TakCryptoLab.eth

True value comes from authentic users, not wash activity. I’m not active everyday on @base and get the full score. I guess building something on Base is a must - check inside 👇

@KelpDAO 被黑 只有L2 的 $rsETH 代币失去价值，而主网没有? rsETH 是 的流动性再质押代币，在以太坊主网由质押 ETH 和再质押头寸 1:1 支撑。 为了让 rsETH 能在 Layer 2（如 Arbitrum、Unichain、Base）和其他链上使用，Kelp 采用了 LayerZero 的 OFT 标准。 标准跨链流程： 用户在以太坊主网锁定或销毁 rsETH，进入托管合约。 LayerZero 向目标链发送跨链消息。 目标链上铸造等量的 rsETH。 这样，L2 上的 rsETH 始终由主网托管的真实资产支撑，用户可随时跨回主网 1:1 兑换。 攻击事件 2026 年 4 月 18 日（约 17:35 UTC），攻击者利用 LayerZero 的 EndpointV2 合约漏洞 伪造跨链消息，假冒来自其他链的 Endpoint ID。 欺骗 Kelp 的 rsETH OFT 适配器，从主网托管合约直接释放 116,500 rsETH（约占总供应量 18%，价值约 2.92–2.94 亿美元）。 没有任何真实的锁定或销毁发生，这是一次未经授权的托管资产盗取。 主网托管合约缺口约 116,500 rsETH。 所有 L2 上的 rsETH 失去抵押支撑。它们仍然存在，但背后的储备已消失，1:1 兑换关系被打破。 持有 L2 rsETH 的用户无法再保证跨回主网时能获得完整价值。 为什么影响的是 L2，而不是主网？ 主网的 rsETH 直接由质押 ETH 支撑，仍然是真实存在的资产。 L2 的 rsETH 只是“凭证”，依赖主网托管合约的储备。 当托管合约被盗，L2 凭证失去支撑，但主网的原始 rsETH（由质押 ETH 支撑）仍然有效。 换句话说：主网是真金白银，L2 是收据。收据失效了，但金库里的部分真金还在。 攻击者立即将盗取的 rsETH 存入借贷协议： 受影响平台：Aave V3、Compound、Euler。 以 rsETH 抵押借出超过 2.36 亿美元的 WETH/ETH。 因为 rsETH 已经失去抵押，这些借款仓位无法被清算，形成巨额坏账。 Aave 单独就冻结市场并面临约 2 亿美元坏账。 漏洞原因 1. 单一验证者（核心弱点） 系统只依赖一个验证者检查跨链消息。就像金库只有一个守卫，一旦被骗，金库就失守。 2. 密钥泄露 攻击者可能窃取了合约密钥，伪造消息看起来合法。就像有人偷了守卫的徽章，轻松混入。 3. 消息校验不足 系统没有严格确认消息是否真的来自其他链。就像接受了一张伪造收据，却没核实它是否由金库开出。 响应 针对这次攻击导致的 L2 rsETH 失去抵押 与 借贷协议坏账，业内提出了几种潜在的解决方案： 1. Socialize the Loss（损失社会化）将坏账分摊到所有协议参与者或池子中，而不是让单一群体（如 USDC/USDT 出借人）独自承担。 类似于保险基金或风险准备金机制，大家共同承担损失，避免系统性崩溃。 2. 协议层补偿 / 保险基金由 KelpDAO 或相关方设立补偿基金，部分填补托管缺口。 借助 DAO 治理决定是否动用储备金或未来收益来弥补。 3. 债务重组 / Token 化坏账将坏账打包成新的债务代币（如 “bad debt token”），分发给受影响的出借人。 未来通过协议收入或治理代币回购逐步偿还。 4. 提高验证冗余（多签 / 多 DVN）技术层面上，避免单一验证者（1-of-1 DVN）的配置。 引入多签或多验证节点，确保跨链消息必须经过多方确认。 5. 临时冻结 + 有序恢复在调查期间冻结跨链与借贷功能，防止进一步扩散。 分阶段恢复，优先保障主网 rsETH 的正常兑换，再逐步恢复 L2 功能。

在 @KelpDAO 被攻击、rsETH 抵押体系失衡的背景下，如果 ETH 再下跌约 20%（至约 1,850 美元）， @aave 借贷市场可能迎来更严重的连锁反应： WETH 抵押借出 USDC/USDT，当 ETH 跌 20%，这些仓位的健康因子将跌破 1，理论上应被清算。 WETH 利用率已达 100%，流动性枯竭：清算人无法轻易执行清算，因为他们必须先买 WETH 来偿还债务，才能获得折扣抵押品。 清算机制卡死 → 坏账转嫁：无法被清算的坏账将直接由稳定币出借人（USDC/USDT 供应者）承担，形成系统性风险。 在 AAVE 与 KelpDAO 事件后，市场的抵押结构已极度脆弱。 一旦 ETH 再度暴跌，清算链条可能全面失效，USDT/USDC 池将首当其冲。

@LayerZero_Core 1) why the fuck was 1/1 dvn approved? 2) where the fuck is aave’s risk management team in allowing this high risk garbage to be used as collateral for $250M+ in ETH? jfc man. this industry is a fucking joke.

@MikeSilagadze @ether_fi Please use AI to re-audit your infrastructure

When we designed the cross chain system for @ether_fi we spent a lot of time to ensure the core asset doesn’t get rekt in case of L2 or bridge issues. Rate limits everywhere. Multiple DVNs. Hypernative active monitoring. Seeing these kinds of hacks really pisses me off.

DeFi lost ~2% of TVL to hacks every year since 2020 Yes, we need better opsec ASAP to bring this below 1% But there will always be hacks unfortunately... Meanwhile tradfi loses ~$580B a year to hacks DeFi won't die here

If ETH drops ~20%, there will be bad debt for USDC & USDT lenders because there’s no collateral to liquidate(100% utilisation on WETH)

今天第二大流动性质押协议出问题了。 我查了下，是跨链桥被黑客攻击。 我一身冷汗，不好的回忆又开始攻击我了。 21年我最大的一笔跨链操作，约3枚WBTC，十几万U吧。也是我最后一笔链上自己跨链。操作发生在当时的ETH和BSC桥之间，用的还是当时主流的跨链协议，没记错是Polygen？连续24小时没睡觉跟进官方群，第二天晚上才解决。 最搞笑的是，群里跟我一起追溯的人多达上百人，你没看错，大家都在高速路上跨链，最后你妈的桥居然跨了。官方紧急修桥，最后不知道是不是重新镜像了资产。才解决了这个问题。 总之给人一种非常草包的行为。你甚至会怀疑，难道区块链协议背后竟然是他吗的人在手动跨链？ 如今各种跨链桥层出不穷。但是自从那次后我被蛇咬了，再也不自己跨了。基本上都走Cex跨。Cex就是我最喜欢的跨链桥。哪怕是Arbutrum，我也宁愿在Cex等上个20分钟的桥接确认也不在链上自己跨了。 就他吗离谱！

Feels like pooled lending protocols would benefit from a rate limit on the supply of an asset being deposited for collateral Like, if the current supply is 100m and the supply cap is 300m, the supply should only be allowed to go to 110m in the next 10 minutes. Nobody needs to deposit all 200m in one shot This matters because if/when an exotic asset is hacked, the impact of the hack is constrained by the size of the exit paths for that asset. Especially when you consider that many hacks are infinite mint bugs… there the size of the exits literally determines the size of the hack. Lending protocols are often the largest exits (DEX liquidity is usually pretty small). Having a “smart cap” that is a bit above current supply, which can adjust over a few hours to the true cap, would make a huge difference. It would have saved rsETH depositors $200m today This also raises an interesting point: asset issuers should want this too. If you are an asset issuer who issues receipt tokens which have a redemption delay, then you actually aren’t worried about a hacker redeeming with you. But you need possible exits to be as small as possible while not impeding normal users. High supply caps need to be seen as a liability, rather than a sign of stature.

The fallout from the Kelp rsETH exploit is going to be messy and could potentially be quite a bit more severe than some people are making out right now. It seems rsETH on mainnet is technically still backed, but, there's no liquidity to sell rsETH, and with rsETH contracts paused, there’s currently no usable redemption path either. In the unlikely case they socialised the loss across all rsETH holders, it would be worth something like 81.25% (1 - $300m/$1.6b) of its original value. I don't think they will do that though. It would likely push a number of large positions on Aave towards undercollateralisation and risk creating bad debt. That alone would be enough to trigger a long and painful lawsuit. So realistically rsETH holders on L2s are likely going to swallow the loss. Who are they? Why did they have rsETH on L2s in the first place? Could be other DAOs or funds etc who've taken a huge hit. That alone could have consequences we won't know about for some time. Impacted individuals on L2s will likely consider their own legal action to force socialisation, potentially prolonging the delay before redemptions are opened. Either way, once redemptions are eventually opened, it's unlikely any lending protocols would re-allow collateralisation, so there will be need to be a massive unwind of huge volume of rsETH/ETH looping trades. All those looping trades are currently massively negative ROE. Aave ETH utilisation is currently at 100% with ETH borrow rate at 8.71%. Since staked ETH yield is around 2.5%, the ROE for any LST or LRT borrow or looped borrow is anywhere between -6.21% and around -90%, depending how degen people are. So we could see an unwind of lots of LST loops aside from just rsETH/ETH ones. The normal path to unwind a loop is to swap collateral and repay, but this is unlikely to be possible for such a large amount of unwinds at once, and certainly won't be feasible for rsETH unless someone puts up significant liquidity for it. When the swap and repay path fails, you normally have to withdraw as much collateral as you can, manually redeem, repay some debt, withdraw more collateral, and so on. Here's the kicker. If rsETH is no longer collateral and no longer has borrowing power, this makes it much more difficult for people to manually unwind as well. If people get stuck for longer periods paying huge negative ROE for too long, and there’s no liquidity to liquidate them, their equity gets eroded. Once debt exceeds recoverable collateral value, bad debt appears, and can keep worsening as interest accrues and the position remains unresolved.

Pump and dump activity for $RAVE originated on @bitget @binance @Gate Call to action for both @heyibinance @GracyBitget to do better and launch internal investigation offboarding the responsible actors. Offering up to $10K bounty of my personal funds for whistleblowers to come forward privately to share evidence about parties involved We cannot allow this blatant market manipulation by insiders controlling >90% RAVE support to further extract from retail investors.

能看到defi下一个炒作议题就是DBS了，Dividend-Backed Stablecoin，现在就是链上项目开始屯微策略的STRC，然后把股息拆出来分给稳定币的用户。 微策略屯crypto的BTC，crypto屯微策略的STRC，每个年代都有自己的左脚踩右脚。 这个赛道目前龙一还不清晰，但这个股息收益在1-2年内应该是能够持续的， 如果与其相关的稳定币项目成长起来，这个结构就更加稳定，走出类似早期ethena的增长曲线是完全有可能的。

JUST IN: $760,000,000 worth of oil shorts were reportedly placed 20 minutes before President Trump announced the Strait of Hormuz was open.

@unusual_whales who would’ve guessed

Arc Hackathon Spotlight: Blink Blink is a hackathon demo of per-second laptop coverage on Arc. Join @samconnerone and @danielxabraham live on April 20 at 11:00 AM ET for a walkthrough of their build: → Device-state pricing → Real-time micro-premiums → Circle Nanopayments → The architecture behind flexible, onchain insurance RSVP: community.arc.network/home/events/ar…

本来还打算买Claude Max的，结果把GitHub Copilot一拉进来对比……我沉默了😱 1️⃣Claude最近太离谱了，动不动就不够用； 2️⃣发现Copilot Pro：$10/月就能解锁： 🔹Claude Opus 4.6（3x倍率 ≈100次） 🔹Claude Sonnet 4.6（1x倍率 300次） 🔹无限IDE自动补全（每次Send一条prompt就算1次） 3️⃣最牛的是Copilot Agent模式：重构整个项目只消耗1次用量； 4️⃣性价比直接把独立Codex + Claude Pro干爆！ 5️⃣最重要的是完全不封号，而且随便订！ 强烈推荐给所有重度coding的朋友，省钱又高效🚀 👉官方文档：docs.github.com/en/copilot/get… #Copilot #ClaudeCode #GitHub

Checked my @MetaMask wallet, $2,500+ gone a few hours ago😖 No recent connections, no interaction with unknown dApps. Funds were drained and moved across multiple wallets. This was money I’d been putting aside for a rainy day, didn’t expect to lose it overnight. Currently tracking the transactions to see where it ends up. If anyone has dealt with something like this, lmk what actually helped. Be careful out there, please🙏

We headed to Cannes for ETHGlobal Pragma and the ETHGlobal Cannes Hackathon with 15,000 USDC in prizes for teams with the best builds on Arc. Across four tracks, 68 teams shipped apps and primitives exploring advanced stablecoin logic, chain-abstracted USDC flows, nanopayments, prediction markets, and the agentic economy. We were blown away by the creativity, ambition, and quality of the builds submitted. The Arc team spent the week supporting founders and developers building toward real economic activity onchain. Here’s what the winning teams built: 🏆 Best Smart Contracts on Arc with Advanced Stablecoin Logic Onda: A Chrome extension that detects what music you're listening to, looks up the artist, and automatically sends them $0.01 USDC micropayments on Arc. Submission Showcase: ethglobal.com/showcase/onda-… PayMate: A programmable credit pool where payment providers instantly borrow USDC while investors earn returns, with four AI agents paying each other for services using Circle Nanopayments. Submission Showcase: ethglobal.com/showcase/payma… 🏆 Best Chain-Abstracted USDC Apps Using Arc as a Liquidity Hub NanoCrawl: Solves web monetization for the AI era by giving agents wallets to pay publishers per page with sub-cent USDC on Arc, using disposable wallets for privacy and multi-chain withdrawals. Submission Showcase: ethglobal.com/showcase/nanoc… ETHastic: A resilient mesh payment system where transactions move device-to-device over long-range radio and settle on-chain once connectivity is reached, enabling commerce even off-grid. Submission Showcase: ethglobal.com/showcase/ethas… 🏆 Best Agentic Economy with Nanopayments VEIL VPN: A pay-as-you-go VPN using secure hardware to cryptographically prove no logging, with agents paying per use via Circle Nanopayments on Arc. Submission Showcase: ethglobal.com/showcase/veil-… C.E.S.T.A Agent: A voice-first AI where friends pool USDC on Arc and Claude manages road trips through voice,bridging on-chain USDC to virtual credit cards for traditional merchants. Submission Showcase: ethglobal.com/showcase/c-e-s… 🏆 Best Prediction Markets Built on Arc with Real-World Signal Predict It!: A prediction market where users stake USDC on pre-recorded penalty kicks before watching the video, with smart contracts on Arc settling payouts—anchoring markets to real sports footage instead of news speculation. Submission Showcase: ethglobal.com/showcase/predi… PolyPOP: A social-native prediction market where users post predictions on X, tag PolyPOP, and the protocol creates instant markets Submission Showcase: ethglobal.com/showcase/polyp… Thanks to all the teams that took part and congratulations to the winners! The Arc builder ecosystem keeps growing.

Arc Builder Spotlight: VibeCard On April 15 at 1 PM ET, Pete Budlong breaks down how VibeCard handles multi-recipient USDC payouts on Arc Testnet. From Circle Wallets SDK integration to custom x402-based split logic and Arc-native USDC transfers, this is a practical walkthrough of building real payment flows on Arc for a content creator rewards platform. Join us live: community.arc.network/public/events/…