holly

1.1K posts

holly banner
holly

holly

@holdoesdev

Mama 🐻 and general tinkerer 🛠️✏️👩🏼‍💻 || CPTO @ 1inch

🇵🇹 Katılım Mayıs 2013
1.5K Takip Edilen1.4K Takipçiler
holly retweetledi
Sergej Kunz
Sergej Kunz@deacix·
Excited to welcome Holly Atkinson to 1inch as our new CPTO. Holly will help build on our current product ecosystem while also launching Aqua as we continue shaping 1inch into a key pillar of DeFi infrastructure. Welcome aboard, @holdoesdev
1inch@1inch

Welcome to the team, Holly Atkinson. @holdoesdev joins 1inch as Chief Product and Technology Officer, leading product strategy across our core routing infrastructure and the upcoming launch of Aqua, our shared liquidity product. Her background spans full-stack engineering, blockchain architecture and executive leadership. The goal stays the same: the best rates, the deepest liquidity, the strongest infrastructure in DeFi.

English
1
4
17
4.2K
holly
holly@holdoesdev·
RWA swaps now available via 1inch dApp and API
1inch@1inch

1inch X @RobinhoodCrypto Global markets are moving onchain, and we're a launch partner from day one. You can now trade Stock Tokens on the Robinhood Chain through 1inch Swap. Wallet. API.

English
0
0
3
227
holly
holly@holdoesdev·
Protect devs, protect open source. #freeromanstorm
Roman Storm 🇺🇸 🌪️@rstormsf

🌪️⚖️🛡️ ——————————————— 🛡️⚖️🌪️ 🙏 I'm Roman Storm. To @ethereum, and to everyone who has stood with me through this - thank you. Truly. When you're a developer facing decades in prison for writing open-source code, the nights get very long. And then this community shows up. Again and again. And I remember I'm not alone. That's everything. 💚 Let me be clear about what this case actually is. I didn't rob anyone. I didn't steal, didn't touch a single user's funds, never took custody of a single coin. I wrote software. Privacy software - the kind of thing that, in any sane world, belongs on a résumé. Not in an indictment. 🧑‍💻 So I want to tell you why, even now, I have every reason to keep fighting. Because this isn't blind hope. The courts have already started to speak - and what they said has a name. Van Loon. 📜 In November 2024, a federal appeals court - the Fifth Circuit - looked at what the government did to Tornado Cash and said it plainly: government broke the law. OFAC overstepped its authority when it sanctioned the protocol. Those immutable smart contracts aren't "property" that belongs to anyone. ⚖️ Sit with the court's own words, because they're extraordinary. The judges described Tornado Cash's contracts as "unownable, uncontrollable, and unchangeable — even by [their] creators." 🤯 Uncontrollable. Even by their creators. A federal court, after studying the actual technology, found that I literally cannot control the code I helped write. It runs on its own. It always will. No one can stop it - not me, not OFAC, not anyone. That's not a loophole. That's just how it works. And the government's own position has since crumbled. After Van Loon, OFAC removed Tornado Cash from the sanctions list entirely in March 2025. The protocol they once branded a national-security threat - delisted, out in the open. ❌ And yet they're still prosecuting me. So look closely at what they're actually holding against me - because the harder you look, the thinner it gets. 🔍 My team integrated Chainalysis's official OFAC sanctions screening directly into the Tornado Cash interface - a real-time compliance measure to block sanctioned addresses. The government's response to that? They called it "window dressing." Compliance, dismissed as decoration. 🙃 Then there are my own words, from my own chats, reacting to hackers getting traced: "I'm glad those fuckers are detected." That's the person they're branding a criminal conspirator. The story and the evidence don't match - because the story isn't true. 💔 And once you start looking, the pattern is everywhere. A court says the protocol is uncontrollable even by its creator - yet they want to jail me for "controlling" it. That's the kind of case this is. It gets worse. ⬇️ The indictment's most-quoted line - a dramatic "how do you go about laundering $600 million?" - was pitched as a co-founder's words. It wasn't. It was written by a CoinDesk reporter asking the team how mixers work. A forwarded message got mislabeled in the data extraction. A journalist's question became Exhibit A. 📰 Then the most damning of all: on the very day I was indicted, FinCEN officials privately told these SDNY prosecutors that non-custodial tools like this are NOT money services businesses. The prosecutors walked into court and argued the opposite. My defense didn't learn about it for ~21 months. ⚖️ Even the DOJ doesn't seem to believe its own theory. Weeks before insisting I'm guilty, the same DOJ told the Supreme Court - in its amicus brief in Cox Communications v. Sony Music — that "knowledge that a buyer plans to misuse a product with substantial legitimate uses, without more, does not support an inference of culpable intent." The exact opposite of what they argue against me. Same DOJ. Weeks apart. 🔁 storage.courtlistener.com/recap/gov.usco… So step back. If you only hear "crypto mixer," you might assume the worst. But this is not a shadowy contraption. It's mainstream, studied, respected technology. 🎓 Stanford teaches Tornado Cash — not as a cautionary tale, but as the textbook example of how cryptographic privacy works. It's a final-exam question in CS251, Dan Boneh's renowned cryptography course. 📚 cs251.stanford.edu/hw/final2021.p… cs251.stanford.edu/lectures/lectu… And Stanford's own exam notes something the prosecutors won't: Tornado Cash ships a built-in compliance tool, letting a user voluntarily prove which deposit was theirs to satisfy an exchange like Coinbase. Privacy and compliance, designed to coexist. 🔎 This isn't fringe, either. The Federal Reserve Bank of St. Louis published a primer on Tornado Cash for economists and policymakers - treating it as legitimate financial-privacy infrastructure, and describing that very same compliance tool. 🏦 stlouisfed.org/publications/r… ers So add it all up. Technology taught at Stanford. Analyzed by the Federal Reserve. Vindicated in a federal court of appeals. Built with real-time sanctions screening the government waved off as "window dressing." And the developer who helped build it - me, is facing prison. Tell me that sits right. 😞 This is why it reaches so far beyond me. If publishing neutral, open code makes you a criminal for whatever a stranger later does with it, every developer here is exposed. Every wallet team. Every protocol. Everyone who's ever pushed to a public repo. 🧨 Privacy is not a crime. Open source is not a conspiracy. Writing software is not the same as committing the acts of those who misuse it. The easiest principles in the world to defend - which is exactly why we can't afford to lose them here. 🛡️ Van Loon is the law catching up to the truth. Now I deserve the same justice the protocol already received. We're close. The arguments are strong. And with you behind me, we can finish this. 💪 So please — follow my co-founder in this fight @alex_pertsev, and share our stories. And if you're able, support my legal defense at 👉 freeromanstorm.com 💚 Every voice, every dollar, every repost tells a court — and tells me — that I don't stand alone. I'm Roman Storm. We started this together. Let's end it together. 🌪️ 🌪️⚖️🛡️ ——————————————— 🛡️⚖️🌪️

English
1
0
3
542
holly retweetledi
Bankless
Bankless@Bankless·
DNS hijacks are spiking in crypto. CoW Swap and eth (dot) limo were both hit. You visit a frontend, everything looks normal, you sign a transaction and funds go to an attacker's wallet. The defense isn't better detection. It's frontends that STRUCTURALLY can't be cracked. Two approaches already exist: > IPFS + ENS: Your frontend lives on a distributed file network instead of a server. Point your web3 domain (ENS) at that file. No DNS, no central server to compromise > Fully onchain (ERC-4804): The app itself lives inside smart contracts. The frontend is served directly from Ethereum Sadly though, regular browsers can't load either. That’s why we have web3 browsers like: > Freedom Browser: open-source browser that loads ENS domains and IPFS sites natively, the same way Chrome loads (dot) com addresses > EVM Browser: built around the web3:// protocol, loads apps served directly from smart contracts on Ethereum or any EVM chain The proof of concept is already live. @z0r0zzz built zSwap is a DEX frontend deployed ENTIRELY into Ethereum contract bytecode for under $5. Anyone can load it through EVM Browser. In other words: No servers, No DNS, Nothing to hack. Every DeFi project should ship a permanent onchain frontend as a fallback. Best security is just to go straight to the contract. The tools exist. Build toward it.
gwilym@wmpeaster

x.com/i/article/2047…

English
75
45
188
56.7K
holly retweetledi
Dune
Dune@Dune·
Following the KelpDAO hack, we built an open analysis of DVN security configurations across every active OApp on LayerZero over the last 90 days. Of ~2,665 unique OApp contracts: 47% run a 1-of-1 DVN security floor, 45% run 2-of-2, and ~5% run 3-of-3 or higher. As we know, KelpDAO's rsETH sat in the first bucket. Open query, public methodology, feedback welcome: dune.com/dune/layerzero…
English
76
201
982
385.5K
holly retweetledi
Suhail Kakar
Suhail Kakar@SuhailKakar·
the kelp rsETH post-mortem is wild lazarus (dprk) compromised two rpc nodes that layerzero dvn was relying on. swapped the op-geth binaries. wrote a custom payload that forged messages *only when the dvn queried* - every other IP, including monitoring, saw clean truthful data. then they DDoS'd the healthy RPCs to force failover onto the poisoned ones. drained $290M. self-destructed the malicious binaries to erase tracks. they targeted rsETH because kelp ran a 1-of-1 DVN config with layerzero as sole verifier
Suhail Kakar tweet media
LayerZero@LayerZero_Core

x.com/i/article/2046…

English
70
136
1K
184.5K
holly
holly@holdoesdev·
Real quote from #GStack to me today: "You said "what's in it for the user?" about your own product. Most founders can't ask that question about their own baby."
English
0
0
2
70
holly
holly@holdoesdev·
Tired of manually hunting AI skills across repos? I built skills-scraper: drop URLs in skills.txt and it recursively discovers, scans and installs SKILL.md files in one command. ➡️Faster setup, safer skill curation, zero boilerplate. npx skills-scraper get skills.txt github.com/atkinsonholly/…
English
0
0
1
106
holly retweetledi
Emily Rasowsky
Emily Rasowsky@ERasowsky·
come work with me & the comms coordination team.
Josh Stark (0xstark.eth)@0xstark

we're looking to expand the @ethereumfndn's comms coordination team with a new hire you'll work with a small team to support everything we do on socials today, help expand our capabilities in asia, and take on much more as we take on new challenges great role for someone junior but looking to learn fast and take on more responsibility more info 👇

English
12
6
122
10.1K
holly retweetledi
Jordi Baylina - baylina.eth
Fully agree. This is exactly what keeps me in this space. Ethereum is not about winning the finance game on finance’s own terms — that race makes no sense, and we would lose it anyway. The real game is resilience: permissionless access, censorship resistance, and the ability to keep working when institutions, platforms, or power structures fail. If we stay true to these values, we give humanity something far more important than efficiency: a tool for freedom, sovereignty, and equality between humans.
vitalik.eth@VitalikButerin

“Ethereum was not created to make finance efficient or apps convenient. It was created to set people free” This was an important - and controversial - line from the Trustless Manifesto ( trustlessness.eth.limo ), and it is worth revisiting it and better understanding what it means. “efficient” and “convenient” have the connotation of improving the average case, in situations where it’s already pretty good. Efficiency is about telling the world's best engineers to put their souls into reducing latency from 473 ms to 368ms, or increasing yields from 4.5% APY to 5.3% APY. Convenience is about people making one click instead of three, and reducing signup times from 1 min to 20 sec. These things can be good to do. But we must do them under the understanding that we will never be as good at this game as the Silicon Valley corporate players. And so the primary underlying game that Ethereum plays must be a different game. What is the game? Resilience. Resilience is the game where it’s not about 4.5% APY vs 5.3% APY - rather, it’s about minimizing the chance that you get -100% APY. Resilience is the game where if you become politically unpopular and get deplatformed, or if a the developers of your application go bankrupt or disappear, or if Cloudflare goes down, or if an internet cyberwar breaks out, your 2000ms latency continues to be 2000ms. Resilience is the game where anyone, anywhere in the world will be able to access the network and be a first-class participant. Resilience is sovereignty. Not sovereignty in the sense of lobbying to become a UN member state and shaking hands at Davos in two weeks, but sovereignty in the sense that people talk about "digital sovereignty" or "food sovereignty" - aggressively reducing your vulnerabilities to external dependencies that can be taken away from you on a whim. This is the sense in which the world computer can be sovereign, and in doing so make its users also sovereign. This baseline is what enables interdependence as equals, and not as vassals of corporate overlords thousands of kilometers away. This is the game that Ethereum is suited to win, and it delivers a type of value that, in our increasingly unstable world, a lot of people are going to need. The fundamental DNA of web2 consumer tech is not suited to resilience. The fundamental DNA of _finance_ often spends considerable effort on resilience, but it is a very partial form of resilience, good at solving for some types of risks but not others. Blockspace is abundant. Decentralized, permissionless and resilient blockspace is not. Ethereum must first and foremost be decentralized, permissionless and resilient block space - and then make that abundant.

English
43
37
373
18.7K
holly
holly@holdoesdev·
Today, many general-purpose ZK-VMs execute RISC-V instruction traces and generate ZK proofs of that execution. That makes RISC-V increasingly important in web3, even if it’s never directly exposed to EVM developers. I unpack how this all fits together in the article.
English
0
0
1
59
holly
holly@holdoesdev·
Quick clarification: EVM, RISC-V and WASM live at different layers of the stack. A lot of confusion comes from comparing them directly, despite serving very different architectural purposes.
English
1
0
2
63
holly
holly@holdoesdev·
RISC-V is not “the next EVM”. Here’s my web3 engineer’s guide to RISC-V: its role in today’s stack, the benefits, the tradeoffs and the common misconceptions 👇 holdoesdev.substack.com/p/from-evm-to-…
English
1
0
2
74