Pluto 🚢

I found this thread to be pretty interesting. Because at the time we evaluated TSS Shock and other similar disclosures, a 3rd-party cryptographer we spoke to assured us it would take 1000s of keygen attempts to pop a private key. We also determined that many failed keygen attempts would arouse suspicion. It’s almost like this thread was an attempt to legitimize their node’s “issues” (where really each failed keygen was an attempt to extract the key) or otherwise gaslight devs into thinking it was a network issue.

Interestingly, his (or her?) node wasn’t active, so the private patch source code wasn’t shared. We did find the pushiness interesting, but nothing that perhaps a paranoid novice node wouldn’t request. In retrospect tho, it’s clear there was eagerness to know whether the private patch exactly mooted their planned attack vector.

The latest TC release 3.18 was done as a private binary (something we had done before when patching crits). There was a long-standing practice that if a node requested, by signing a message with their validator key, devs would send them the validator-key encrypted diff of the security patch. That’s exactly what the malicious node did in this case. It’s possible even that the private release spooked them into speeding up their timeline for the attack. I find this class of attack very interesting. Networks need to be designed maximally defensive, even against their own validators. In this case, a malicious validator can still get the source code for patches and exploit them before the code goes out. I wonder if this puts an end to that practice. It all exists on a spectrum of decentralization. I actually don’t disagree with @jpthor that closed source TSS might be the move from here. Anyone who is saying that’s “the end of the experiment” is either a crypto-anarchistic maxi that lost the plot or an NK hacker astro-turfing protocols into not making sound trade-offs between security and decentralization.

In total, DKLS seems very promising, and seems to have worked out for @vultisig so far. That said, the comparative leap to move THORChain from GG20 tss-lib v1.0 to v3.0 is relatively lean. Just give keygen messages a version flag so that current vaults can continue signing using legacy keyshares, then cutover and deprecate the TC fork once a new keygen is successful. THEN move to DKLS later. IMO that's the safest path to getting TC back up and running ASAP, safely.

Second, the DKLS implementation that supports ECDSA has had a few dozen commits by 2 authors, with the last release dated July 2025. By contrast, Binance's tss-lib implementation that TC inherits from has commits date from last month, with far more contributors and commits. github.com/silence-labora…

Ok, I'm going to go ahead and say it. Silence Labs' DKLS implementation, and Vultisig's go wrapper of it, is not ready for primetime use on @THORChain.

It’s been brought to my attention that the NEAR mpc setup was open-sourced in late 2025. When I initially evaluated the protocol it was not. It’s still effectively a multi-sig, like Wormhole. My main point is that NEAR’s play was all about price execution at the expense of decentralization, nothing to do with risk management IMO. Pool-based designs are going away for other reasons.

@zacodil All the inventory held by MM on NEAR Intents are in a closed source multi-sig. Really poor taste to use exploits to champion your own less-secure, less-decentralized product. Also, your AI slop summary of the root cause is patently false (it’s not attention logic-related).

Thorchain exploited for $10.7M+ across BTC, ETH, BSC, and Base today. Trading paused via Mimir flags. Looking at the on-chain flow on Ethereum, the funds came out of the THORChain Router contract through a staging address that Etherscan explicitly tags "Funded By THORChain: THORChain Router v4.1.1." But the Router was the legitimate egress here, not the bug surface. Judging by the simultaneous drain across four chains - one bug propagating into every integrated chain at once - and the Mimir-flag pause (governance halt, not key rotation), the vulnerability looks one layer deeper. Somewhere in the observation/attestation layer that tells THORChain whether an inbound deposit actually happened. Forge that and you get credited with a phantom deposit, then withdraw normally through the Router. This is the structural pattern of LP-based cross-chain DEXes. Every chain it supports requires a public liquidity pool that grows as TVL accumulates. The bigger the pool, the bigger the target. Same pattern that lost Ronin $625M, Wormhole $325M, Multichain $130M. Modern cross-chain protocols use solvers instead of pools - the user states an outcome, solvers compete with their own capital, no pooled honeypot to drain. NEAR Intents, Across, 1inch Fusion, CowSwap are all built on this model. Whether Thorchain recovers from this or not, the architectural lesson is permanent: cross-chain DEXes that share liquidity in pools are structurally a target. The capital quietly moving from LP-based to intent-based cross-chain isn't a narrative trade. It's risk management.

All crypto conferences should be held in Miami.

@alexfacelesslbs Alright well you’re being dramatic. Conference vibe was A5 wagyu lit my guy. Better luck next time and choose better events.

I don't say this lightly, but I'm ready to leave Consensus and frankly I have been since yesterday. Usually conferences energize me - I live for these things. I am SO excited to see all my friends, to meet new ones, to have those "oh my God you HAVE to meet XYZ"... I'm here at my 5th consecutive Consensus and I don't feel like I belong here. This doesn't feel like the home it has been for me for the last 5 years. I genuinely don't know if I'll be back next year. This isn't about the entrance of tradfi companies or more web2 stuff it's that all the "crypto" is gone. Solana Accelerate was incredible - so much fun - I should have just come for that is my honest feeling. I know I sound dramatic but I feel like...depressed about the vibe shift at Consensus. I don't know. It feels bad and I'm not handling it super well.

@BooneW @THORChain It’s on the website

@pluto_hbr @THORChain Stock in what?

I am pleased to announce a tender offer to acquire @THORChain. 1/2 cash 1/2 stock. Offer expires EOD.

The ADR process was probably my favorite contribution I made to the THORChain protocol. Formalized governance processes benefit all.

Sat down with @pluto_hbr for @OnTheBrinkCIV to talk KelpDAO, deep security in DeFi, Aave, LayerZero, Thorchain, Harbor, and where DeFi goes from here castleisland.vc/pluto-harbor-o…

@iotov92 Just to set the record straight: TC is very much alive and well. To think that myself or any others could destroy it sells it short. I never traded or shorted RUNE. And I was publicly against the schemes / features that you're probably referring to.

@pluto_hbr You are terrible people. You destroyed a protocol, made money through manipulation, tried to kill it, and then created the same product to compete with it using the same counterparties. You are pathetic.

Proud of the team. Long road ahead. We’re confident in our design and ready to scale. 🤝

The prevalence of leverage trading in crypto is a byproduct of how hard it is to buy and sell spot native assets for the average user. Don’t believe me? Search “Bitcoin” in @phantom wallet. The only options are Long & Short (“Trade BTC Perp”). This isn’t self-custodial, self-sovereign crypto. It’s paper Bitcoin. And it’s allowed various firms to profit at retail’s expense for too long now. End perp reliance. Stop holding wrapped, bridged equivalents. Improve native trading capabilities in wallets. Buy and hold spot. Don’t let the sharks take your Bitcoin. We’re building @Harbor_DEX for the next chapter.

@hosseeb Really well said. Blunt, positive. Your perspective cuts through the hysteria of this week and shows why leadership matters a lot in this space.

I woke up today still thinking about Kyle leaving Multicoin. Kyle and I are very different--that's obvious to anyone who knows us. But among crypto VCs, deep down, he was the most like me. He was a dark horse. He built an online following and a platform he had no business having. He turned Multicoin into a franchise out of sheer force of will. He made mistakes in public, and even when no one had his back, he dusted himself off and carried on. He was always convinced he had the right to win, and refused to be bullied or to give up. Kyle is the apotheosis of what made this industry great. He went west in search of adventure, and adventure found him. Over the years, we believed crypto might replace sovereign money, become the currency of the metaverse, replace electoral systems, replace luxury brands, that all physical infrastructure would run on blockchain, that AIs themselves would become blockchain's primary consumers. He made so many batshit crazy stupid investments and believed in them all. I'm still not convinced those things won't happen. But we saw it all, and we dreamt it all together. It's 10 years later now. We've gotten older. Everything took longer than we thought. But in a deeper sense, the crazy bet we made on this space all those years ago, through all the ups and downs, was proven right. Kyle moving on is, for me, incredibly melancholic. Because more than anyone, he represents a changing of the guard. Kyle was wild, contrarian, and almost believed he could make things true just by out-arguing his detractors. His leaving is the truest sign that we as an industry are growing up. The true end of the wild west. The pioneers are never the same as the settlers who follow them. It's a law of human nature. The west still exists. But it's no longer just territory--there are cities there now, with city councils and zoning laws. I am still so bullish crypto. I know it's weird to say with markets roiling. But there's not much patience anymore for dreams that are 10 years away. The dreamer chapter is over. The builder chapter is replacing it. And this is neither good nor bad--it just is. Kyle leaving Multicoin is not the end of crypto VC. It's not even the beginning of the end. But it is the end of the beginning.

@familiarcow Nice work!

Published my first iOS app today: Green Streak. Hopefully the first of many I wanted to build better habits and break some others, so I made this. I always loved GitHub’s beautiful contribution graph, it makes you want to keep going every day to fill it up. So I’ve been doing both 😅 If you want to try changing yourself this year, try it out and let me know what you think! On the App Store here: apps.apple.com/us/app/green-s…

@fincontrarian @Shft_Ctrl **$73k. Since we were both in the multi-year journey scaling TC, I hope you’ll at least give us the benefit of the doubt that Rome wasn’t built in a day.

@Shft_Ctrl What squeeze you mean with total volume of 40k exactly sir?