PKspin..Я 🐸

@YuvalRooz $CC

Nobody talks about WHY Satoshi disappeared. Then SegWit happened.

🇦🇨

As the Corporations Amendment (Digital Asset Framework) 2026 Bill passed earlier this month, @RedbellyNetwork is now becoming a public digital token infrastructure according to Australian law. This means public, permissionless, open and decentralised.

Most DeFi protocols have an admin key. A kill switch. A 2-of-3 multisig where three devs can pause your funds. @THORChain has none of that. 95 independent nodes. No single point of failure. Permissionless by design. This is real DeFi. 🔥

$292M GONE: bridge trusted a forged message, minted phantom collateral, and real ETH walked out the door That attack surface doesn't exist on @THORChain, which mints nothing, wraps nothing, and trusts no third-party messages How many $292M lessons before the industry learns?

Most perps “DEXs” are just CEXs with extra steps. Wrapped assets Leaky execution Fragmented margin Horrible stress handling Calling it “DeFi” doesn’t fix that. Ultrade is actually rethinking the stack: native assets, dark execution, unified margin, real failure design This is how it should’ve been built.

EXTREMELY timely security milestone from Chainlink Big-4 accounting firm @Deloitte just completed a SOC 2 Type 2 examination for Chainlink CCIP and Data Feeds (Price Feeds, Proof of Reserve, NAV Feeds) A SOC 2 Type 2 is an independent audit verifying that an organization's security, availability, and confidentiality controls have operated effectively over a sustained evaluation period, typically 3 to 12 months (in this case 6 months) While this kind of milestone may sound boring, this is exactly the kind of attestation that major enterprises and financial institutions look for before integrating with a technology vendor Chainlink is now the only oracle platform holding SOC 2 Type 2, SOC 2 Type 1, and ISO/IEC 27001:2022 certification

🔥KYC AML is coming for Defi🔥 Treasury 2026 reports (NMLRA & Illicit Finance Innovation Report): Highlight DeFi's risks (e.g., liquidity pool poisoning, exploits) and call on Congress to clarify which DeFi participants (especially those with concentrated governance tokens or control) should face AML obligations. They explicitly note that "decentralized" does not exempt projects from Bank Secrecy Act rules if there's identifiable control. However, this is a call for future legislation—not an enacted rule forcing identity checks on all pool users.

🚨🚨🚨 REMOVE ALL YOUR FUNDS INTEGRATED WITH LAYERZERO IMMEDIATELY!!! LayerZero placed blame on KelpDAO saying they were irresponsible for running 1/1 DVN. @Dune analyzed all LayerZero integrations. Out of the 2,665 LayerZero integrations, 47% are running 1/1 DVN LayerZero integrations. I am being 100% serious here— REMOVE ALL YOUR FUNDS INTEGRATED WITH LAYERZERO IMMEDIATELY!!! 🚨🚨🚨

LATEST: 🏦 Japan's JSCC has launched a trial with Mizuho and Nomura to test using government bonds as collateral on the Canton Network.

@shafu0x + rETH @RocketPool_Fi

the only contract you can trust at this point is fucking wETH

Sergey explains why CCIP is the most secure cross-chain infrastructure “CCIP has many individual key security design decisions, but three of the larger ones that I tend to think about when I look at its security compared to other cross-chain systems would be the amount of decentralization that actually confirms a transaction” “There are cross-chain systems that are basically multi-sigs of one, two, three sets of signers or keys. Then there are cross-chain systems that are basically hubs where all transactions flow through one hub” “And then there's CCIP, which for every single lane has three oracle networks. Not three nodes, but three individual separate networks responsible for confirming three separate aspects of the transaction” “The amount of decentralization within CCIP just by the amount of nodes independently verifying key parts of the transaction in a very focused way is at a much higher level than any other bridge” “The second key difference is the fact that there's a risk management layer. So, there's a risk management network, which is one of those key networks where you can encode specific policies and configurations and conditions around how to approach different security risks that might emerge” “If a specific chain has a certain type of risk—it reorgs, there's reliability issues, an adversary has invented a new attack—you have a place where you can go and you can write some code and encode those set of risks and those set of conditions separately from the core protocol” “So, you're not changing the core protocol that provides the core security; you're adding security by putting more conditions on what a transaction needs to meet in the risk management network” “So, you're keeping the core security in a stable protocol and you're adding more security by putting more code, more configurations in the risk management network. This is another kind of layer of decentralization and the ability to quickly adapt” “One of the third key things that was done is actually that the two core transactional networks—the committing DON and the executing DON—and the risk management network have been written in separate codebases” “The core protocol is written in a completely separate codebase in a completely different language, initially written by a completely separate team from the team that wrote the risk management network in its own codebase and its own language” “And both of these parts of the system are continuing to be very separate not only in how they operate, but also in that they're separate codebases written in separate different languages” “And this is a very significant difference because even if you're able to break one of those codebases because you know one language or you found one flaw, that flaw does not extend to the other codebase” “And so it's really the only bridge in which you have a kind of client diversity and separate codebases interacting with each other in a secure way” “There's many other great security features within CCIP that far surpass what you see in other bridges, and that's why CCIP has been operating successfully with no value loss, no hiccups, continual reliability, and a bunch of other successful outcomes” “I think it's something that the time that it took to build was a good decision, and that's consistently what I see when you make infrastructure that's going to process and move and interact with trillions of dollars in transactional value, which is what the Chainlink system and CCIP are being built to do” “Our goal is not to just transact and process the transactions and move the data of today, but it's to do that for the whole world in the trillions and trillions of dollars, possibly at some point even reaching the size and amount of transaction value that you see in the traditional financial system, which is in the quadrillions per year”

Wrapped assets have far more complications and a complex risk profile than the native version. Full stop.

Investigate hard because the fact is 2 of 3 @LayerZero_Core DVN signers authorized it. Any bridge/OFT/OApp that uses LayerZero’s DVN as its lone required verifier is vulnerable to the same attack right now. I would guess that most don’t only require one like @KelpDAO did

Sneak peek of x402gle, the agentic tool search engine + payments protocol explorer. Access the beta by holding 1M+ $DEXTER: x402gle.com

x.com/i/status/20455… "An attacker apparently drained 116,500 rsETH from Kelp DAO's LayerZero-powered cross-chain bridge on Saturday, according to on-chain data. The stolen funds are worth approximately $292 million at current market prices. LayerZero OFT bridge at the center The exploit appears to have targeted Kelp's LayerZero OFT (Omnichain Fungible Token) bridge, which enables rsETH to move between networks. The successful drain transaction occurred at 17:35 UTC, when an attacker-controlled wallet called lzReceive on LayerZero's EndpointV2 contract. The call triggered Kelp's bridge contract to release 116,500 rsETH to a separate attacker address, per the transaction's event logs."

@CantonArmy And still "NO AUDIT" since 2022! @CypherockWallet Not touching this wallet until they address $CC @CantonNetwork

We talk a lot about Canton's tech. The privacy layer, the institutional backing, the DTCC integration. But nobody's talking about the self-custody gap. Most $CC holders right now are sitting on centralized exchanges or hot wallets. That's the same setup that wiped people out in 2022. Different chain, same risk. Canton was built for institutional-grade security. Shouldn't the way you store your $CC match that standard? Until recently, there wasn't a cold storage option for Canton at all. That changed when @CypherockWallet added Canton support, making it the only hardware wallet in the market that does. What caught our attention: it doesn't use seed phrases. Your private keys are split across 5 devices using Shamir's Secret Sharing. Audited by Keylabs, fully open-source. They're also running something interesting right now. You can essentially get the wallet for free through a referral program with $CC rewards. Worth looking into if you've been meaning to move your tokens off exchanges. Details here: cypherock.com/store Self-custody isn't optional. Especially not on a chain built for institutions.

And still "NO AUDIT" since 2022! @CypherockWallet Not touching it until they address