Billie

@HalfRency gm lost stay safe with ledger

GM Ledger Totally agree this kind of 2FA screen often feels more like theater than real protection. In crypto, looking secure and being secure are two very different things. Nothing beats true self-custody with a hardware wallet for peace of mind. Appreciate the consistent reminder to move beyond surface-level safeguards. Keep leading with real security @Ledger

@Beehot05 half of crypto alpha is literally just being in the room tbh one random convo at these events can alter your entire lore

Most people wait for opportunities. Smart builders put themselves where opportunities happen. On June 13th, Berlin became the center of the Solana ecosystem. Founders, developers, creators, investors, institutions, and community leaders all under one roof. One conversation can change your trajectory. One connection can unlock your next opportunity. One idea can become the project that defines your future. Whether you're already building on Solana or just exploring what's possible, this is where the ecosystem comes together. Learn from the people shipping products. Meet the teams pushing innovation forward. Connect with creators, founders, and builders shaping the next chapter of crypto. The best opportunities rarely come from scrolling timelines. They come from showing up. Berlin. June 13th, be in the room where ideas turn into companies, partnerships, and lifelong connections. Join the biggest Solana event Germany has ever seen. 🇩🇪⚡ Join the journey here 👇 luma.com/solanasummitge…⁠ @SuperteamDE #SolanaSummitGermany #Solana #BuildOnSolana #SuperteamGermany

@bravo_asiwere @whacky_whales lol

wtf is a @whacky_whales?

@clix81ne gm clix

GM Everyone ☀️ Happy Friday 🫶

@domicrypt92 10

Got a fresh PFP from the $Pissin community 😭 At this point, I'm no longer fighting it. Rate it from 1–10 👇😂

@De_aN6 gm DeaN

Gm guys TGIF Anyone got approval yet? Cause it seem like this will be in review forever.

@yeganomaly omg so cute

i’m so super cute… aren’t i? 🥹 [prompt in the first comment]

@JohnsonBam85400 @nabulines timeline moving like a slot machine meanwhile the real edge is just knowing what NOT to chase

the biggest edge isn't reacting to every trend, it's knowing what deserves your attention. when the noise fades, conviction, discipline, and clear signals become easier to recognize. stay focused on what creates long-term value.

@Parsats_eth @Lovable well said

Counterintuitive thing about AI: the easier it gets to build, the more valuable trust becomes When anyone can ship an app from a sentence, "Can it be built?" stops mattering "Do I trust it?" is everything Why @lovable's Anton Osika calls trust the real moat

@P3b7_ 4 years of invisible inflation bug hiding inside zk tech is genuinely nightmare fuel we really entering the ai audits everything or perish era now

👉For 4 years, 1 day, and 10 hours, anyone who understood the Orchard circuit could have minted ZEC out of thin air, silently, with no on-chain signature. The bug was disclosed this week. It was found by an AI-driven audit running Opus 4.8, not by an attacker. 1. Call the bug what it is Two lines in halo2's variable-base scalar multiplication gadget used assign_advice() where copy_advice() was required. As a result, the diversified-address integrity check pk_d = [ivk]·g_d could be satisfied for arbitrary inputs. A malicious prover could spend the same note multiple times with different nullifiers, i.e. counterfeit ZEC inside the Orchard pool, undetectable on-chain because the privacy of the ZK proof hides exactly the inputs that would reveal the attack. We do not know whether it was exploited. We will probably never know. 2. Four years. Multiple audits. Top-tier reviewers. Orchard was reviewed by some of the strongest cryptographers in the field before activation. They missed it. Earlier automated audits with Opus 4.7 missed it. Opus 4.8 catches it in roughly 1 in 4 runs when prompted generically. The bug is hard. And ZK inflation bugs are not new. Zcash itself shipped a counterfeiting vulnerability in Sprout (BCTV14) that survived years before being silently neutralized during Sapling. Similar soundness issues have appeared in circom, halo2, and rollup verifiers since. The pattern is consistent: when the protocol is private, exploitation is undetectable. You patch the bug and hope. 3. What Zcash did right This was a textbook decentralized incident response: ▶️Audit: a full AI-assisted soundness audit of halo2 + Orchard, scoped end-to-end. ▶️Discover: the agent flagged the missing constraint and worked out the algebra to turn it into an exploit. A working RPC-level PoC in ~6 hours, mostly waiting on tokens. ▶️Coordinate: a soft fork disabling Orchard, prepared and distributed without leaking the bug, activated 2 days and 15 hours after acknowledgement. Coordinating a soft fork across miners, exchanges, and nodes without disclosing why is genuinely hard. They did it. ▶️Disclose: timeline, code lines, math, open questions. No spin. Worth naming explicitly: Zcash's turnstile invariant caps the value that can ever leave a shielded pool by the value that entered it. Privacy and verifiability inside the same protocol. That is not an accident. That is good engineering, and it is what kept the worst case bounded. 4. The economics of security just changed AI does not change whether bugs like this exist. It changes the cost of finding them. I wrote about this x.com/P3b7_/status/2…: a missing constraint in a 4-year-old production ZK circuit used to require a top-tier cryptographer with months of context. It now requires a few tokens, an API key, and a well-framed prompt. The defender benefits. The attacker benefits more, they only need to find it once, and they never disclose. Orchard is the optimistic version of this story: defense got there first. The pessimistic version is the one we cannot rule out, because the chain is private by design. 5. The only real exit You do not patch your way out of this asymmetry. You raise the floor. Formal verification of consensus-critical circuits, every assign_advice audited by SAT solvers and AI for under-constraint, as the reporter himself recommends. Proof-grade engineering that used to be too expensive is now cheap enough to be mandatory. Hardware roots of trust, secure enclaves, certified secure elements, WYSIWYS. Cryptographic guarantees the user can actually verify, not promises a host can lie about. Continuous AI-assisted audit of every consensus-critical commit, re-run immediately on the release of any new frontier model. Zcash didn't just patch a bug. They demonstrated the new defensive playbook: AI-driven audits, decentralized coordination, radical transparency, verifiable invariants. That is the direction the rest of the industry needs to follow. And those who don't raise the bar for security will be rekt in this new world. Stay safe. Stay honest about your trust assumptions.

@0xkivaro gmorning kiki

morning survivors ☀️ losing money together would've been romantic luckily my dog doesn't trade