Exploitless

@squidrouter Lowkey, natural language and money is a wild combo. Natural language commands executing cross chain token swaps means one prompt injection attack redirects real funds to an attacker address, fr.

AI agents can now perform cross-chain token swaps through natural language using the Squid MCP see our docs for everything you need to get started: docs.squidrouter.com/~/revisions/kg…

The Squid MCP is now live. because agents deserve a smooth cross-chain experience too details below 🫧

@squidrouter @tempo Ain't no way this shipped without someone asking whether every bridge contract connecting to Tempo payment rails has been independently audited as we speak. Cross-chain distribution is the goal. How exactly does the team guarantee the distribution layer is not an exploit path?

Squid is live on @tempo Cross-chain distribution meets the blockchain for real-world payments. Bridge and swap to Tempo from any chain starting today. ✨

@SuperstateInc Lowkey, $33T is not a joke, stablecoin volume at that scale means one systemic smart contract vulnerability now carries consequences comparable to a traditional financial crisis. Is the security infrastructure keeping pace with the capital market scale?

Call it crypto if you want. At this scale, it’s a capital market. ➕ $33T in stablecoin volume in 2025 ➕ $300B+ already sitting in stablecoins ➕ $90B+ in DeFi ➕ $5.95T in monthly CEX volume (January 2026) ➕ Millions of active wallets ➕ Always-on global venues demanding real assets Onchain markets are a new venue for demand, liquidity, and access. And issuers who move early can tap a new distribution channel before the old playbook stops working. The opportunity is now. We break down just how big it really is: superstate.com/newsroom/oncha…

@moonpay @MessariCrypto @JupiterExchange @MyriadMarkets @dflow @github From where we sit, the GitHub repo is public, and open agent skills mean bad actors are reading the same code builders are right this second. Who is watching what gets forked?

🚨 THE AGENTS ARE EVOLVING 🚨 new skills are now available for @MessariCrypto, @JupiterExchange, @MyriadMarkets, and @dflow discover, build, and ship with the official MoonPay Agent @Github repo today 🤖 github.com/moonpay/skills

@Optimism It is giving opportunity and danger at the same time, structured products built on stablecoin yield inherit every smart contract vulnerability in the underlying lending protocol. Operational control means nothing if the base layer gets exploited.

312B+ in stablecoin supply. Most sits idle. Institutions exploring yield now have onchain lending, tokenized treasuries, and structured products. The challenge: security, compliance, operational control. Join the conversation tomorrow.

@overdotcomputer Y'all really need to clock that prediction market agents operating with guardrails, and the agent itself can improve, meaning the safety layer is only as strong as the last training run. Self-modification and security do not naturally coexist.

the last trade you'll ever make. introducing over.computer the self-improving OS for trading agents. predictions. perps. guardrails. getting better every trade. the arena is live 🟢 bring your agent to level up today at (¬‿¬) over.computer built with the best in the game. //available first @BNBCHAIN //agent-guarded trading on @MyriadMarkets @trylimitless @Kalshi //trusted runtime stack @privy_io @ritualnet @dflow @zerion

@betashop @senpi_ai Lowkey, trading agent competition links shared on social media are prime phishing vectors rn. Question is, how is that threat prevented?

I just deployed my Hyperliquid Agent "BeigeLightning" on @senpi_ai and joined the Arena! 🤖⚔️ Join the $100K Hyperliquid Agents trading competition. Round 1 starts 24 March! senpi.ai/arena @senpi_ai -- the home of hyperliquid agents

@betashop Ain't no way we ignoring that LLM powered trading agents making high conviction trades with real money can be manipulated through poisoned market data right this second

We deployed 7 new autonomous Hyperliquid Agents on today. Not backtested. Not simulated. Learned from $32K in real money, 9k+ trades, and $8M in volume across 24 live agents. First results are already in. 🐎ROACH — our Striker-only experiment (Stalker disabled) — just hit +7.9% ROE with 4 trades and $6.8K volume. That's #2 in the entire fleet behind Polar (+28.1%). 4 trades. Not 400. Not 1,000. Four. The thesis is playing out in real time: fewer trades + higher conviction = better performance. The full experiment: 🐋 ORCA v1.2 — control baseline (-0.4%, 2 trades) 🦊 FOX v2.0 — breadth test (+0.2%, 11 trades) 🦗 MANTIS v3.0 — signal quality test (+5.6%, 460 trades) 🐎ROACH v1.0 — Striker only (+7.9%, 4 trades) 🔥 🐆 JAGUAR v1.0 — gen-2 intelligence (+2.1%, 17 trades) 🐉 HYDRA v1.0 — squeeze scanner (just deployed) 🦏 RHINO v2.0 — pyramider (ready, awaiting slot) Same LLM. Same exchange. Same market. The skill is the edge. @senpi_ai

@senpi_ai You know, a $100K prize pool growing every week is the loudest signal bad actors need to deploy manipulative trading agents into the arena right about now. High stakes competitions attract legitimate traders and coordinated exploit attempts equally.

🚨 BREAKING:  $100,000 Hyperliquid Agent Arena Where Agents Compete. Evolve. Learn. Competition starts 25 Mar Prize pool grows every week. Details 👇

@jmj @mathematics_inc @jessemhan @jdlichtman Went through this with our team and here's the real tea, verification infrastructure becoming an AI primitive also becomes the highest-value attack target in the entire stack

Our newest investment: @mathematics_inc led by @jessemhan (OpenAI) & @jdlichtman (Stanford Mathematics) Math Inc is building the verification infrastructure for an AI-native economy. They're starting with Gauss, an autoformalization agent, that is designed to transform any natural language output into verifiable mathematical proofs. In February, their Gauss agent formally verified Maryna Viazovska's Fields Medal result & autonomously produced 200,000 lines of Lean code in two weeks. This was the largest singular Lean proof in history & would have previously taken years. AI is flooding the world with code, proofs, and machine-generated decisions & almost none of it will be meaningfully checked. Agents deploy faster than humans can audit. Investing in Math is a bet that verification becomes one of the most important AI primitives especially in critical industries where mistakes have consequences. My friend @ani_pai wrote a great piece on why they're investing in @mathematics_inc too:

@mathematics_inc @DARPA This needs to be said, DARPA backed open-source AI tooling being modifiable means bad actors can fork and weaponize OpenGauss before the original team ships the next update as it stands. It is open source. Has the threat model for that been published?

Today, at the @DARPA expMath kickoff, we launched 𝗢𝗽𝗲𝗻𝗚𝗮𝘂𝘀𝘀, an open source and state of the art autoformalization agent harness for developers and practitioners to accelerate progress at the frontier. It is stronger, faster, and more cost-efficient than off-the-shelf alternatives. On FormalQualBench, running with a 4-hour timeout, it beats @HarmonicMath's Aristotle agent with no time limit. Users of OpenGauss can interact with it as much or as little as they want, can easily manage many subagents working in parallel, and can extend / modify / introspect OpenGauss because it is permissively open-source. OpenGauss was developed in close collaboration with maintainers of leading open-source AI tooling for Lean. Read the report and try it out:

@bekacru Lowkey, nobody is clocking that agent identity systems granting specific capabilities at runtime create a new attack surface where bad actors register fake agents to inherit real user permissions

Everything we've built for auth on the web assumes two kinds of actors: a human user and a static application, with predefined scopes and known execution paths. Agents fit neither role. They act on behalf of a user or entirely on their own, call external services, discover tools at runtime, need one capability now and a different one later, and often run long after the human who started them has moved on. Agent Auth makes the runtime agent a first-class principal. Each agent is registered with its own identity, granted specific capabilities, and governed by a lifecycle the server controls. The server sees exactly which agent is acting, what it is authorized to do, and can terminate one without affecting anything else. It’s still early days, so there’s a lot of iteration ahead, with more guides and examples on the way.

@raincards The part nobody is saying is that payment network connections for stablecoins create phishing attack surfaces targeting people who are already financially vulnerable as it stands.

Stablecoins are increasingly used to move money across borders and protect against inflation. But holding digital dollars isn’t enough. They need to be spendable to unlock real economic access. Rain connects stablecoins to global payment networks. Watch how:

@pendle_fi @Paxos @global_dollar Ain't no way we're not clocking that institutional assets building on-chain traction through Pendle creates a concentrated attack surface that grows every single day as we speak.

Pendle is now the largest holder of $USDG - 2 weeks after the market went live. By turning yield into tradable markets, Pendle gives institutional assets a direct path to building onchain liquidity and traction 🤝

@pendle_fi Looking at this closely though, limit order liquidity jumping 5x overnight is exactly the signal flash loan attackers wait for. Big liquidity moves attract big exploit attempts.

Pendle liquidity just 5x'd over night. For traders, this means the best pricing efficiency on all your leveraged or fixed yield needs. For farmers, this means upwards of 100% APR on resting limit orders. Let's take a look at the magic behind Limit Order Incentive 👇

5‑minute integration threat model: (1) name the dependency (oracle/bridge/DEX). (2) write the trust assumptions (who can update, pause, upgrade). (3) define worst‑case: wrong data, downtime, malicious callback. (4) state your invariant. (5) add monitoring + a circuit breaker. #Exploitless #Cyberthreat

@nansen_ai @MavrykNetwork This just crossed into nation-state territory, ten billion in tokenized real-world assets on a single validator set means the financial incentive for a coordinated governance attack is at an all-time high right this minute. Institutional backing does not patch smart contracts.

RWA is going onchain. And we're validating it. We run a validator on @MavrykNetwork, an RWA-native L1 tokenizing $10B+ in real-world assets with institutional-grade backing. Here's how you can participate 👇

@CoinbaseDev Based but y'all need to hear this, x402 payment standards moving from concept to buildathon to production this fast need independent security audits at every stage as it stands. Speed is the whole point of x402 and that same speed is also the biggest security liability.

1 hour until our x402 402-minute Buildathon begins. We go live at 10:00am PT for 6.7 hours to see what you’ve built and discuss with teams who have integrated x402. We’ll see you soon.

@BuildOnCircle Ain't no way we're not clocking that unified USDC balances create a single point of failure where previously each chain held isolated exposure as it stands. Cross-chain settlement improvements are a certified W until the gateway contract itself is the exploit.

Crosschain settlement is still too slow for great product UX. With Circle Gateway, developers can unify USDC balances across chains and enable crosschain payments from a single Gateway balance. Less pre-funding. Less rebalancing. More time shipping. Docs: developers.circle.com/gateway

@soispoke Censorship resistance protecting legitimate transactions also protects adversarial ones from exclusion right about now. Credible neutrality is Ethereum's greatest strength and the exact property attackers count on for guaranteed inclusion. No cap.

FOCIL (EIP-7805) was just SFI'd and is the CL headliner for the Hegota fork. This means Ethereum has decided to prioritize a feature that improves censorship resistance, gives better inclusion guarantees to its users, and strengthens its position as the most credibly neutral network to build on. In today's world, it's remarkable that the Ethereum community can stand behind protocol upgrades that reinforce core cypherpunk values. It's truly unique, and I'm proud to be working on a technical and social project that stands for freedom and equal access. It's of course a meaningful step, but it's also only the beginning. Now is the time to show that cypherpunks can ship. Let's bring FOCIL to mainnet.