Slight86
118 posts

Slight86
@slight2277
Reddit community manager for Cardano and Midnight

It's time. The @Cardano PRIME proposal is now live on-chain for community vote. A 12-month AlphaGrowth-run program to strengthen Cardano DeFi: protocol readiness, responsible incentives, durable on-chain growth. This one belongs to the community. So let's talk about it - together.

Native UTXOs on Ethereum. Payments should be one-shot objects, not permanent state. Bitcoin got this right. Ethereum can bring the same idea to payments: prove existence from history, keep only a spent bit in state, and reduce permanent state by ~99.8%. Check out the blog post for details. ethresear.ch/t/native-utxos…










🚨SecondFi: more than $20M stolen, or taken hostage - When the nonce is predictable, the key is public. Last Tuesday, SecondFi wallets were drained at scale. Users were doing nothing exotic, just signing transactions like any other day. Then the funds were gone. ▶️What happened. Two waves. First, external attackers drained wallets: ~16M ADA plus NFTs, around $2.5M. Then a much larger move: ~129M ADA, around $20M, swept by SecondFi itself to a third party custodian, "to keep it safe." Users were robbed by attackers, and users were swept by the platform!! ▶️The bug. Every signature scheme in this family uses a per signature secret number, the nonce. The one rule: it must be secret and unpredictable. EdDSA (Ed25519, what Cardano uses) makes it deterministic on purpose, derived from the private key and the message together. Deterministic, but secret. The secret input is the whole point. SecondFi's implementation derived it from public data alone. The nonce stopped being secret. Public in, public out. ▶️Why it is fatal. Call it what it is: worse than nonce reuse. Reuse needs two signatures from the same key to recover it. Here the nonce can be recomputed by anyone from data already on chain, so a single signature is enough to reconstruct the private key. Every transaction a user ever signed is a public disclosure of their key. I pulled signatures off chain and rebuilt the keys to confirm. One signature, every time. The chain was not attacked. It was read. ▶️The "rescue." The second wave was the platform sweeping ~129M ADA to a custodian, framed as protection. The fix for "your keys are cryptographically exposed" was "trust us to give it back." A cryptographic failure patched with a social promise. "We will return the funds" is not "we are cryptographically incapable of keeping them." The incident did not create that gap. It made it visible. ▶️The ownership trap. Once a key is publicly reconstructible, holding it proves nothing. Attacker, custodian, original user: three parties, same cryptographic claim. So how does a real owner prove it? The elegant exit is a zero knowledge proof of knowledge of the 24 words, the seed, without revealing it. Knowledge of the mnemonic is the one thing a chain scraper does not have. Prove the preimage, not the key. ▶️ How did it get in? Honest mistake, or planted? Dropping a single secret input from the nonce is a tiny change. Exactly what a tired engineer ships, and exactly what a supply chain or insider attacker plants, because it is deniable and pays out silently to whoever reads the chain. I do not know which one this was. The commit history will tell. Cryptography does not care about good intentions. It enforces what you built. SecondFi built a scheme where the nonce was predictable, so the keys were public, so the funds were anyone's. The rest is just who read the chain first. Stay safe. -- (obv, Ledger users are not affected. Nonce and signatures are computed inside the secure element)





















