Kurt

🚨 I don't think people realize how bad things are at @aave right now. All core markets are at 100% utilization, that includes $3 bil in USDT and $2 bil in USDC stuck! That means you CAN'T WITHDRAW your money! A long post on why and how we ended up here. When the rsETH exploit happened and AAVE incurred bad debt, whales like Justin Sun, MEXC exchange, and others immediately withdrew billions from AAVE. This instantly drained all available liquidity in key core markets like ETH, USDT, USDC and so on. Those first to withdraw got out, laggers got trapped. Initially, the ETH market hit 100% utilization, meaning you could not withdraw your ETH from AAVE. Worse, this also means the protocol can't process ETH liquidations should ETH price fall/crash. If you can't sell any ETH, you can't liquidate to cover debt obligations. That means the risk of more bad debt incurred by AAVE is increasing the longer its markets remain stuck. Nevertheless, users can still sell at a minor loss the aETHwETH tokens on Uniswap or similar aggregators. That exit door is the last one remaining for ETH depositors on AAVE. The same cannot be said by depositors of USDT and USDC. They are stuck. That's because AAVE lost over $6 billion in liquidity in the past 24h. As whales took out their money, USDT and USDC also hit 100% utilization. These markets are now also stuck with money locked. Panic is spreading and desperate times call for desperate measures. Some users decided to borrow against USDT/USDC and exit via other markets at a 10-25% loss (90-75% LTV). Basically you borrow GHO/DAI/USDe against your locked USDT/C. But as more liquidity leaves AAVE, more markets get to 100% utilization and get locked/stuck due to low liquidity. This is quickly cascading across all available markets. Luckily the crypto market was rather flat today so liquidation risks were marginal, but if things change there are billions in stablecoins and other assets locked on AAVE that can't process liquidations = more bad debt for AAVE. If users or related protocols that are stuck need access to their money to prevent liquidations or other critical function, they have a huge problem on their hands. Plus, nobody wants to deposit (or provide liquidity) in these markets now since your ETH, BTC, USDC/T could be stuck there for who know how long. As soon as any available liquidity is made available, it is instantly taken out by bots fighting to get out. As I wrote this I saw 250k in liquidity on USDC vanish in seconds. Then there is the bad debt question. There's over $200 mil in bad debt incurred by AAVE via rsETH that's like a hot potato. Nobody knows who will eventually pay this bill. If you didn't remove your assets from AAVE, you risk receiving at least part of that bill in some form. Not having access to your money is part of that risk too. Contagion is also extremely high. Many protocols and apps rely on AAVE for their earn mechanics. These protocols and their users are stuck too and may be forced to incur bad debt with no fault of their own. October 10th was a CEX driven crash, this is a DeFi risk mitigation failure of epic proportions. AAVE should have never onboarded rsETH as a collateral asset, at least not to the size of hundreds of millions that allowed the hacker to walk away (i.e. borrow) over $200M in ETH after posting fake collateral. Rumors on X are saying rsETH was onboarded by AAVE due to a conflict of interest (lobbying) by a given service provider. If true, this is a major failure of its governance structure (nothing new). The folks at @KelpDAO who manage rsETH also have a tough decision to make on who will actually pay for the $200M exploit. AAVE users? L2 rsETH users? Everyone affected gets a haircut to account for the loss? The AAVE team and its founder, Stani, have been quiet for over 20h since the exploit after initially announcing the rsETH market freeze. They have a pretty big problem on their hands since the whole protocol is at risk right now. Trust is already lost as AAVE is bleeding billions in TVL to the level of hitting 100% utilization on all core markets. Maybe some key actors in the space will step in to provide liquidity to stabilize the markets on AAVE before this gets even worse. I got lucky to get out of AAVE early when I first saw this. I also removed all assets from DeFi and will not touch any protocol in the next few weeks. Too much risk for a few percentage points in yield. If you found this informative, like, share, and follow @duonine

Just discovered models.dev. Simple and really powerful API for AI models. #AI #MachineLearning #OpenSource #LLM

@alibaba_cloud when model API endpoint for code subscription plan?

Built an AI agent (clido.ai) that can run arbitrary workflows. My first one: a Solidity audit workflow. Randomly picked @secured_fi’s @USDFC_Protocol contracts to test it… and it had some very nice things to say 👇 #AI #Web3 #Solidity #DeFi #BuildInPublic

@bridgemindai Started using Kimi on Alibaba Cloud with the Clido.ai agent. Much higher rate limits, feels more reliable than Opus today, and overall just a lot cheaper for what you get. Pretty happy with it so far.

CLAUDE OPUS 4.6 IS NERFED. BridgeBench just proved it. Last week Claude Opus 4.6 ranked #2 on the Hallucination benchmark with an accuracy of 83.3%. Today Claude Opus 4.6 was retested and it fell to #10 on the leaderboard with an accuracy of only 68.3%. A 98% increase in hallucination. bridgebench.ai just confirmed that Claude Opus 4.6 has reduced reasoning levels and is nerfed.

Clido.ai has been running for hours with Kimi on Alibaba Cloud, and I genuinely don’t know what to do with my time… So I started sanding a table 😄 cc @Kimi_Moonshot @alibaba_cloud #AI #BuildInPublic

@Alibaba_Qwen @OpenRouter had qwen3.6-plus running all night via openrouter in clido.ai and it held up really well Seems to be a really strong model, especially for coding. nice work!

Qwen3.6-Plus ranks # 1 on @OpenRouter , and the first model on OpenRouter to break 1 Trillion tokens processed in a single day！!🥇🔥 We are thrilled to see Qwen3.6-Plus topping the charts so quickly. This milestone wouldn't be possible without our amazing developers. ❤️Thank you！！

@Alibaba_Qwen been running the new qwen3.6-plus via openrouter in clido.ai and honestly it performs really well 👀 super solid coding performance for a free model. nice work

（1/8）🚀 Introducing Qwen3.6-Plus: Towards Real-World Agents! 🤖 Today, we’re thrilled to drop a major milestone in our journey toward native multimodal agents. Here is what makes Qwen3.6-Plus a game-changer： 💻 Next-level Agentic Coding: Smarter, faster execution. 👁️ Enhanced Multimodal Vision: Sharper perception & reasoning. 🏆 Top-tier Performance: Maintaining leading general capabilities. 📚 1M Context Window: Available by default via our API. Built on your invaluable feedback from the Qwen3.5 era, we’re laying a rock-solid foundation for real-world devs. Get ready to experience truly transformative ✨ Vibe Coding ✨. Huge thanks to our community! Go try it out and show us what you can build. 👇 Chat: chat.qwen.ai API: modelstudio.console.alibabacloud.com/ap-southeast-1… Blog: qwen.ai/blog?id=qwen3.6 🔔Noted：More Qwen3.6 models to come and be open-sourced! Stay tuned~ 👀#Qwen #AI #AgenticCoding #VibeCoding #Agents

Huge kudos to @Kimi_Moonshot Tried running kimi-code inside my own agent (clido.ai) and… 🥁 It just gets it. After wasting way too much time fighting with Opus, Kimi came in, understood the task immediately, and actually built what I needed. 💯

@immunefi Going public was definitely the right thing to do!

We're aware of the public discussion regarding a recent bug bounty dispute. We understand the frustration that can come with these situations, for researchers and projects alike. But we don't believe public forums are the right place to evaluate vulnerability severity, debate payout amounts, or litigate the specifics of a report while a dispute is not concluded. That approach risks compromising the quality of discussion and the resolution process itself. Since mediation over payout amount was not requested, we have self-initiated mediation to examine the specifics of the report, which takes time because of the complexity involved, but we’ll take the appropriate actions after coming to a conclusion. In the meantime, we’ve paused the project to make sure that appropriate attention is given to any outstanding reports.

@pashov I'm working on an AI auditing tool as well and from what I learned: speed is not always a good thing. I prefer to wait a few hours and get proper results instead of speeding and get too many false positives.

🧠AI security tools are booming. Still, many are slow, painful to set up or expensive to run. solidity-auditor v2 drops tomorrow. 1 command install. 8 parallel specialist agents. <10min on 5000 nSLOC. Runs locally on a cheap API plan. Free (even though it probably shouldn't be)

@dod_berlin @ETHBerlin 👀

@_kurtme @ETHBerlin Never say never.

Big news! We are excited to announce we are teaming up with the @internetarchive to co-organize the @GETDWeb Camp just outside Berlin this year. Will you go camping with us? 🏕️

@dod_berlin @ETHBerlin this sounds sick but the unfinished train to prague storyline still lives rent free 🚂

You're probably thinking: Wait... last year was Protocol Berg so this year should be @ETHBerlin right? Wrong. Hackathons are our favourite type of event, but this year we wanted to take it to the next level. (And that's not to say neither will happen again).

I ran my ai audit pipeline using free models against the repo. Results are not too bad. 🤖🪲 Full Report -> @0xKurt/r19Uu-uc-x" target="_blank" rel="nofollow noopener">hackmd.io/@0xKurt/r19Uu-…

Running my AI audit pipeline on Moloch.sol. I ran into a few issues that still need fixing, but the results already look promising. For this run I used only free models, so it is quite slow, but I wanted to see how the pipeline performs. Looking forward to comparing the results.

@z0r0zzz Really interesting seeing all these AI audit results collected in one place. Exactly what I was looking for to test the performance of my AI audit pipeline. Would you be open to create a branch without the findings so ai tools can scan it blind and compare to the ground truth?

@pashov Depends on the audit. Claude skills are cheap and useful, but limited. I'm building an audit pipeline where a run costs $200+ and still needs manual review, but it delivers deeper results. Right now AI + human review is about $1k. The goal is to eventually remove the human step

How much do you think an AI audit scan should cost? Only honest answers, comment below.

@0xSilvermist Reported a high-severity bug. The team acknowledged it but marked it as duplicate and out of scope, so no payout. I reviewed the scope, audits, and docs again and still could not find any reference. Sometimes that is how bug bounties work...

I found a valid High bug in a bug bounty. The project confirmed it. But I got $0. Here's what happened 👇

If you’ve wondered what I’ve been working on over the past few months: I built a multi-stage AI audit pipeline. Across 15+ codebases, including projects audited multiple times, it consistently surfaced new vulnerabilities. Details here: medium.com/coinmonks/proo…

I’m building something between a chat app and a distributed reasoning engine. Multiple AI agents, each with a role, working on the same problem. Sometimes they agree. Sometimes they clash. The interesting part is what survives. #AI #MultiAgent #LLM #Audit