zkCross Network

x.com/i/article/2050…

We built @Surf_Liquid AI that trades @Polymarket sports markets while you sleep. Six weeks. 34 upgrades. 605 paper trades. All three strategies profitable. +$3,737 in returns. Here's what it actually does: → Listens to live score data from every match on Polymarket simultaneously → Runs sport-specific probability models on every single score change → Finds the moments when the market hasn't repriced fast enough → Executes before the odds catch up → Tennis modelled point by point. Soccer is modelled by goal rate. Hockey and basketball are built differently. → One generic model doesn't survive contact with real sports. So we built one engine per sport. Three strategies. One AI. Three risk levels: 1. Conservative: strictest signals, lowest drawdown. Your money is treated like savings. 2. Active: wider signal range, more trades, more upside, more variance. 3. Calibrated: the interesting one. Same signals as Active, but every probability runs through a self-correction layer first. If the model says 80% but history says 73%, it trades the 73. Gets smarter every day. Here's the part I want to talk about. In late April, we caught ourselves inflating our P&L. The bot was assuming fills at the quoted price. Real markets don't work that way. You walk the order book. Every batch fills worse than the last. We shipped an honest fill simulation. Our paper P&L dropped meaningfully the same day. That drop is the entire point. If your simulated fills are better than your real fills will ever be, you're flattering yourself. Then last Tuesday we found a bug. A safety mechanism in the hedging path had been failing silently for weeks. Hundreds of failures per day. None flagged. None surfaced. The system was profitable anyway. That sentence bothers me more than the bug itself. Good performance hiding a broken safety system is exactly what kills strategies three months from now. We fixed it. Wired up a live monitor that fires the moment the hedge's success rate drops below the threshold. This is Surf Prediction Vaults. You deposit stables. Pick a risk level. The AI does the rest. You never touch Polymarket. Sports is live. The weather is next. Crypto follows. Building this in the open. The good weeks and the bad ones. The wins and the bugs were caught silently for a month. If you trade prediction markets or build in this space, I want to hear the strongest argument against what we're doing. Full write-up with the architecture, the Guardian Layer, the numbers and the path to real capital: x.com/shivamtas/stat…

x.com/i/article/2036…

ERC-8004 gives AI agents a portable onchain identity, the critical starting point for agent-to-agent trust. But there's a gap. When an agent borrows funds, claims a yield boost, or votes in governance, the protocol has no way to know if a real human authorized it, or if it's a bot farming rewards across hundreds of wallets. ERC-8004 gives agents an identity. It doesn't verify the human behind them. That's where Self fits. Through ZK proofs, Self anchors an agent's onchain registration to a verified human, without ever exposing their personal data. The ZK proofs map directly into ERC-8004's Validation Registry hooks. Protocols can check that an agent's operator is OFAC-compliant, or above a required age, all from existing Self infrastructure. This isn't theoretical. → @aave integrated Self's ZK proof-of-humanity to offer verified humans boosted yield on USDT and WETH, a direct financial incentive for human verification in a DeFi environment increasingly populated by autonomous actors. → @googlecloud integrated Self into its Web3 Testnet Faucets to ensure real humans get 10x more @Celo Sepolia testnet tokens, verified through ZK proof-of-humanity, no personal data required. Both cases are the exact problem ERC-8004 surfaces, already live and in production. The agentic web needs both layers. The agent identity standard and the verified human behind it. The full breakdown of how they work together is in the blog 👇

wow, i want to re-iterate here, the @wasabi_protocol exploit isn't really a story about a stolen key. It's a story about what happens when one EOA controls a batch of upgradeable vaults with no multisig, no timelock, and no DAO governance as @evilcos and @zachxbt both pointed out within an hour of the drain (it should have never happen) The mechanics: deployer EOA grants ADMIN_ROLE to an attacker contract → UUPS upgrade replaces the perp vaults & LongPool with malicious logic → strategyDeposit() called on 7 vaults → drain(). 3 minutes, $5M+ across Ethereum, Base, Berachain & Blast. Largest single hit: 840.9 WETH (~$1.9M) from wWETH. Wasabi has acknowledged the issue and asked users not to interact with contracts. @blockaid_ flagged that all Wasabi/Spicy LP-share tokens minted by these vaults should be treated as compromised the underlying assets are gone. If you have funds anywhere in the protocol: withdraw and revoke approvals via @RoscoKalis's @RevokeCash. Big shoutout to him, the tool everyone reaches for on days like this. 34th major incident this month. April 2026: 30+ exploits, ~$630M drained. The recurring pattern keeps writing itself: privileged EOAs over upgradeable contracts, no governance friction, one phished signature away from zero.

x.com/i/article/2000…

⚡️ Perps Trading Coming to @Polymarket If you’ve ignored it till now because it wasn’t built for traders ~ this changes things 📢 What’s New ➖ Polymarket is gearing up to add perpetual futures (perps) ➖ Whitelist for early access is already open 🎯 Why You Should Care ➖ Finally relevant for perps traders ➖ Could align with upcoming $POLY airdrop phase 👉Go-To Here: polymarket.com/perps?r=Gacrypt 🔹Log in 🔹Join early access 💡 Different phase, different opportunity ~ especially if you trade perps instead of predictions 💙Like 🔄 RT