@0xQuit It's not possible that he didn't consider where the additional interest owned will come from, right?
I do think 13% on a maxed out pool is low but 50%, damn
English
Jesse Fudson (🤦♂️,🤷♂️)
5.4K posts
Jesse Fudson (🤦♂️,🤷♂️)
@jessefudson
Critical clown stuck in exit liquidity hell 🔥 @rekt_gang class of 2022 👨🏫 sold $HYPE at 3.99 🐱
1337 Rektingham, Rug Island Katılım Ekim 2020
317 Takip Edilen866 Takipçiler
@0xQuit the arbitrum council recovering $71M from lazarus was the right call.
the question that actually matters: what's the line next time, and who defines it before the incident, not after.
x.com/0xyanshu/statu…
0xyanshu (d/acc)@0xyanshu
The @arbitrum Security Council freezing 30,766 ETH was almost certainly the right call. Rugging Lazarus out of $71M is a real outcome against a real adversary. But the mechanism deserves a closer look than the discourse is giving it. From what it looks like and as per @stonecoldpat0, this wasn't just "a multisig froze an address." The Council: – upgraded the ethereum inbox contract with a new function allowing cross-chain message insertion with sender impersonation – injected an `ArbitrumUnsignedTxType` on arbitrum (a privileged ArbOS system tx that bypasses private keys entirely) to move the attacker's 30,765 ETH into a protocol-controlled recovery sink – reverted the inbox contract back to its original implementation – all atomically, in a single ethereum transaction That's not a freeze. That's a state-level clawback executed via live contract upgrade, privileged state-override, and contract revert, atomically. Technically elegant, practically enormous. The capability was always documented. It has now been demonstrated in production. For the first time. Two things are true at once: 1) this was the right call on a clear case. Identified DPRK attacker, law enforcement input, 9/12 independent council vote, ~$71M of user funds saved. 2) arbitrum is, verifiably, a chain where the Council can upgrade core contracts, override any address's balance, and revert the upgrade in one transaction. Every production L2 has some version of this capability. None is at Stage 2. Also, - the "DeFi just rugged DPRK" framing is rhetorically satisfying but quietly redefines DeFi to mean "a governed stack that intervenes in our favor." - the "this is MultisigFi not DeFi" framing is taxonomically honest but cold on a day when the intervention worked. Both are refusing the honest middle. More importantly, the forward question, which @dankrad and @sgoldfed are the only ones asking clearly — is what the line looks like next time. This case was easy. The next one won't be. Protocols don't have frameworks; they have emergency powers applied case-by-case and justified after the fact. That is a habit, not a system. Meanwhile the structural problem isn't fixed. As per lots of data (credits @0xCheeezzyyyy) , 47.1% of LayerZero oApps — 1,251 apps across 588 projects — still run 1/1 DVN configs. Same setup as Kelp. The Council cleaned up one incident; it can't refactor the default configuration of half the cross-chain stack. And the Ethereum-side ~75,700 ETH is still with the attacker. Arbitrum saved the Arbitrum leg; Aave is still facing ~$230M of potential bad debt on mainnet. The freeze didn't break a promise. It revealed a promise most of the stack had already quietly stopped keeping and restoring it is a longer project than any council vote can substitute for.
English
The $250M hole just closed to $174M.
This is one case where I can forgive the obvious point of centralization.
Arbitrum@arbitrum
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.
English
@0xQuit This whole "code is law" was a good catchphrase but people take it too literally
I always thought of it as "programmed human wellbeing" - and since code can have flaws, we need failsafes until we fix all of them
Code has an external purpose, it's not self-referential
English
@arbitrum Waiting for someone to fork Arbitrum Classic to give back DPRK what they rightfully stole
English
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications.
After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users.
As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.
English
@tnuttin1 This guy is just another sacrificial goat getting force-fed attention, no?
youtube.com/watch?v=Fv5NI5…
YouTube
English
Nobody has ever been such an enigmatic mix of CIA plant, billionaire towel boy and Brave New World coded
KickChamp👑@Kick_Champ
Clavicular’s club Bacara reportedly generated $1.3M in its opening week, making it one of the highest-earning clubs in Miami 👀
English
@UpdatingOnRome It's a line of "when you go out, do you eat the same thing as at home or do you want something different?"
English
@Cryptchamo Fixed supply was a mistake because, clearly, people don't understand it
English
Yes, $HYPE will never sustainably break $80 without a proper airdrop.
Why?
42% of the total supply is still locked for "future emissions".
Right now, only ~29% is in circulation. Serious long-term investors won’t put serious money into a token this illiquid.
It’s like betting on a seed becoming a perfect flower without ever watering it.
To unlock $HYPE’s full potential, we need at least 70-80% circulating supply. Without it, the upside remains heavily capped by dilution risk and low liquidity.
A meaningful second airdrop isn’t a nice-to-have, it’s a necessity.
What do you think?
English
@F0rkedNft I can count on one fucking hand the products in this space that actually enforce fully managed, dedicated devices with EDR for all folks with critical access and keys.
You’re literally silly if you think otherwise.
English
I beg everyone in crypto to read this in full.
I expected this to be another case of social engineering, likely some recruiter/job offer shit.
I was very wrong.
And the depth of the operation and personas makes me think they already have multiple other teams on lock.
😳
Drift@DriftProtocol
English
@zacodil It's pretty clear to me that the 3-letter symbol was the problem, it's the UST curse
English
compromised key, sloppy infra, or inside job? Drop your take below x.com/zacodil/status…
Vadim (AI, ⋈)@zacodil
Everyone's first thought about the Resolv exploit: inside job. Here's what I found for and against. FOR: 1) USR's TVL dropped from ~$400M to ~$100M in the 6 weeks before the hack. 75% capital flight with no explanation. Someone was exiting before the bomb went off. 2) The SERVICE_ROLE key - only the team's infrastructure had access. The circle of suspects is very small. 3) Attack at 2:21 AM UTC on a Sunday. Minimum monitoring, maximum cashout window. The attacker minted 50M USR, waited 80 minutes, minted another 30M. Protocol wasn't paused between the two. No alerts, no response for over an hour. 4) No guardrails were ever added despite $100M+ in the protocol. No multisig, no rate limit, no max ratio. Negligence or intent? 5) Industry stats: 55% of DeFi exploits in 2024 were compromised accounts. Insider attacks - third biggest vector. AGAINST: 1) Team is fully doxxed. Public LinkedIn profiles, VC due diligence done. 2) $10M seed from Coinbase Ventures, Maven11, Arrington Capital, Robot Ventures. Not an anon project. 3) Fireblocks used for custody - professional key management. 4) ~$23M is not "disappear forever" money when your name and face are public. What's your read - compromised key, sloppy infra, or inside job? Drop your take below.
English
The Resolv USR exploit wasn't a bug - it was a feature working exactly as designed. And that's the problem.
How USR minting works: you deposit USDC, then an off-chain service with a privileged key decides how much USR to mint for you. The contract checks the minimum but has no maximum. No cap. No ratio to collateral. Whatever the key holder says - gets minted. You could deposit $1 and mint billions.
This design was live since day one. It wasn't a code bug. The threat model was simply: "the key won't leak."
It did.
Attacker got the key. Deposited $200K across two txs, minted 80M unbacked USR. Dumped on DEXes, walked away with ~$23M in ETH.
Single point of failure: one private key, no on-chain sanity checks. No max mint ratio, no multisig, no timelock. One compromised key = unlimited money printer.
The contract worked perfectly. That's the scariest part.
Resolv Labs@ResolvLabs
We are currently investigating a security incident involving unauthorized minting of USR. At this stage: The collateral pool remains fully intact. No underlying assets have been lost. The issue appears isolated to USR issuance mechanics. Our immediate priority is to: 1) Contain the incident 2) Assess impact 3) Ensure legitimate users are not affected We are actively investigating and will share more updates shortly.
English
@cz_binance Luckily, there are only two types of transactions in every block I've checked:
- cancelOrder
- noOp
Hope this helps
English
I don't know how to read this. It scrolls too fast. 😆
asterdex.com/en/explorer
English
@WILL504HN In all honesty, ust holds better this cycle than some of my other investments
English
Whenever there's a big market dump like yesterday, I always think "at least no stablecoin depegged to zero" and it instantly makes me feel better
English
@tnuttin1 But doesn't that mean they have hands-on experience?
English
X will replace the water gun emoji with a real pistol and use a sharp knife emoji because freedom of speech
But then it will limit your post's visibility if you use them
Amazing work, carry on
English
@illaDaProducer @rasmr_eth We really need to shut down Solana and all the KOLs it birthed with it
English
@rasmr_eth Bro if everyone had actually just bought and held bitcoin from the bear market lows, then majority of people would have crushed it in the bull. Instead they got rekt chasing the “next big life changing trade”.
English
I think I like it here again
Hyperliquid launching prediction markets soon™️
CZ writing articles on X asking people to stop withdrawing money from Binance (5b poof 💨 )
Vitalik one-shotting L2s 🔫
What a week, and it's barely Tuesday
English
@rektober the real airdrop is the thousands of tickers per minute pumpfun gave us
English
this is crazy, pumpfun deleted the tweet with the "Airdrop Coming Soon" sentence where they promised an aidrop right at the $PUMP launch
they have 0 shame
they extracted billions, then extracted billions farming the launch of $PUMP, then they rugged the community airdrop... 😤
English
