معاذ
481 posts
kelpdao and other protocols when hackers come to exploit them
Kelp@KelpDAO
Earlier today we identified suspicious cross-chain activity involving rsETH. We have paused rsETH contracts across mainnet and several L2s while we investigate. We are working with @LayerZero_Core, @unichain, our auditors and top security experts on RCA. We will keep you posted as we learn more about this situation. Please follow only the official @KelpDAO handle for the updates.
English
@A502125 و في نظرك ان اسرائيل تم بنائها على أسس علمانية غير دينية؟ إذا الدين عندهم له وازع موزون ليش تحرمها على ملتك؟ ايران اليوم مثال ناجح لدولة إسلامية معاصرة عميقة الفهم بمسرحية السياسة. لا اقول إنها خالية من العيون بل إنها اول نمودج فتاك. الدين يعطيهم منسوب شعبي يمكنهم من تخطي كثير.
العربية
@m3aadh نعم رجل الدين لا يصلح لإدارة دولة في ظل نظام عالمي حديث ومعقّد فإدارة الدول اليوم تتطلب خبرات متخصصة وفهم عميق للاقتصاد والسياسة والعلاقات الدولية وغيرها لا مجرد خطاب وعظي أو تفسيرات جامدة.
العربية
بعض التعليقات تكشف أن بعضهم يعاني من أزمة معرفة و وعي وسوء فهم لمفهوم الدولة الحديثة والنظام العالمي المعاصر... ويريدون أن تُدار الشعوب بالشعارات والطرح السطحي بدلا من العلم والمؤسسات.
العربية
@codehans1 @patriotsounds Liability, lack of transparency, expanding into opaque financial derivatives.
English
معاذ ری ٹویٹ کیا
Another borrowing milestone hit, so we have increased the USDC borrow cap from $100k to $200k!
Borrow USDC and USDT against your native BTC, ETH, and more, with accurate pricing from Enshrined Oracles and full control of your assets, powered by @THORChain.
Learn more 👇🧵
English
🔴 حجم الاقتصاد الإماراتي وفق توقعات خبراء imf
2026: 621 مليار دولار 🇦🇪
2027: 649 مليار دولار 🇦🇪
2028: 686 مليار دولار 🇦🇪
2029: 727 مليار دولار 🇦🇪
2030: 770 مليار دولار 🇦🇪
2031: 815 مليار دولار 🇦🇪
يقترب من التريليون 🇦🇪 💰
العربية
معاذ ری ٹویٹ کیا
These outflows ought to become inflows to @RujiraNetwork
And yes, we don't allow rsETH as collateral
Emperor Osmo 🐂 🎯@Flowslikeosmo
The rsETH hack is so damaging because of how deeply integrated it is across DeFi. 91% of all lending protocols are seeing outflows simultaneously. Here's the outflows over the past 24 hours: 1. Aave $4,920M –25.4% 2. Morpho V1 $608M –8.5% 3. Maple $1.7B $183M –10.7% 4. Tydro $246M $97M –39.6% 5. Fluid Lending $84M –11.4% 6. Jupiter Lend $72M –7.9% 7. Kamino Lend $71M –4.4% 8. Euler V2 $468M $50M –10.6% 9. JustLend $3.6B $41M –1.1% There is a systemic risk off move happening for DeFi right now.
English
معاذ ری ٹویٹ کیا
Most protocols relying on a specific bridge to be connected to other chains should contact @THORChain to create a pool to remove those dangerous dependencies.
THORChain@THORChain
Another bridge hack another $292 million gone. An attacker forged a cross-chain message on Kelp DAO's LayerZero bridge minted 116500 rsETH out of thin air and used them as collateral to drain real ETH from lending protocols. The emergency multisig paused everything 46 minutes later but the damage was already done. This keeps happening because bridges rely on trusting messages from other chains. When that trust layer gets exploited there is nothing underneath it. Native assets don't have this problem. When you swap on THORChain nothing gets minted nothing gets wrapped and no third party vouches for anything. Real cryptos move between chains validated by the network itself. That is the only model that removes this attack surface entirely. Native or nothing.
English
@umyamen86 @JAMALALKINDI85 جبل علي موقف يجو عندنا ياخذو كل شي. مع الوقت ان شاء الله بينزل مع العلم أن اكبر مستفيد هي المواني العمانية.
العربية
@AlexAuroraDev @zacodil @ilblackdragon @near_intents @NEARProtocol What about compliance master key vulnerabilities? Is that a multisig of some sort. Is the whole architecture public? Monero type privacy has regulatory risks.
English
English
NEAR's Confidential Shard solves many of the DeFi security problems now that hackers armed with AI exploit agents are draining protocols one after another.
Quick intro: a private execution environment running parallel to NEAR mainnet. Validators run inside TEE. Private accounts and contracts live inside TEE with only public metadata exposed. Users access their own state via viewing keys.
Most DeFi vulnerabilities are found by analyzing source code from GitHub or reverse-engineering on-chain bytecode - both trivial for AI agents. Then the attacker forks the chain state, simulates the attack, and if it works - executes on production.
Confidential Shard removes the attack surface. There's nothing to download, nothing to decompile, nothing to fork.
Oracles can run inside TEE per contract - only the contract sees the price feed output. An attacker can't see oracle values, can't time the attack, can't manipulate what they can't observe. This kills an entire class of DeFi exploits.
This is not a centralized backend pretending to be DeFi. Auditors and safeguards can verify data integrity, audit operations and balances through viewing keys - without exposing any of it publicly. TEE attestation cryptographically proves that the audited code is exactly what's running on the shard. Public and private state coexist - verifiable without being exposed.
The market has a problem. NEAR has the infrastructure. Should we build Confidential DeFi?
English
@zacodil @jemartel98 @AlexAuroraDev @ilblackdragon @near_intents @NEARProtocol Couldn’t they hack into the compliance layer? To my understanding it’s still viewable and there is people vulnerabilities
English
English
@Shft_Ctrl @THORChain I still like HYPE, Aster, Pump, maybe UNI (Erc20) they can be a good investment for the treasury the pools will work while appreciating long term also if we can capture their attention to list us back would be cool (Aster, Hype)
English
Vol in millions in past 24hrs
PEPE $316
UNI $205
USDe $196
ASTER $154
ENA $145
JUP $135
SHIB $105
PENGU $100
VIRTUAL $76
BONK $50
PUMP $47
FARTCOIN $22
SPX6900 $5
No pools on @THORChain
No chain integrations required, just pools for erc20 or SOL eco coins
Worth a try
$RUNE
English
@Shft_Ctrl @THORChain That not how you capture attention mate, meme coiners are gamblers who almost never leave CEX cause they don’t care about decentralization they are only in it to rug each other.
English
Another bridge hack another $292 million gone.
An attacker forged a cross-chain message on Kelp DAO's LayerZero bridge minted 116500 rsETH out of thin air and used them as collateral to drain real ETH from lending protocols. The emergency multisig paused everything 46 minutes later but the damage was already done.
This keeps happening because bridges rely on trusting messages from other chains. When that trust layer gets exploited there is nothing underneath it.
Native assets don't have this problem.
When you swap on THORChain nothing gets minted nothing gets wrapped and no third party vouches for anything. Real cryptos move between chains validated by the network itself. That is the only model that removes this attack surface entirely.
Native or nothing.
Lookonchain@lookonchain
Due to the KelpDAO exploit, the attacker deposited $RSETH into #Aave to borrow $ETH, creating bad debt on #Aave. Many whales have already rushed to withdraw their $ETH from #Aave. $ETH Utilization Rate on Aave has now reached 100%.
English
1of1?
Protecting $293m?
Insanity.
@thorchain is 67/100
D2 Finance@D2_Finance
Good catch on the DVN config. 1/1 required, LayerZero Labs only, zero optional threshold, is a genuine single-point-of-failure setup for a $293M pool. That looks weird @PrimordialAA 😅 but it’s 5am. Still open though. Two paths fit the same config: 1.DVN compromise or bug. No legit send(). Our hypothesis lands here if a source tx never existed. 2.Source peer key compromise. A real send() with a hijacked Kelp peer, DVN validly signs a real-but-malicious message. LZ Scan was showing source tx hash pending last I checked. If no source tx for nonce 308 ever surfaces, you’re right and this is DVN-side. If a real send() exists with the Kelp-labeled peer as sender, it’s OApp-side. Either way, D2 Finance and its users are not affected. Back to sleep 💤
English