Patrick Murck

This isn’t hard: If you’re telling the truth you’re lying If you’re lying your patriotic Everyone is accountable for all transgressions large or small Except that, If you’re in power you’re accountable to no one and everyone is accountable for you

🚨The latest version of Bitcoin Knots now enables BIP-110 by default.🚨 Anyone who runs BIP-110 code will find their node stops working and gets forked off the network in August. As such, I've created a handy countdown timer for us to watch the disaster! jlopp.github.io/knotzi-death-m…

Ten years ago, Coin Center proposed a simple, nonpartisan idea: if you build non-custodial crypto tools, you should not need a license. That idea became the BRCA. After delays, the Senate is now very close. Get BRCA and CLARITY to the floor, then to the President’s desk.

I believe self custody of assets with private keys is legitimately one of the most powerful tools for sovereignty we have ever devised but the industry has completely bastardized this term to the point of uselessness. The original notion (in my mind at least) of self custody was having a string of letters and numbers or 12 words that unlock your assets. “Self-custody” when interacting with smart contracts and defi has become virtually meaningless at this point, encumbering coins with layers and layers of risks and dependencies, incredibly misleading A lot of this narrative was ostensibly for regulatory reasons: “we don’t take custody of your assets, you deposit them in this pool or contract with self-executing code” but that’s so obviously not true at this point it’s an insult to our lived experience. Or, if it is “true” in the literal sense that the code technically always does what it is allowed to do, the “self-custody” component is very far down the list of what is actually important with these systems, a red herring really. Clearly Drift depositors didn’t (don’t) have “self-custody” of their funds. And the common retort is “well Drift doesn’t really either.” ok but North Korea does now. At this point I liken self-custody in the context of defi to saying that you are the only one with the keys to the front door of a bank vault but there’s another door on the other side of the vault that criminals (or regulators, who knows) can enter with impunity and take your assets. Is it really that relevant that you’re the only one with a key to the front door? The reason this is jading is because truly securing your wealth with private keys if you choose is a 0 to 1 unlock for some people (maybe the only real 0 to 1 unlock in this space) but that was conflated with all of these systems that have multisigs, upgrade keys, oracle dependencies, layers upon layers, turtles all the way down, often times with very obvious single points of failure. What is the value of self custody when a multisig can reorg your assets out of existence? The whole thing is very disillusioning

@virtuallylaw joins the "Building Trust for Institutional Adoption of Stablecoins" panel at @MerkleScience Meet Miami on Monday, May 4. Alongside operators from @zerohashx , @CoinbaxHQ, and @okx to talk payments, regulation, and institutional adoption Registration link in the comments.

What the actual fuck is even happening to our industry. Satoshi is probably rolling in his grave. Thorchain is doing everything right, and all these web3 toddlers are upset because they clearly don't even understand the first thing about crypto, and just think this is a space to make quick unregulated buck. Web3 is not just about making money, it's about a core philosophy and belief that in the digital era, TRUE ownership should be possible. That's it. Full stop. It started as something sorta cyberpunk, but as our world as evolved into the online one it is today, this is now something i believe everyone should have access too. But no one seems to appreciate what risks that freedom comes with. By all means, do keep your money in a bank, or invested in stocks, if you enjoy the projection that bring you. But do not expect it in web3. You should not be here because "it's like stocks, but with more potential upside" or you WILL get burned 99/100 times. But for me, the mere concept that anyone in this space would ever expect any funds to be frozen, or help to rendered in general, in the case of a scam or exploit is still absolutely mind boggling to me. It's nice when it happens; it can build trust and save projects. But it inherently should not be expected in this space, it's a built-in, omnipotent risk that everyone should account for at all times. It's just that it's a risk we take because we value the benefits of web3 even more. ------- So, about the recent KelpDAO and LayerZero exploit. You know who's "at fault" for the recent KelpDAO exploit? 1. KelpDAO for failing to enhance their LZ setup, and even further, to completely rely on a third party tool like LZ without deeply, intimately understanding it; the least i'd expect for a project handling 100s of millions of dollars.* 2. LayerZero for allowing so many teams to use their setup in the 1:1 config, and to be honest, for having the exploit in that 1:1 DVN config at all.* 3. And finally, in a weird but very real way, as rough as it sounds. It's on everyone that put money into KelpDAO, trusting a less than 5 year old protocol with hundreds of millions of dollars, without inspecting the code themselves.** This is web3, and there are inherent risks that people should understand. Hackers wouldn't have the incentive they do for these thefts if people weren't so willing to ape their funds into every new "opportunity" that emerges with limited due diligence, or if teams put more into security then they do chasing TVL. *No, i am genuinely not trying to bash either team here, we're going to see a lot more exploits like this soon from teams far more seasoned than them, (and not just in web3, i.e. mythos style threats.) Im just saying that objectively, some blame obviously lies there. **No, im not saying i inspect the source code of every dApp i put money into. Not at all. But what i am saying is that i put money in there fully understanding that i didn't inspect it, that it's not FDIC insured or similar, and that any loss incurred is on me. Again, this is the true wild west of the internet and of finance, it's not your easy ticket to a lambo. ------- MEANWHILE There sits Thorchain, following the core philosophy and ethos of web3, just providing the service it promised, no questions asked, full stop. And yet, it's somehow getting hate for it? In the attached image, one commenter says "you see stolen funds getting laundered on your platform and you do nothing." And it truly makes me wonder if he's just like "professor" Jiang that wants to know where the bitcoin servers are. Just because there's a @THORChain twitter account that someone owns, does NOT mean that anyone "owns" ThorCHAIN the blockchain. It's no one persons platform. If you don't think it should be a completely open DeFi exchange with no restrictions, then go buy a fuck load of $RUNE and start talking to some validators, and make it that way through governance. But since that won't be happening, id instead urge you and everyone like these two in the image to take a step back and reconsider what you're actually even asking for here. Even if you did control Thorchain, do you think it would continue to exist if you turned it into a centralized, censorable version of it's current self? Absolutely not, because then it's little different from a CEX. Decentralization is not all upside, and if you were every told that, im sorry you were mislead. It's far from the greatest thing since sliced bread. Decentralization has MASSIVE drawbacks compared to centralized systems in many ways; but we value it for the specific ways in which it provides a better alternative. Hating on Thorchain for operating as designed is just absurd. If not from everything i've listed here, then just for that simple fact. ------ Bottom line, Thorchain was built to do exactly this; let anyone in the world swap any amount of crypto between wallets and chains whenever they want. If you don't like that fact, that's perfectly fine, i certainly wouldn't ever judge you for it, but, it probably means you need to reevaluate if you should even be involved in crypto at all.

🚨 I don't think people realize how bad things are at @aave right now. All core markets are at 100% utilization, that includes $3 bil in USDT and $2 bil in USDC stuck! That means you CAN'T WITHDRAW your money! A long post on why and how we ended up here. When the rsETH exploit happened and AAVE incurred bad debt, whales like Justin Sun, MEXC exchange, and others immediately withdrew billions from AAVE. This instantly drained all available liquidity in key core markets like ETH, USDT, USDC and so on. Those first to withdraw got out, laggers got trapped. Initially, the ETH market hit 100% utilization, meaning you could not withdraw your ETH from AAVE. Worse, this also means the protocol can't process ETH liquidations should ETH price fall/crash. If you can't sell any ETH, you can't liquidate to cover debt obligations. That means the risk of more bad debt incurred by AAVE is increasing the longer its markets remain stuck. Nevertheless, users can still sell at a minor loss the aETHwETH tokens on Uniswap or similar aggregators. That exit door is the last one remaining for ETH depositors on AAVE. The same cannot be said by depositors of USDT and USDC. They are stuck. That's because AAVE lost over $6 billion in liquidity in the past 24h. As whales took out their money, USDT and USDC also hit 100% utilization. These markets are now also stuck with money locked. Panic is spreading and desperate times call for desperate measures. Some users decided to borrow against USDT/USDC and exit via other markets at a 10-25% loss (90-75% LTV). Basically you borrow GHO/DAI/USDe against your locked USDT/C. But as more liquidity leaves AAVE, more markets get to 100% utilization and get locked/stuck due to low liquidity. This is quickly cascading across all available markets. Luckily the crypto market was rather flat today so liquidation risks were marginal, but if things change there are billions in stablecoins and other assets locked on AAVE that can't process liquidations = more bad debt for AAVE. If users or related protocols that are stuck need access to their money to prevent liquidations or other critical function, they have a huge problem on their hands. Plus, nobody wants to deposit (or provide liquidity) in these markets now since your ETH, BTC, USDC/T could be stuck there for who know how long. As soon as any available liquidity is made available, it is instantly taken out by bots fighting to get out. As I wrote this I saw 250k in liquidity on USDC vanish in seconds. Then there is the bad debt question. There's over $200 mil in bad debt incurred by AAVE via rsETH that's like a hot potato. Nobody knows who will eventually pay this bill. If you didn't remove your assets from AAVE, you risk receiving at least part of that bill in some form. Not having access to your money is part of that risk too. Contagion is also extremely high. Many protocols and apps rely on AAVE for their earn mechanics. These protocols and their users are stuck too and may be forced to incur bad debt with no fault of their own. October 10th was a CEX driven crash, this is a DeFi risk mitigation failure of epic proportions. AAVE should have never onboarded rsETH as a collateral asset, at least not to the size of hundreds of millions that allowed the hacker to walk away (i.e. borrow) over $200M in ETH after posting fake collateral. Rumors on X are saying rsETH was onboarded by AAVE due to a conflict of interest (lobbying) by a given service provider. If true, this is a major failure of its governance structure (nothing new). The folks at @KelpDAO who manage rsETH also have a tough decision to make on who will actually pay for the $200M exploit. AAVE users? L2 rsETH users? Everyone affected gets a haircut to account for the loss? The AAVE team and its founder, Stani, have been quiet for over 20h since the exploit after initially announcing the rsETH market freeze. They have a pretty big problem on their hands since the whole protocol is at risk right now. Trust is already lost as AAVE is bleeding billions in TVL to the level of hitting 100% utilization on all core markets. Maybe some key actors in the space will step in to provide liquidity to stabilize the markets on AAVE before this gets even worse. I got lucky to get out of AAVE early when I first saw this. I also removed all assets from DeFi and will not touch any protocol in the next few weeks. Too much risk for a few percentage points in yield. If you found this informative, like, share, and follow @duonine

We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin: vercel.com/kb/bulletin/ve…

Kraken Security Update We are currently being extorted by a criminal group threatening to release videos of our internal systems with client data shown if we do not comply with their demands. It’s important to start with the most important points: our systems were never breached; funds were never at risk; we will not pay these criminals; we will not ever negotiate with bad actors. Kraken identified and shut down two instances of inappropriate access to limited client support data. In February 2025, we received a tip from a trusted source regarding a video shared on a criminal forum that appeared to show access to our client support systems. We immediately launched an investigation and quickly identified the individual involved as a member of our support team. Their access was revoked immediately, a full investigation was conducted, additional security controls were put in place and a limited number of affected clients were notified. Since then, we have been collaborating with industry partners and law enforcement to investigate and disrupt insider recruitment efforts targeting not only crypto companies, but also gaming and telecommunications organizations. More recently, we received another tip, along with a new video showing similar activity. We quickly identified the individual involved and terminated their access. As before, we acted immediately to revoke access, conduct a full investigation, and notify the small number of affected clients. Across both incidents, only a very small number of client accounts were potentially viewed - approximately 2,000 in total (0.02% of clients). Shortly after access was terminated, we began receiving extortion demands. The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply. We will not pay these criminals. Based on intelligence gathered across both incidents, along with extensive ongoing analysis, we believe there is sufficient evidence to support the identification and arrest of those responsible. We are actively working with federal law enforcement across multiple jurisdictions to pursue all individuals involved and bring them to justice. Due to the ongoing investigation, we cannot share additional details at this time. However, anyone with relevant information is encouraged to contact us directly. The security of our clients is our highest priority, and we remain fully committed to combating the growing global threat of insider recruitment and constantly enhancing our security practices to combat new threats. Note: If you are a client potentially affected by this, you've already been notified.

I am a Web3 Ambassador at World Liberty Financial. There are 12 of us on the team page. 4 are named Trump. 3 are named Witkoff. The page calls us "the passionate minds shaping the future of finance." 600,000 wallets bought our memecoin. They lost $3.87 billion. The family collected $350 million in trading fees. It launched 3 days before the inauguration. 80% of the supply went to CIC Digital LLC and Fight Fight Fight LLC. I did not choose the names. I designed the allocation, the vesting, the timing, and the distance between the product and the President. The distance is my best work. I am the reason these events are unrelated. World Liberty Financial sends 75 cents of every dollar to DT Marks DEFI LLC. That is the family entity. Zero capital contributed. Zero liability assumed. I wrote this into the Gold Paper. Page 14. The lawyers bound it in white leather. The binding cost more than the due diligence. Justin Sun invested $75 million. He was facing SEC fraud charges. The SEC dropped the case. He is now our advisor. These events are unrelated. Changpeng Zhao pleaded guilty to federal money laundering violations. He received a presidential pardon. The SEC dropped its lawsuit against his exchange the same week we listed our stablecoin. Then the exchange settled a $2 billion deal entirely in that stablecoin. These events are unrelated. Arthur Hayes, Benjamin Delo, and Samuel Reed of BitMEX pleaded guilty to Bank Secrecy Act violations. All 3 received presidential pardons. Then the company itself was pardoned. $100 million in fines. Gone. An American first. These events are unrelated. Sheikh Tahnoun of Abu Dhabi paid $500 million for a 49% stake that was never publicly disclosed. Then the administration approved semiconductor exports to his companies over national security objections. These events are unrelated. Everything is unrelated. I track the unrelatedness on a dashboard I built. The dashboard has 7 columns now. I am proud of the dashboard. On May 22nd, 220 people paid a combined $148 million to eat dinner with the America First president. Over half were foreign nationals. Justin Sun paid $18.5 million for the first seat. He visited the Executive Office Building the day before. I designed the seating chart. I put it on the Investor Confidence page. That page is doing well. The team page lists 3 Witkoffs. All 3 are Co-Founders. Steven Witkoff is the President's Middle East envoy. He testified as a character witness at the President's fraud trial. His son Zach runs the crypto operation. His son Alex is also a Co-Founder. I have not been told what Alex co-founded. The father runs the diplomacy. The sons run the platform. The family runs both. That is organizational efficiency. Barron is 19. His title is Web3 Ambassador. The same as mine. Donald Jr. called the conflicts of interest "complete nonsense." Eric launched a Bitcoin mining company called American Bitcoin. America First. The mining partner is Hut 8. Hut 8 was founded in Canada. America First means the name. On March 6th, the President signed Executive Order 14233 creating a Strategic Bitcoin Reserve. The order directs the government to hold Bitcoin. The President's family holds billions in Bitcoin. The executive order appreciates the President's assets by presidential decree. I did not write the executive order. I made sure it looked unrelated to the portfolio. Trump Media put $2 billion of Bitcoin on its balance sheet. The ticker symbol is DJT. His initials. The press secretary said it is absurd to insinuate the President profits off the presidency. Forbes calculated his crypto holdings exceed the combined value of Mar-a-Lago and Trump Tower. I would call that absurd too. That is my job. 600,000 wallets bought in. 1 of them asked why she could not withdraw her funds. I told her the protocol was experiencing dynamic market conditions. She asked what that meant. I sent her the Gold Paper. She said she had read the Gold Paper. I muted her channel. Dynamic means the conditions change. The condition that changed was her access. A congressman called us the world's most corrupt crypto startup operation. We put it on a coffee mug. Ironic merchandise. $45. The revenue split on the mug is also 75/25. My own tokens vest on a different schedule. I wrote that schedule. That is not in the Gold Paper. The memecoin funds the family. The family funds the platform. The platform funds the stablecoin. The stablecoin funds the deals. The deals require the pardons. The pardons free the partners. The partners fund the platform. The President signs the executive orders. The executive orders inflate the assets. The assets fund the family. I am the reason these events are unrelated.

THIS IS HUGE. Bitcoin is Quantum-Safe TODAY. Even if a quantum computer appeared, one that breaks the conventional Bitcion signatures, it shows a practical way to create safe Bitcoin transactions. WITH NO CHANGE TO BITCOIN PROTOCOL!!!

I'd like to register that I'm not especially worried about the direct impact of frontier AI models' new ability to find deep security vulnerabilities. This is largely because this is not a game of endless escalation about attack and defense. At some point, the code simply has no bugs left, and cranking up the model's capabilities doesn't surface any. We'll end up at an equilibrium where there are simply no security issues left to find. A few caveats: 1/ The transition matters... obviously, if only North Korea had access to such models, this would be pretty bad, but that's not the situation we're in. 2/ There's a whole category of attacks that use physical phenomena, like rowhammer and some side channel attacks. These will become the most pernicious ones. 3/The rise in capabilities of AI is worrisome in general because of the consequences for xrisk, but the near-term consequence of a quick arms race in finding 0 days not so much, we're going to quickly saturate the level needed to find all the bugs (and formally verify all software).

Fresh and excellent Scott Aaronson post on how not to think or talk about Quantum Computing. He always manages to say things that in, retrospect, I wish I had considered scottaaronson.blog/?p=9668

"The fact is that Trump deserves to be impeached and convicted for his behavior in his second term. The misconduct of Trump, in terms of his corruption and his associates, is unparalleled in our history. His abuses of power leave Nixon in the dust." open.substack.com/pub/thebulwark…

One guess who he voted for..

This is Pastor David Demenge 33 from Dominion Church in Little falls,Minnesota & he’s a Trump Supporter who was arrested for the SA of a child after the victim came forward saying he started abusing her at age 7 years old. He had a porn addiction. These people need to locked up.

I remember a time when you could say "the only good pedophile is a dead pedophile" without a Republican reporting you to the FBI for threatening the president of the United States.

I JUST WANT TO POINT OUT THAT THE MADURO REGIME IS STILL IN CHARGE OF VENEZUELA... THE IRGC REGIME IS STILL IN CHARGE OF IRAN... AND THE EPSTEIN REGIME IS STILL IN CHARGE OF AMERICA 🤷

The truth is we’ve always held Donald Trump to a pathetically low standard - the lowest standard any politician has ever been held to. Trump gets away with behavior no other politician would ever get away with. He’s treated like a child who doesn’t know any better. Shameful.

It really is wild to have lived through four years of reporters staking out grocery store parking lots and never shutting the fuck up about the price of eggs go radio silent on gas prices going up like 40% in six weeks directly b/c Trump attacked Iran.