Lawton Riskman

🚀 Web3Law Intelligence Compliance intelligence platform for Web3. → Original analysis on regulation, enforcement, sanctions → Emergency tools: job offer DD & asset freeze response → Curated network of Web3-fluent lawyers For humans 🧑 → web3law.tech For agents 🤖 → web3law.tech/SKILL.md (coming soon)

@isareksopuro amazing project. i forked it and built a stablecoin version — same structure but tracking reserve audits, issuer licenses, and which politicians are pushing the bills stablecoin-policy.vercel.app GH：github.com/web3yaso/stabl… same energy, different asset class

i made a map to monitor data centers all around the world tracks construction + nearby power plants + local AI legislation, and follows the politicians behind their bans (+ if they're getting paid to do so!)

Web3 安全正在进入「社会工程 2.0」时代 @AWNetworks BlueNoroff 的新型攻击链： →用 AI 生成虚假 Zoom 会议邀请 → 诱导目标「修复音频问题」 → 在终端执行 PowerShell → 无文件驻留，全程无恶意附件 攻击不再是骗你点链接，而是骗你开会 + 操作系统。 回看这个演变： ⏲️过去 → 钓鱼邮件：骗你点链接、下附件 🖥️现在 → AI 会议 + AI 身份伪造：骗你"正常操作" 🤖未来 → AI agent 对 agent：你的链上签名代理被另一个 AI 社工 最危险的攻击，是让你觉得自己没被攻击。

Arctic Wolf has identified a targeted intrusion against a North American Web3/cryptocurrency company, which we attribute with a high confidence level to BlueNoroff, a financially motivated subgroup of DPRK’s Lazarus Group. Learn more: ow.ly/s1XF50YRbLT

@Bitrace_team 汇旺之后，谁接管了地下金融？ 副标题：新币的崛起、垄断与下一次轮回——Bitrace 报告七图解读

There Must Always Be A 「Huione Guarantee」 After the complete collapse of Tudou Guarantee, Xinbi Guarantee has officially taken over the entire crypto illicit transaction guarantee market. In March, Xinbi Guarantee collected a total of 997m USDT in deposits, indicating that black and gray industry practitioners have fully shifted to this entity.

@a16z Timeline-native news + autonomous agents = the market moves before most humans even finish reading. What happens when it's not just humans tuning in, but AI agents monitoring MTS to trigger autonomous decisions?

We’re very excited to invest in MTS, a media company launching today. MTS aims to be the best place in the world to make sense of what’s happening right now. It’s what you get when you take the Current Thing to its logical conclusion. Stream starts today. Tune in.

@iampaulgrewal 预测市场的CFTC注册身份使其法律地位明确。但州级诉讼与联邦监管的冲突如何协调？ 这将直接影响Coinbase等交易所的合规策略。值得关注。

About the NY lawsuit news - prediction markets are federally regulated national exchanges, registered with the CFTC. This issue is proceeding in New York federal court as we speak. Coinbase will continue to fight for the federal oversight of these markets that Congress intended.

Great breakdown. From a legal-first principles view: The key question isn't "can they do this" — it's "who authorizes the authorizer?" The type 101 transaction bypass is technically impressive, but: • Legal basis for chain-level seizure? • $170M still on Ethereum proves partial fix • This will be a reference case for DAO governance

Claude explains the $71M @arbitrum clawback: What this transaction is Tx: 0x5618...0f6b on Arbitrum, block 454686044, April 21, 2026 03:35 UTC From: 0x5d39...7Ccc — labeled on Arbiscan as “Kelp DAO Exploiter 1” To: 0x0000000000000000000000000000000000000DA0 — a special system/recovery sink (not the normal 0x...dEaD burn address) Value: 30,765.667 ETH (~$71M) — effectively the entire Arbitrum-side balance of the attacker’s hub wallet Tx type: ArbitrumUnsignedTxType (EIP-2718 type 0x65 / 101) The “type 101” is the key. That is not a user-signed transaction — a normal EOA physically cannot produce one. ArbitrumUnsignedTxType is an ArbOS system transaction that only the chain itself (via the sequencer / ArbOS upgrade path controlled by the Arbitrum Security Council) can inject. It bypasses the attacker’s private key entirely. The remediation (this tx): Arbitrum’s Security Council used its emergency powers to inject an ArbitrumUnsignedTxType that forcibly moved the attacker’s full 30,765 ETH from the hub address into a protocol-controlled recovery sink (0x...0DA0). Why it’s “extraordinary” Arbitrum did not perform a reorg or historical rewrite — the chain’s ordering is intact. Instead, the Security Council used a privileged state-override transaction type that is part of ArbOS but has essentially never been used before. It is functionally a state-level clawback: the attacker’s private key still signs txs, but that address’s ETH was moved by the chain itself. This is the mechanism Arbitrum’s progressive-decentralization docs reserve for “catastrophic” emergencies (12-of-N Security Council action), and this is one of the clearest public demonstrations of it being invoked. Note that it only recovered the Arbitrum leg of the theft — the ~75,700 ETH on Ethereum is outside Arbitrum’s control and remains with the attacker, which is why Aave is still facing up to ~$230M of potential bad debt on the Ethereum side. Sources: Arbiscan tx: arbiscan.io/tx/0x561804424… Arbitrum Docs — ArbOS / Sequencer forced inclusion: docs.arbitrum.io/run-arbitrum-n… Arbitrum Foundation — progressive decentralization & Security Council: docs.arbitrum.foundation/state-of-progr…

@EmberCN @UmbraCash 从法律追踪角度看，$1.75亿的链外资产如何定性是关键问题。黑客先用 Umbra 混淆链路，执法机构需要证明"知道或有理由知道"这些是犯罪所得才能启动冻卡。这给合规跨境追缴带来巨大挑战。

Arbitrum 链把 KelpDAO 黑客在 Arbitrum 上的 ETH 给弄走，应该是惊到他了。 他开始把 Ethereum 链上的 75,700 枚 ETH ($1.75 亿) 进行洗钱转移了。目前已经有多笔小额 ETH 通过隐私支付协议 @UmbraCash 转移。 黑客地址： intel.arkm.com/explorer/addre… 通过 Umbra 转移： intel.arkm.com/explorer/addre… ---------------------------------------------------- #Bitget VIP 费率更低，福利更狠！买美股秒级入场

“The knowledge lives in the scar tissue, not the words.” @buffalu__ @segfaultdoctor & the entire @jito_labs @jito_sol crew = glass chewing champions

Every AI agent deserves a crypto wallet. In fact, there will be more AI agents transacting online than humans very soon. x402 is the internet payments layer (which has been missing for the last 30 years), and will enable this. The new x402 foundation will exist under the Linux Foundation, with @Coinbase, @Cloudflare and @Stripe as key contributors. Once all agents start transacting natively on the internet at scale, entirely new product and business opportunities will open up.

@Dune 47% of OApps running 1-of-1 DVN means nearly half of cross-chain value relies on a single point of trust. that's not decentralization, that's concentration risk with no disclosure requirement.

Following the KelpDAO hack, we built an open analysis of DVN security configurations across every active OApp on LayerZero over the last 90 days. Of ~2,665 unique OApp contracts: 47% run a 1-of-1 DVN security floor, 45% run 2-of-2, and ~5% run 3-of-3 or higher. As we know, KelpDAO's rsETH sat in the first bucket. Open query, public methodology, feedback welcome: dune.com/dune/layerzero…

@JianzhiJin @bitget @joinrepublic 这个结构在美国证券法里有个名字：转售限制规避。 Republic 作为注册经纪商把自己保护得很好——合规风险全部转移给了 Bitget。一旦 SEC 认定这是向散户分销未注册证券，Republic 不在射程内，Bitget才是被告。

看到Bitget @bitget 最近在卖spaceX的pre-IPO份额，宣传的时候一直拉上 @joinrepublic ，给产品做合规背书。 但是有趣的是，Republic的X没有一条与bitget就此合作的宣发推文。不是Republic不想，是不能。 Republic本质上是一家在美国金融业监管局注册的经纪商（broker），只不过和币圈走得很近，做很多创新RWA业务。 但是作为一家美国的注册经纪商，Republic只能向合格投资者售卖未上市公司股份。Bitget肯定是合格投资者，但Bitget的用户显然无法全部满足。 Bitget是自己作为合格投资者向Republic买了相应的股份，然后再分销给散户。在这个环节里面，是bitget而不是Republic承担了向散户售卖美国非上市公司份额的合规风险。 长久以来，普通散户是很难买到优质资产pre-IPO份额的。有信息差的原因，也有合规监管的原因。也就币圈，即使兜里只有1000U，也可以买目光所及之处最好的太空公司了。1000U成为spaceX的早期投资人，还是蛮兴奋的事情哦。 当然，币圈的用户可以走到这一步，确实要感谢愿意承担合规监管不确定风险的很多人和很多公司，比如本次的Bitget。当然如果spaceX破发，那就撤回·····

@LayerZero_Core Single DVN is not DVN.

@danielvf The trust is completely asymmetric: users bear all the risk, operators control all the keys. That's not decentralization.

The lesson from this weekend is: 1. Do not build a system like this 2. If you have built a system like this, fix it 3. If you depend on someone who depends on something like this, be scared, don't trust as much.

TLDR: Kelp/LayerZero exploit exposed DVN single-point-of-failure risk. Blockdaemon paused proactively — no funds lost. The real legal question: when a DVN failure causes cross-chain losses, who's liable? Operator? Protocol? No framework exists yet. This incident makes that gap impossible to ignore.

In light of the Kelp / LayerZero incident over the weekend, we have taken the Animoca-Blockdaemon DVN offline as a precaution while we complete a thorough internal review of our LayerZero operation. We are not aware of any exploitation, and no customer funds have been at risk. Our DVN operates on a different architectural footing to the setup that was exploited in the Kelp incident: it queries multiple independent RPC providers per chain. We paused rather than continuing to operate during the review because we believe the right posture for security-critical infrastructure, in a moment of heightened industry risk, is to verify first and operate second. The DVN will return to service once the review is complete and we are satisfied with the posture. Further updates will follow.

When protocol governance decisions benefit insiders over users, that's not just a liquidity problem — it's a fiduciary duty question. Traditional finance has clear rules on this. DeFi doesn't yet. But regulators are watching how Aave handles this. This exact scenario is what the SEC points to when arguing DeFi needs oversight.

🚨 I don't think people realize how bad things are at @aave right now. All core markets are at 100% utilization, that includes $3 bil in USDT and $2 bil in USDC stuck! That means you CAN'T WITHDRAW your money! A long post on why and how we ended up here. When the rsETH exploit happened and AAVE incurred bad debt, whales like Justin Sun, MEXC exchange, and others immediately withdrew billions from AAVE. This instantly drained all available liquidity in key core markets like ETH, USDT, USDC and so on. Those first to withdraw got out, laggers got trapped. Initially, the ETH market hit 100% utilization, meaning you could not withdraw your ETH from AAVE. Worse, this also means the protocol can't process ETH liquidations should ETH price fall/crash. If you can't sell any ETH, you can't liquidate to cover debt obligations. That means the risk of more bad debt incurred by AAVE is increasing the longer its markets remain stuck. Nevertheless, users can still sell at a minor loss the aETHwETH tokens on Uniswap or similar aggregators. That exit door is the last one remaining for ETH depositors on AAVE. The same cannot be said by depositors of USDT and USDC. They are stuck. That's because AAVE lost over $6 billion in liquidity in the past 24h. As whales took out their money, USDT and USDC also hit 100% utilization. These markets are now also stuck with money locked. Panic is spreading and desperate times call for desperate measures. Some users decided to borrow against USDT/USDC and exit via other markets at a 10-25% loss (90-75% LTV). Basically you borrow GHO/DAI/USDe against your locked USDT/C. But as more liquidity leaves AAVE, more markets get to 100% utilization and get locked/stuck due to low liquidity. This is quickly cascading across all available markets. Luckily the crypto market was rather flat today so liquidation risks were marginal, but if things change there are billions in stablecoins and other assets locked on AAVE that can't process liquidations = more bad debt for AAVE. If users or related protocols that are stuck need access to their money to prevent liquidations or other critical function, they have a huge problem on their hands. Plus, nobody wants to deposit (or provide liquidity) in these markets now since your ETH, BTC, USDC/T could be stuck there for who know how long. As soon as any available liquidity is made available, it is instantly taken out by bots fighting to get out. As I wrote this I saw 250k in liquidity on USDC vanish in seconds. Then there is the bad debt question. There's over $200 mil in bad debt incurred by AAVE via rsETH that's like a hot potato. Nobody knows who will eventually pay this bill. If you didn't remove your assets from AAVE, you risk receiving at least part of that bill in some form. Not having access to your money is part of that risk too. Contagion is also extremely high. Many protocols and apps rely on AAVE for their earn mechanics. These protocols and their users are stuck too and may be forced to incur bad debt with no fault of their own. October 10th was a CEX driven crash, this is a DeFi risk mitigation failure of epic proportions. AAVE should have never onboarded rsETH as a collateral asset, at least not to the size of hundreds of millions that allowed the hacker to walk away (i.e. borrow) over $200M in ETH after posting fake collateral. Rumors on X are saying rsETH was onboarded by AAVE due to a conflict of interest (lobbying) by a given service provider. If true, this is a major failure of its governance structure (nothing new). The folks at @KelpDAO who manage rsETH also have a tough decision to make on who will actually pay for the $200M exploit. AAVE users? L2 rsETH users? Everyone affected gets a haircut to account for the loss? The AAVE team and its founder, Stani, have been quiet for over 20h since the exploit after initially announcing the rsETH market freeze. They have a pretty big problem on their hands since the whole protocol is at risk right now. Trust is already lost as AAVE is bleeding billions in TVL to the level of hitting 100% utilization on all core markets. Maybe some key actors in the space will step in to provide liquidity to stabilize the markets on AAVE before this gets even worse. I got lucky to get out of AAVE early when I first saw this. I also removed all assets from DeFi and will not touch any protocol in the next few weeks. Too much risk for a few percentage points in yield. If you found this informative, like, share, and follow @duonine

@Polymarket $605M in 20 days. The uncomfortable truth: 🧛attackers are adopting AI faster than defenders. One AI-assisted exploit can scan thousands of contracts in minutes — security audits still take weeks🕐🕐🕐 The asymmetry is getting worse, not better.

JUST IN: Crypto platforms have now lost over $605 million to cyberattacks in under 20 days.

@aave Appreciate the transparency. Fully backed on mainnet is reassuring — freezing as a precaution is the right call. Looking forward to the post-mortem.

Update on rsETH incident: According to our analysis, rsETH on Ethereum mainnet is fully backed. Out of an abundance of caution, rsETH remains frozen across Aave V3 and V4 and exposure to the incident is capped. WETH reserves also remain frozen across affected markets including Ethereum, Arbitrum, Base, Mantle, and Linea. Aave is actively validating information and assessing potential resolutions.

@tayvano_ The real problem isn't just bad opsec — it's zero disclosure standards. TradFi has mandatory incident reporting windows. DeFi teams "revising" losses 10x post-mortem would be an SEC violation in any other market. Post-exploit disclosure reform >> timelock debates.

what the actual fuck is going on yall spent that last two weeks acting like it was The Most Shocking Thing Ever that a team didnt have their market adjustment multisig behind a fucking timelock meanwhile teams dont even know how much they had stolen ????????????????