens gone. the entire thing took minutes. this wasn't a bug. this wasn't a smart contract exploit. this wasn't a flash loan or an oracle manipulation. drift's own report confirms it (you can check @DriftProtocol's latest to confirm). no compromised seed phrases. no code vulnerability. this was social engineering. the attacker got 2 out of 5 multisig signers to approve transactions they didn't fully understand. used durable nonces to pre-sign them. then waited. patiently. for over a week. two signatures out of five. that was the security standing between users and $280 million. two out of five. i keep coming back to that number because this is the part that should make everyone uncomfortable. not the hack itself. the architecture that made it possible. we've seen this before. we've seen this so many times. bybit. $1.4 billion. the attacker compromised the signing infrastructure and tricked signers into authorizing malicious transactions. same concept. social engineering. not code. ronin bridge. $625 million. compromised validator keys. same story. cetus protocol. $223 million. different method but same result. hundreds of millions gone. in 2025 alone, $3.4 billion was stolen in crypto. and the pattern is almost always the same. not brilliant code exploits. not zero-day vulnerabilities. someone was tricked. a key was exposed. a human made a mistake. only 19% of hacked protocols even used multi-sig wallets. and the ones that did, like drift, got beaten anyway. because the weakest link was never the code. it was always the person holding the key. now here's what makes me angry. i've seen people dunking on solana over this. blaming svm. questioning the entire chain. the same thing happened after bybit when people started questioning evm and ethereum's security model. this is not a solana problem. this is not an ethereum problem. this is not chain-specific at all. drift's own report says it clearly. the programs and smart contracts worked exactly as designed. the chain did what it was supposed to do. a human was tricked into signing something they shouldn't have. that can happen on any chain. any protocol. any ecosystem. pointing fingers at solana is a deflection. and it's net negative for the entire space because it distracts from the real conversation we need to have. which brings me to circle. nine days before the drift hack, circle froze 16 business wallets overnight. legitimate companies. crypto exchanges. forex platforms. payment processors. no criminal charges. a sealed civil lawsuit that nobody could even read. no advance warning. businesses woke up and couldn't process payments, couldn't settle trades, couldn't serve their customers. zachxbt called it "potentially the single most incompetent freeze" he'd seen in over five years of investigations. one of the frozen wallets wasn't even a business. it was a dfinity bridge contract used by thousands of users who had nothing to do with the case. then nine days later, $280 million is being drained from drift in real time. the attacker is converting stolen tokens through jupiter, bridging them to ethereum, moving funds through circle's own cross-chain transfer protocol. and the freeze didn't come fast enough. so circle can shut down 16 legitimate businesses overnight for a civil case. but a quarter billion being actively stolen through their own infrastructure? different speed. i'm not saying circle is the villain here. i'm saying the system is broken in ways that should concern everyone. now think about who's actually affected by drift. it's not just traders. protocols are built on top of drift. neobanks integrate with defi infrastructure. real customers with no idea what a multisig even is woke up and saw they couldn't access their money. some platforms said user funds are safe. but nobody could withdraw. your money is "safe" but you can't touch it. think about what that feels like for someone who just wanted a better savings rate. i know what it feels like on a smaller scale. i lost $5,000 to social engineering. it's nothing compared to $280 million. but the feeling is the same. that moment when you realize the funds are gone and there's nothing you can do. it doesn't scale with the dollar amount. it's the same pit in your stomach whether it's $5k or $280m. and here's the question i keep circling back to. we say defi is the future. we say we're going to onboard the next billion users. we say this technology will replace traditional finance and bank the unbanked and give people financial sovereignty. but how do we onboard millions of people into a system where a social engineering attack can drain a quarter billion dollars in minutes? where 2 out of 5 signatures is considered security for $280m? where the attacker sets up wallets two weeks early, runs a test transaction, and nobody notices? where circle can freeze legitimate businesses overnight but can't stop a live heist fast enough? where the same attack, the same playbook, the same human error keeps happening year after year after year? ronin. bybit. cetus. now drift. same cause. different name. different chain. same result. defi doesn't have a code problem. it has a people problem. and we keep solving for the code. i haven't interacted with a protocol in a while. i like money. but i love safety more. and right now this space is asking me to choose between the two. security can't keep being the last conversation. it can't keep being the thing we talk about after the hack and forget about before the next one. it has to be the first priority. not the last. because right now we're not ready for the next billion users. we're barely keeping the ones we have safe.

@TheLocalCRYPTO Legend, I hope you're doing well

@yo_itsmatt 👀👀

Yesterday was a hard day for anyone who believes in DeFi I'm genuinely a big fan of the Drift team and the product The work they've put in to build a serious venue for perp trading on Solana deserves real recognition and they've been grinding for years to make DeFi work for real users This one hit different for me because I just know way too many friends who've been burned by hacks over the years People who put hard earned money into protocols because they believed, like I do, that DeFi represents something genuinely better than what traditional finance offers But a "better system" can't only mean better yield, it has to mean better protection too More regulation isn't the answer, even if some will push for it. And arguing over definitions doesn't solve the problem What we actually need is to develop best-in-class opsec standards that protocols genuinely adhere to, more transparency on internal security processes, and real accountability to implement and improve standards over time I don't have the answer to how we do this, but I know we need to learn from our collective missteps, or we will continue to fall

Stablecoins just had their biggest quarter ever $300b+ total market cap (ATH) $21.5T in adjusted on-chain transfer volume $1.8T in February alone That's more volume than PayPal moves in an entire year and 1.5x what Visa clears in a typical month

@ashen_one JJK is poetry in motion

Yeah Jujutsu Kaisen is still the top anime that's been released in the past five years. Every single episode, even every single season, collectively just gets better and better. I also think it has one of the greatest soundtracks of any anime I've ever seen in my life. For the newer generation of anime bros that didn't watch Naruto or One Piece or Dragon Ball Z or whatever, this is their top three anime and they are so lucky because it is so peak. Okay I'm going to watch Invincible now

Drift was hit by a very sophisticated attack, the source of which is still being investigated There was no program or smart contract exploit Like almost all crypto hacks of late (Bybit, Neutrl, Step), this ultimately appears to be opsec/social engineering vs contract risk The unfortunate reality is that this happened to a Solana-based entity, but it could have happened to any protocol protected by a multisig on any chain There’s likely to be a lot of lessons to be learned and socialized once the full investigation is complete, but this is an isolated incident and says nothing about Solana DeFi or any other Solana product Of course, my heart goes out to everyone affected by this Today was very hard on many people including lots of friends and I’m personally filled with tremendous sadness, because nobody deserves this But I know the Solana DeFi community will pick up the pieces and rebuild fast as only Solana can

@DashOrCrash1 Down bad

state of the trenches

It's no coincidence crypto card txns are hitting all-time highs as stablecoin issuance and volume continue to explode Stablecoins are crypto's killer app and they've found product-market fit

One network did: $128M tokenized equity volume last week (98% of all onchain equity movement) $650B monthly stablecoin volume (nearly 40% of all stablecoin market share) $57B spot DEX volume last month (#1 among all chains) I'll give you one guess

🚨BREAKING: @Solana set a new all-time high in spot tokenized equities DEX volume in March, climbing to $557M from $268M in February, a 108% increase. Solana’s market share rose to 98%, while Ethereum’s share fell from 6% to 1.96%.

2,000,000,000 In case you wanted to count the zeros

@thenestlisbon @Grantblocmates Obrigado 🙏🏽

@yo_itsmatt @Grantblocmates Hey Matthew 👋 Will dm you

So many insanely talented people building in this part of the world Really looking forward to the next one all ready Will drop the details soon!

@Grantblocmates @thenestlisbon Do you have a contact there? I'm keen to check it out

@yo_itsmatt @thenestlisbon they’re the best

@0xkyle__ Blessed with knowledge

would you rather be cursed with knowledge, or blessed with ignorance?

@UyiUnchained @nic_carter Agree BTC maxis have the most to be concerned about

The concern is this unlike others doesnt look like baseless FUD. They actually had to hide their approach and use ZK proofs. Whats even more concerning is teams are not focusing on this esp on bitcoin. Major discussions are around spam or utxo bloat. I personally feel more concern should be given now.

Quantum FUD? It's just another day in crypto The reality is the industry will build and adopt PQ as a standard much before any real threat exists. Every core team is working on this in some capacity now But I'm glad we're addressing it with more urgency - now @nic_carter won't need to rage tweet about it every week