w-source

👉

👉👉👉

👌

Great panel at @rwaweek! A wise advice from @danielletichner: make sure your code is safe & secure at all times 👉👉👉

The @NEARProtocol is becoming post-quantum-safe. See below for the roadmap to quantum safety, starting with adding a quantum-secure signing scheme in Q2. We originally built the protocol with expectation cryptography will need to change due to progress in quantum computing. We knew there would be a need to expand the cryptography set, so NEAR allows multiple signing schemes by design and users will be able to use whichever one they prefer. We also design NEAR account model to not depend on any particular cryptography and allow to manage keys as "devices". We’re proactively releasing the first quantum-safe signing scheme this spring, the first of many. Allowing wallets and partners to add support to it and users to secure their accounts early. We want to give users as much time as possible to rotate their keys in a proactive way and have piece of mind. In parallel Near One is going to upgrade cryptography across secure the rest of the protocol. More to come on this, but I'm excited for these steps and I feel NEAR is well-positioned to lead in the quantum transition for our space.

👀

TL/DR of @LayerZero_Core drama: @LayerZero_Core : every app should configure their own security otherwise there will be one centralised point of failure @KelpDAO Really ? Great, hold my horses @chainlink and other bridges : that's bullshit, our centralised point of failure is 13/16 or 15/19 or sth, no way it can be hacked. Whereas 1/1 or 2/2 or 4/4 can and will. Plus it's impossible for apps to understand the security let alone manage it themselves Conclusion: Avoid MultiSig bridges altogether, ffs. Use canonical assets and intent protocols

H1 2026: • 65 protocols. • 802M lost. • <1% recovered. Audits weren't enough. They weren't scoped to be. Today at 12 UTC, our CEO, Rubèn Jimènez Garcia, joins @rwaweek's Space on real-time token flow security with @rwa_io, @wsource4, hosted by @pauli_speaks. Join us at: linkedin.com/video/event/ur… Bring your hard questions. The format is open.

Keen to dive into to the current state of #security & #privacy? Tune in for @rwaweek’s panel featuring our own @danielletichner joining @pauli_speaks, Adam Bouktila @rwa_io, Rubén Jiménez @DedgeSecurity. Let’s Go!

A ton of this is just completely untrue. 1) Kelp originally used the defaults which were MultiDVN or DeadDVN and manually migrated to a 1/1 config later 2) Almost 100% of the volume on a 1/1 config was rsETH 3) Not using a 1/1 for production applications is mentioned many times in the documentation. The defaults Kelp is referencing in their screenshot were multiDVN or DeadDVN, which force-rejects an application using the defaults at all and requires them to manually set configuration. rsETH was originally configured to use the default LayerZero configuration of a multiDVN setup of LayerZero Labs + Google: Here are the exact transactions where that happens Ethereum → Arbitrum: etherscan.io/tx/0xd7c864adb… at 2024-02-06 03:09:47 UTC Ethereum → Optimism: etherscan.io/tx/0x7075bfe9a… at 2024-02-06 03:09:59 UTC KelpDAO then manually changed these to 1/1 configs: For the original Feb 6 Ethereum routes to Arbitrum/Optimism, KelpDAO’s Ethereum contract switched from defaults to manual OApp-scoped config on 2024-04-01: Send-side manual config: etherscan.io/tx/0x7485c16c9… 2024-04-01 07:12:11 UTC Receive-side manual config: etherscan.io/tx/0x21e967c99… 2024-04-01 07:12:23 UTC From this point on, Kelp began deploying all of their configurations as 1/1 configs. Here is Kelp’s deployment on Unichain: Unichain → Ethereum was opened on 2025-04-01 18:55:41 UTC. Pathway-open / setPeer tx: uniscan.xyz/tx/0x31ea2b10a… The manual ULN config followed 6 seconds later in uniscan.xyz/tx/0xd8ef5416a…. During this time the Unichain -> Ethereum and Ethereum -> Unichain defaults were set to DeadDVN which is a contract which makes it impossible for any application to transact without manually configuring their DVNs, this was not possible on the defaults of this pathway. Here is the code in the DeadDVN (#code" target="_blank" rel="nofollow noopener">etherscan.io/address/0x747C…) that specifically prohibits this. (Screenshot 1) This is called out many many times in the docs: 1. Integration Checklist — "Do" list - Last edited: 2025-11-26 (Nazreen) - Content: "Do: … Use more than one DVN for each production pathway instead of relying on a single DVN." - File: v2/tools/integration-checklist.mdx:244 - URL: #set-security-and-executor-configurations-on-every-pathway" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ… 2. Integration Checklist — "Don't" list - Last edited: 2025-11-26 (Nazreen) - Content: "Don't: … Configure only one DVN for a pathway and treat it as production‑ready." - File: v2/tools/integration-checklist.mdx:251 - URL: #set-security-and-executor-configurations-on-every-pathway" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ… 3. Integration Checklist — Defaults are not safe - Last edited: 2025-09-25 (Tino Martínez Molina) - Content: "Do not assume defaults are safe for production. Always check explicitly: getSendLibrary, getReceiveLibrary, and getConfig. If these resolve to defaults, confirm whether the defaults are valid for the intended pathway. Unintentional fallbacks to defaults are a common cause of blocked or failing pathways." - File: v2/tools/integration-checklist.mdx:126-128 - URL: #explicitly-set-message-libraries" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ… 4. Integration Checklist — Default fallback warning - Last edited: 2026-02-26 (migration; same wording predates it) - Content: "Warning: If no configuration is set, the OApp will fallback to the default settings set by LayerZero Labs." - File: v2/tools/integration-checklist.mdx:222-238 - URL: #set-security-and-executor-configurations-on-every-pathway" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ… 5. ONFT Quickstart — Production guidance - Last edited: 2025-02-20 (Radek Sienkiewicz) - Content: "DVN Settings: Use multiple DVNs in production to ensure message verification is robust." - File: v2/developers/evm/onft/quickstart.mdx:700 - URL: #security-considerations" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/developers/… 6. ONFT Quickstart — Strong recommendation to configure - Last edited: 2025-03-10 (Radek Sienkiewicz) - Content: "We strongly recommend reviewing these settings carefully and configuring your security stack according to your needs and preferences." - File: v2/developers/evm/onft/quickstart.mdx:366 - URL: #configure-the-onft" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/developers/… 7. Starknet FAQ — "Should I use multiple DVNs?" - Last edited: 2026-01-21 (Nazreen) - Content: ▎ Should I use multiple DVNs? ▎ Recommended for production. Multiple DVNs provide: ▎ - Increased security (multiple independent verifiers) ▎ - Resilience (no single point of failure) ▎ - Trust minimization - File: v2/developers/starknet/troubleshooting/faq.mdx:290-296 - URL: #should-i-use-multiple-dvns" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/developers/… Here are the exact recommendations we gave KelpDAO when asked about DVNs (typically 2/3) (Screenshot 2) Other LayerZero applications speaking on exactly what is advised by the team x.com/mitchellftracy… x.com/jasperflux/sta… For how much volume was actually configured on 1/1 here is the exact data. (Screenshot 3) We will publish a complete post-mortem as soon as the external security firms have completed it.

Tokenised systems are evolving fast - but what are the real security trade-offs when value moves in real time across increasingly interconnected infrastructure? Join us for this deep dive 📅Date: Wed, May 6 ⏲️Time: 12:00 PM UTC 🎙️Host: @pauli_speaks , Strategic Advisor at @rwaweek Guests: • Adam Bouktila, Co-Founder & CSO at @rwa_io • Danielle Tichner, Founder & CEO at @wsource4 • Rubén Jiménez García, Co-Founder & CEO at @DedgeSecurity Attend here: linkedin.com/feed/update/ur… We’ll explore how real-time token flows are reshaping security and privacy across digital asset ecosystems - from architectural decisions that define risk early on, to where vulnerabilities are actually emerging in today’s systems. If you have questions you want us to cover, drop them in the comments 👇

1/ Today, Privy is excited to partner with @Yield_xyz to bring policies to agentic yield. Yield is continuous, with rates moving + positions shifting in real time. AgentKit is purpose-built to give agents access to thousands of yield opportunities across chains.

3Jane began as a credit-based money market extending lines of credit to cryptonatives. Today we're evolving into programmable credit facilities via warehouse loans & forward-flows to power the next generation of fintech originators across a $100B opportunity. Full post below.

Why we are not surprised 👉👉👉

Today, we’re launching the @link wallet for agents. It lets you securely empower agents to spend on your behalf. Your payment credentials are never exposed and you approve every purchase. link.com/agents

The new stack for global finance, mapped 👇

🚨 JUST IN: Former PayPal CEO David Marcus just unveiled a stablecoin banking product for businesses and AI agents. Stablecoin balances. Yield. Payments. Cards. All chain-native, all behind an API. This is Banking-as-a-Service but onchain. --- Banking-as-a-Service is getting rebuilt on stablecoin rails. The old stack - Middleware (e.g. Unit / Synctera) - Galileo - FBO accounts at a sponsor bank There's now a chain-native version. - Squads Grid does it on Solana. - Bridge built it for fintechs, payroll and non banks - BVNK ships it embedded. Lightspark now joins them, with distribution into 65 countries and a Bitcoin L2 underneath. --- I keep thinking about how the "account" itself is being unbundled. What used to be a sub-ledger entry at a partner bank becomes a programmable smart account that holds dollars, settles 24/7, keeps its own yield, issues cards, and accepts agent-scoped permissions. The bank charter turns into a feature you plug in for accessing other rails. --- The agent piece is marketing, but its also more than that. Lightspark is already inside Google's AP2 protocol. As agents want to become platforms in their own right, re-sell financial services to their customers, they'd want a BaaS like thing. Why not go for something that uses stablecoins? --- Marcus has THE most fascinating back story - Former CEO of PayPal, has moved money traditionally - Behind Libra at Meta a global bank account and "stablecoin" that regulators pushed back on. Now this is a global stablecoin bank account distributed through an API, post-GENIUS Act, sold to businesses and machines. Sometimes timing is everthing. Does this compliment or commoditize BaaS over time? I expect the answer becomes obvious within 18 months.