Yan | swan.com

@larcho Yeah - definitely spec driven. Haven’t played with that one tho. We do a lot of compound engineering

@skwp Spec driven development then, right? Have you seen OpenSpec from FissionAI?

To avoid human driven systems, Netflix built Chaos Monkey to randomly wreak havoc on their infrastructure to ensure it was fully self healing. Today, Claude is the Chaos Monkey and software developers must create self-healing SDLC pipelines that can account for it.

@larcho Meaning an AI driven pipeline that does the job that normally you’d have a bunch of humans doing. Architecture review, security review, QA, check for semantics, standards adherence, etc.

@skwp What’s SDLC in this context? Spec driven development, AI tooling or something else?

AI and Quantum are fundamentally the same type of problem: incredibly powerful engines that produce slop. The answer in both cases is multiple rounds of sophisticated error correction to harness the power.

Quantum Fear-Mongering and The Infinite Perils Trap Alex Thorn @intangiblecoins had a strong post on quantum and Bitcoin coming out of the Vegas discussions this week. I agree with most of it, and I think there’s a broader risk framework that explains why the emerging middle ground is the right one. The quantum debate keeps skipping the most important question. Not “is quantum a risk?” Of course it is. The question is what kind of risk it is. That distinction matters because of a fallacy that shows up in almost every tail-risk debate: The Infinite Perils Trap. If a risk sounds catastrophic enough, people start treating any non-zero probability as justification for emergency intervention. That sounds serious. It is often just sloppy. There are infinite potential perils. Quantum. AI. Asteroids. Engineered pandemics. State attacks. Supply chain attacks. Unknown unknowns. You cannot spend 50% of the attention budget on each one. At some point “prudence” becomes resource exhaustion. This is where Nassim Taleb’s systemic-risk filter is useful. The irony is that Taleb is often invoked to justify maximal precaution, but his framework also tells you when NOT to go all-in. The risks that justify extreme precaution are not merely the ones that sound scary. They are the ones that are connected and scalable. Connected means the threat spreads through the system. Scalable means a small failure can cascade into ruin for everyone. Pandemics qualify. Banking contagion qualifies. Highly levered financial systems qualify. A car crash does not. A restaurant failure does not. An airline bankruptcy usually does not. Different risk category, different response. Now apply that to quantum and Bitcoin. Quantum is not systemic. It is idiosyncratic. It fails on scalability. The attack surface is address-by-address. There is no magic “break Bitcoin” button. Cracking one exposed public key does not mechanically crack the next one. It does not trigger a cascade across the UTXO set. The attacker has to do the work for every address he wants to attack. Satoshi’s coins are the cleanest example. People talk about them as if they are one giant honeypot. They are not. They are spread across roughly 22,000 separate P2PK addresses, usually 50 BTC each. A long-range attack would have to go address by address. That is a very different risk profile from “one person can take Satoshi’s million coins.” Quantum also fails on connectivity. A successful crack of an old, long-cold address does not infect other addresses. It does not corrupt consensus. It does not rewrite the ledger. It does not change the 21 million cap. It does not cause other private keys to fall like dominos. The attacker gets access to specific vulnerable coins. That may be painful. It may be ugly. It may cause a violent repricing. But painful is not the same as systemic. This is also why the “giant honeypot” framing needs precision. The real concentrated targets are exchanges, ETFs, custodians, and other active entities. ETF holders themselves cannot rotate addresses, but the custodians controlling the actual coins can. Same with exchanges. Same with large active treasury holders. If the threat becomes real enough, those entities can move to post-quantum addresses. Satoshi’s coins are different because they are dormant. But even there, the risk is far more distributed than the panic narrative suggests. Roughly 22,000 addresses, not one vault. And this is where the fallacy matters. Once you misclassify an idiosyncratic risk as systemic, you start justifying interventions that create real systemic risk. Freeze Satoshi’s coins. Invalidate old addresses. Rush immature cryptography into consensus. Force a panic fork. Create gridlock around every other upgrade. Turn every theoretical threat into a political emergency. That is where the systemic risk actually lives. The intervention scales. The intervention connects. The intervention changes the property-rights model. Bitcoin can survive old coins moving. It cannot survive the normalization of “these coins make us nervous, therefore we can touch them.” That precedent would propagate everywhere. Lost coins. Dormant coins. Sanctioned coins. Coins from old hacks. Coins held by unpopular people. Coins held by political enemies. Coins that some future coalition decides are dangerous. That is connectivity. That is scalability. That is systemic. The cure becomes the contagion. This is why “don’t touch Satoshi’s coins” is not sentimental. It is the rigorous answer. Property rights are not downstream of convenience. They are the product. Bitcoin does not promise that every old cryptographic choice will remain optimal forever. It promises that valid coins remain valid coins, and that nobody gets to rewrite the rules because a future committee got scared. The market absorption point is secondary, but still important. Even in a nightmare scenario where very old coins moved, that is a market event, not a protocol death. Data from @Checkmatey and others shows Bitcoin absorbing 1M+ BTC of movement since October 2025 alone. A massive supply shock would hurt. It would not require us to violate property rights to survive. That is the point. None of this means “ignore quantum.” It means classify the threat properly. Working on post-quantum cryptography, testing schemes, compressing signatures, debating implementation paths, funding serious work, and having credible options on the shelf are all good things. The middle ground seems basically right: Do the work. Prepare contingencies to have on the shelf if needed. Do not rush the protocol. Do not touch Satoshi’s coins. Quantum is worth working on even if it remains a low-probability tail risk. But a low-probability tail risk is not a license to break Bitcoin’s deepest norms. That is the Infinite Perils Trap. If every scary non-zero risk becomes a protocol emergency, Bitcoin stops being conservative money and becomes a committee-managed anxiety machine. The right response is not complacency, it is proportionality. Quantum is a real research problem, but it is not a reason to freeze coins. Prepare seriously. Move slowly. Preserve the rules. Leave Satoshi’s coins alone.

We all know that government officials are bought and sold every day, but it's seldom been this much in the open and so openly disgusting. That to me signals that we are at a turning point of American society. Will we succumb to peak of empire nihilism or can we turn this ship around?

I will continue saying DeFi is incredibly unsafe right now. Get out of smart contracts immediately into bitcoin. Do not walk, run!

Why does it feel like everything is being hacked? LLMs are increasing the offense/defense asymmetry. Because they're probabilistic and non-deterministic machines. Every run finds a different subset of real bugs mixed with hallucinated ones. Attackers only need to find one exploit that works. Defensive LLM scans generate a new pile of maybe-bugs to triage in every run, and you can never be sure you got them all.

We've had lightning since 2023, but we never released it. Most Swan clients are buying in size, not spending. It comes with support burden with minimal utility for our clients. We're focusing on long term wealth clients. I would rather see people set up non custodial wallets than build yet another custodial lightning thing.

@LiamCristiano @TFTC21 @CorySwan @skwp, when is Swan integrating Lightning? Would be a clean break for a lot of disgruntled Strike customers looking for a new home.

Tether Investments just proposed a series of mergers that would combine Twenty-One Capital (XXI), Strike, and Elektron Energy into a single publicly traded entity. Strike, founded by Jack Mallers, brings a profitable Bitcoin financial services platform available in 100+ countries. Elektron, led by Raphael Zagury, operates roughly 50 EH/s of Bitcoin mining capacity, approximately 5% of the global network, with all-in production costs below $60,000 per bitcoin. Elektron has mined over 5,500 BTC and runs cash-flow positive. Tether intends to vote its XXI shares in favor of both mergers and is recommending Zagury serve as President alongside Mallers. If completed, the combined company would integrate Bitcoin treasury, mining, financial services, lending, and capital markets into one public platform. Tether is calling it the "premier listed Bitcoin company in the world." Transaction terms and timelines are still being worked out.

In the age of advanced exploits by LLMs, DeFi is *NOT SAFE* Stack Bitcoin, do not let your crypto sit inside smart contracts constructed from languages that are "Turing complete" like ETH and others. This was once a marketing point used by Vitalik to launch eth, but Bitcoin *wisely* chose a non-Turing complete language for its safety. Only Bitcoin is safe from this attack. Do your own research!

Stay safe out there. Stacking Bitcoin is the safest way to avoid getting ruined by insider trading, hacks, rugs, and other “DeFi” staples.

A company lost its entire production infrastructure to an AI agent doing an "oopsie" on their Railway setup. Here's a few tips to prevent that: 1. No prod credentials on dev machines. Production deployments run through CI only. Nothing on laptops that can touch prod, no matter what the agent does. 2. If you do have such access due to early stage development products, etc, use a biometric gate on infrastructure commands. If you have sensitive tools, ask the agent to wrap them in pre-tool-use hooks with TouchID. It's just a few lines of code. Every time Claude wants to terraform, you have to scan your fingerprint. Trust but bioverify. And never give the agent the keys.

@DSBatten Well done

At the end of 2023 I met the person who ran GreenpeaceUSA's campaign against Bitcoin. I expected it to be tense. But it wasn't. He told me he'd read almost all of my responses to the posts they'd made on Twitter. "I wish we'd engaged with you and people like you from the outset," he said. Two months later he left Greenpeace. A few months after that they ended the campaign entirely. It was the most well-funded, yet the worst result in their history. I keep coming back to that phrase. "People like you." Not me, but a whole group: Troy Cross, Margot Paez, Elliot David, Susie Violet Ward and many others. We were working independently, with no budget and no coordination. We just shared data and conviction. It is a great story of a decentralized response beating a multi-million dollar centralized campaign, by a combination of having the truth behind us, and expressing that truth in such a way that reasonable people could see. That recipe has two parts, and it's like giving a glass of water to someone dying of thirst. The first part is truth, there must be water in the glass. The second part is the container, how you hold and deliver that truth matters just as much. You can have perfect data and still lose people if the glass doesn't reach them, or if the energy behind it makes them flinch instead of drink. We won because the data was right AND because enough people delivered it with the kind of energy that made opponents think rather than react. And this recipe, we can use again and again throughout Bitcoin's adoption journey, and each time a Bitcoiner builds a new Bitcoin project that involves outreach to non-Bitcoiners.

This is DeFi

Bitcoin’s vastly superior proof of work difficulty ensures that individuals looking for security and longevity choose it over other crypto networks.

@Swan @ben_mckenzie @jonstewart @weeklyshowpod @LynAldenContact Hey @jonstewart you should have Lyn on your show. There is no second best

.@ben_mckenzie went on @jonstewart's @weeklyshowpod last week and made a series of claims about Bitcoin and crypto. @LynAldenContact responded to them in a video on the Swan YouTube channel. 🧵 Here's a thread with some clips of Lyn's takes...

Bitcoin chatter at the NYSE yesterday . And yes @jd_durkin really is my former college roommate 😂 @TakingStockLive @FINTECHTVglobal

👀