Vaultstone Advisory

152 posts

Vaultstone Advisory banner
Vaultstone Advisory

Vaultstone Advisory

@vaultstone

Vaultstone Advisory is a private investment management and advisory firm.

US Katılım Haziran 2025
29 Takip Edilen53 Takipçiler
James Lau
James Lau@bitcoincashCN·
@banteg Do you know how long it will take for on-chain open trading to be available? How do you view the future of Rune after this crisis?
English
2
0
0
194
banteg
banteg@banteg·
if you use tss-lib, it's probably worth checking the upstream
banteg tweet media
English
2
2
73
7.6K
Vaultstone Advisory retweetledi
JP
JP@jpthor·
DKLS working on a 7-node thorchain chainnet Is 2-3x faster Will test up to 30 nodes and beyond. Keygen, keysign
JP tweet media
English
16
17
205
9.9K
Vaultstone Advisory retweetledi
Chad Barraford
Chad Barraford@CBarraford·
This protocol was the first legit DEX that worked with real Bitcoin (and other isolated coins) and advanced what was even possible with AMMs. No matter what happens it has played an important role in crypto history and helped birth the DeFi movement.
English
1
8
83
2.5K
Vaultstone Advisory retweetledi
Chad Barraford
Chad Barraford@CBarraford·
The team and the community continues to push the envelop in the best interest of the industry as a whole, preserving liberty and expanding what is even possible (ie $XMR), while doing it on a shoe string budget.
English
3
3
69
2.3K
Vaultstone Advisory retweetledi
JP
JP@jpthor·
The exact leakage path has not been demonstrated yet, but it's clear it was a GG20 bug of the same form as a Paillier-modulus attack: a malicious participant can publish a malformed Paillier modulus during keygen, then use later signing/MtA rounds to extract honest parties’ ECDSA shares. It's likely the latest GG20 patches protects against this, but my recommendation is for thorchain to migrate to DKLS with @silencelabs_sl maintaining the lib.
banteg@banteg

thorchain gg20/tss attack path i reproduced the suspected gg20 leakage mechanics against the tss-lib version they used. it accepts malformed paillier material, exposes a type 5 / type 7 oracle shape, and the go-tss wrapper misses some important checks. banteg.xyz/posts/thorchai…

English
9
10
128
22.4K
Vaultstone Advisory retweetledi
Chad Barraford
Chad Barraford@CBarraford·
Its wild to me how divisive @THORChain seems to be. This protocol solved a "holy grail" problem the industry desperately needed to be solved and achieved "the impossible". Any coiner should be in appreciation for achieving something that we all use & take for granted today
English
22
55
304
8.1K
Vaultstone Advisory
Vaultstone Advisory@vaultstone·
Thank you for your comment. Yes it seems counterintuitive. However, to use the same logic as Chipotle's 2015 E. coli crisis or Toyota's 2009 recall: public company, public scrutiny, public fix .... both came out with stronger operations and higher valuations. The ones that bury problems are the ones that blow up. FTX had zero public incidents until it had one.
English
0
0
0
28
Vaultstone Advisory
Vaultstone Advisory@vaultstone·
Exploited. Audited. Challenged. Open-sourced. Repeat. That's not a failure loop — it's how protocols get forged. THORChain wears its scars in public. That's the point. #THORChain #DeFi #OpenSource
English
1
2
38
549
Vaultstone Advisory
Vaultstone Advisory@vaultstone·
Domino's 2009: CEO went on camera and said the pizza was cardboard. Stock under $10. They rebuilt the recipe in public. Cleared $500. THORChain just got exploited. Nodes paused the network within hours. Damage contained. Now they rebuild — in public. Same playbook. #THORChain
English
0
0
1
26
Vaultstone Advisory
Vaultstone Advisory@vaultstone·
Great explanation!
Vadim (AI, ⋈)@zacodil

Thorchain didn't lose $10.7M to a smart contract bug or a stolen key. The bug was in the cryptography itself - and Thorchain probably isn't the only chain running on it. A single attacker bonded RUNE and joined the validator set days before the incident, looking like any legitimate operator. From inside, they exploited what investigators currently believe was a flaw in GG20, the threshold signature library Thorchain uses to co-sign transactions. Each signing session leaked a fragment of private key material to the attacker's node. After enough sessions, they had collected enough leaked data to mathematically reconstruct the vault's full private key. Then they signed unauthorized outbound transactions as the vault. The smart contracts behaved correctly. No validator infrastructure was breached. Funds left through normal channels because the signatures were mathematically valid - just produced by an attacker who had silently rebuilt the key. Here's why this matters beyond Thorchain. GG20 was published in 2020 (Gennaro-Goldfeder). The Alpha-Rays attack (Verichains, 2023) and TSSHOCK at BlackHat 2023 documented practical weaknesses in tss-lib and related implementations. Some teams patched. Many didn't bother. Based on shared library lineage, protocols that should audit their TSS right now include Mayachain (direct THORChain fork), Sygma cross-chain bridge, Keep Network's tBTC v1, and any service still running on bnb-chain/tss-lib or ZenGo-X/multi-party-ecdsa. Major custody and MPC services that already migrated to newer threshold schemes (CGGMP21, DKLs): Fireblocks, Coinbase Custody, Taurus, Silence Laboratories. The industry has been quietly moving away from GG20 for two years. Thorchain just gave everyone still on it a reason to move faster.

English
0
0
1
41
Vaultstone Advisory
Vaultstone Advisory@vaultstone·
THORChain was exploited for $10M across four chains yesterday. Multi-vault architecture limited the blast — 80% unaffected. Node operators triggered global pause within hours. User funds untouched. Resilient infrastructure doesn't mean unbreakable. It means contained. #THOR...
Vaultstone Advisory tweet media
English
0
0
14
266
Vaultstone Advisory retweetledi
JP
JP@jpthor·
booked with @WithTheCoke tomorrow around this time. we going live baby, no funny bizness, you will see the real network with real funds in real time. I hope to see the loudest critics there please. Bring your questions. LFG!!!! $XMR + $RUNE
JP@jpthor

I'm going to livestream the working $XMR on the chainnet Will demo full chain deploy, keygen, churning, add liquidity, swaps, refunds, gas accounting, consolidation, migrations and more. Suggest best way to do this please

English
12
32
160
4.7K
Vaultstone Advisory retweetledi
Rayyyk
Rayyyk@raynalytics·
3/ @THORChain transaction count climbed for the 4th straight month. 793K swaps were processed in April, more than double December's 356K. Four consecutive months of MoM gains.
Rayyyk tweet media
English
1
1
12
279
Vaultstone Advisory retweetledi
Rayyyk
Rayyyk@raynalytics·
.@THORChain April 2026 monthly recap. $1.6B swap volume (+93% MoM) $1.8M liquidity fees (+103%) 793.3K transactions (4 month streak) 36.2K active wallets (2nd straight gain) $629K in top affiliate fees (+67%) V3.17 shipped. $RUNE Reserve restructured. Thread 🧵👇
Rayyyk tweet media
English
1
24
112
6.6K
Vaultstone Advisory
Vaultstone Advisory@vaultstone·
CME targets June 1 for Bitcoin volatility futures — pending CFTC approval. The vol index has existed since 2024. What's new: regulated futures to trade pure BTC vol without legging options. #Bitcoin #CME #BTC
English
0
0
0
53

Keşfet

@bitcoincashCN @banteg @jpthor @silencelabs_sl @THORChain @WithTheCoke @elonmusk @BarackObama