anticapture

🗳️ With @tallyxyz winding down, delegates and token holders need reliable places to participate. Multiple independent frontends aren't just nice to have, they reduce single points of failure. 🔗 Anticapture is now available as a governance interface: anticapture.com

@TheCapHimself @cinesiusss @l2beat @defiscan_info @walletbeat @coinspect @web3privacy @DefiLlama @AragonProject Appreciate the mention! thank you 🙏

@cinesiusss @l2beat @defiscan_info @walletbeat @coinspect @web3privacy @DefiLlama @AragonProject @anticapture by blockful for DAOs/governance

transparency explorers: @l2beat for chains @defiscan_info defi risk monitor @walletbeat & @coinspect for wallets @web3privacy for privacy @DefiLlama for general defi @AragonProject ownership token framework what else?

@defiscan_info @cinesiusss @l2beat @walletbeat @coinspect @web3privacy @DefiLlama @AragonProject @PharosWatch we appreciate the mention 🫡 @anticapture helps monitor DAO governance risks, from voting power concentration to proposal activity and capture vectors. making it easier to see where protocol decisions may become vulnerable.

The wasabideployer.eth address was compromised and it was the only wallet holding the ADMIN role in the @wasabi_protocol. Once compromised, the attacker used it to grant the ADMIN role to a contract under their control. This allowed them to call the strategyDeposit function across 7 vaults, move funds into the attacker's contract, replace the vault logic through a UUPS upgrade, and drain the full balances via a drain() call. The attack unfolded across 4 different chains, hitting multiple vaults, and was fully executed in just 3 minutes. This brought April's total to 30+ exploits and roughly $630M stolen: making it one of the worst months in DeFi history. A significant share of these incidents stemmed from poor access control management across protocols: - No timelocks on granting sensitive roles like ADMIN, leaving no window to detect or stop a malicious action. - No limits on fund withdrawaltas or protocol-level fund movements. - In Wasabi's case, not even a multisig controlled the sole ADMIN address - it was just a bare EOA. These safeguards would have prevented attacks like Resolv (March 2026), Drift, Wasabi, and others that followed the same pattern. As an industry, we need to align on stronger access control standards and make the protocols holding billions of dollars of user funds genuinely harder to take over with a single compromised key.

1/ Lido is discussing replacing its current mechanism for pausing protocol contracts. Currently, Lido has the GateSeal: an emergency button capable of pausing certain contracts. Control over this button is shared among different Lido committees, and the permissions for each "button" are approved through governance. They can pause anything from the contract used to withdraw stETH from validators to receive ETH to the stVaults contracts. The goal is for it to act as a safeguard not only for the DAO, but for the protocol as a whole. The problem is that maintaining the GateSeal is too cumbersome. Every GateSeal expires after one year, meaning new permissions must be granted annually so contracts can keep pausing specific Lido contracts. On top of that, each GateSeal controls a fixed number of contracts: if one contract is paused but the GateSeal controls ten, it becomes unable to pause the remaining nine unless a new governance proposal renews its powers.

@0xMattmatt @Giveth @anticapture @defiscan_info I think you'll love all of them if you look into them :)

@acaravello @ShutterNetwork @ProtocolGuild @dappnode @walletbeat @defiscan_info @RevokeCash @rotkiapp @ECHInstitute Thanks for the support and for sharing! This really matters🫡

made my donations! @ShutterNetwork ending toxic MEV @ProtocolGuild funding core devs @dappnode decentralization @walletbeat wallet rating @defiscan_info ecosystem insights @anticapture security @RevokeCash protecting wallets @rotkiapp privacy accounting @ECHInstitute news & edu

Feels good to do a handful of donations this round starting w/ @walletbeat Check these other projects too: @CyfrinUpdraft @rotkiapp @buidlguidl @defiscan_info @_SEAL_Org @blockscout @anticapture @RevokeCash @cyfrin

Erin Koen (@eek637), Gov Lead at @Uniswap, submitted a proposal to withdraw 12.5M delegated $UNI from the @UniswapFND and other governance members, such as @Anode_GG, @kpk_io, and @AxiaNetwork0x. The delegations come from the Uniswap DAO treasury. The rationale is the increase in delegations from $UNI holders following the creation of its DUNA at the end of 2025. As a result, they now have delegates with skin in the game and no longer depend on delegates whose voting power comes from the DAO treasury. But is that actually true? The data shows that it is, but with some nuances. 🧵

@MarcoWorms @thedaofund @Giveth @yAuditDAO @rotkiapp @zachxbt we appreciate your support!🫡

I've donated to 4 projects in @thedaofund Ethereum Security round on @Giveth 💙 @yAuditDAO 🧡 @anticapture ❤️ @rotkiapp 🖤 @zachxbt Make finance decent again 🫶

A governance attack attempt happened over the past few weeks. Its goal: steal every dollar deposited in the protocol, $40M. Here's how Lazy Summer identified and blocked an attack that would have been capable of draining every user's balance. 🧵

@Bookof_Eth @blockful_io @Giveth @thedaofund Thank you for the support! 🙏

@blockful_io @anticapture @Giveth @thedaofund We've done our part. It's not much but it's honest work 🙏📖 etherscan.io/tx/0x7fbc5d1c4…

We have just finished creating our @Giveth project for @anticapture participation in @thedaofund Security Round! It's a great chance to get to know a bit more of why and how we talk so much about security in governance giveth.io/project/antica…

For you donations to count for matching on the Ethereum Security QF, you have to donate at least 1 USD worth to each project. I see a lot of donations on @anticapture are bellow that value. We appreciate your support, but it'd go a long way if you could come again and leave a WHOLE dollar for us to get matched :)

This past month, we have never seen as much demand for risk infrastructure and decentralization assessments in DeFi. @DeFiScan is building it along the amazing teams @l2beat, @walletbeat, and @anticapture. Please consider donating to us!

Just donated to a few projects that push for security in different front and are underfunded IMO @anticapture - preventing access control attacks (disclosure: my project) @walletbeat - UX, security for users @defiscan_info - Holding DeFi to better standards @cyfrin - A lot of security public goods @zachxbt - no comments needed

@polymutex @Giveth @defiscan_info Ethereum legibility crew 🫡

Feels good to donate on the @Giveth QF round 🫀 Supporting, among others, the rest of the *beat gang: @anticapture and @defiscan_info

Our work on @anticapture has protected over $150 M so far. We are live on @thedaofund Ethereum Security Round on @Giveth It's a great chance to multiply any donation you make to support projects that you believe are important for security. giveth.io/project/antica…