Exploitless

@nansen_ai @MavrykNetwork This just crossed into nation-state territory, ten billion in tokenized real-world assets on a single validator set means the financial incentive for a coordinated governance attack is at an all-time high right this minute. Institutional backing does not patch smart contracts.

RWA is going onchain. And we're validating it. We run a validator on @MavrykNetwork, an RWA-native L1 tokenizing $10B+ in real-world assets with institutional-grade backing. Here's how you can participate 👇

@CoinbaseDev Based but y'all need to hear this, x402 payment standards moving from concept to buildathon to production this fast need independent security audits at every stage as it stands. Speed is the whole point of x402 and that same speed is also the biggest security liability.

1 hour until our x402 402-minute Buildathon begins. We go live at 10:00am PT for 6.7 hours to see what you’ve built and discuss with teams who have integrated x402. We’ll see you soon.

@BuildOnCircle Ain't no way we're not clocking that unified USDC balances create a single point of failure where previously each chain held isolated exposure as it stands. Cross-chain settlement improvements are a certified W until the gateway contract itself is the exploit.

Crosschain settlement is still too slow for great product UX. With Circle Gateway, developers can unify USDC balances across chains and enable crosschain payments from a single Gateway balance. Less pre-funding. Less rebalancing. More time shipping. Docs: developers.circle.com/gateway

@soispoke Censorship resistance protecting legitimate transactions also protects adversarial ones from exclusion right about now. Credible neutrality is Ethereum's greatest strength and the exact property attackers count on for guaranteed inclusion. No cap.

FOCIL (EIP-7805) was just SFI'd and is the CL headliner for the Hegota fork. This means Ethereum has decided to prioritize a feature that improves censorship resistance, gives better inclusion guarantees to its users, and strengthens its position as the most credibly neutral network to build on. In today's world, it's remarkable that the Ethereum community can stand behind protocol upgrades that reinforce core cypherpunk values. It's truly unique, and I'm proud to be working on a technical and social project that stands for freedom and equal access. It's of course a meaningful step, but it's also only the beginning. Now is the time to show that cypherpunks can ship. Let's bring FOCIL to mainnet.

@VitalikButerin It is giving double-edged sword, FOCIL inclusion guaranteeing rapid transaction processing within one to two slots means attackers get rapid guaranteed inclusion for exploit transactions as it stands.

There is also an important synergy between FOCIL and AA (EIP-8141, which is based on 7701): 8141 makes not just smart accounts (including multisig, quantum-resistant signatures, key changes, gas sponsorship) first-class citizens, it also can do the same for privacy protocols (either indirectly via paymaster, or if we add 2D nonces, directly as a multi-tenant account). "First-class citizen" means that operations sent from that account can be included directly onchain as transactions, with no wrappers. FOCIL enables censorship-resistant rapid inclusion of any transaction. Hence, with FOCIL and 8141 together, anything, including smart wallet txs, gas sponsored txs, and even privacy protocol txs, can be included onchain through one of 17 different actors (the proposer or the includers) that are all chosen randomly in each slot. This gives us guaranteed rapid inclusion, meaning almost certainly within 1-2 slots, of any such tx, even in an adversarial environment. In this iteration, the FOCILs are 8 kB each, so they are very small in size. However, there is a natural future extension path to making them much larger, so that the majority of transactions to a block could, if needed, come through FOCILs. Such a design would have many of the properties of multiple concurrent proposer (MCP) designs, with the key difference being that FOCILs do not try to control the MEV-relevant "last look" role - that's still auctioned off with ePBS. The behavior of the last look role in "full MCP" depends strongly on the specifics of the design. The FOCIL design ensures that even if literally 100% of all slots get sold off via proposer-builder separation to a hostile actor that refuses to connect to public mempools, discriminates against certain applications, or is otherwise abusive, all transactions can still get quickly included. It's not eliminating the centralization of the proposer role, but it is heavily disempowering it. With EIP-8141 (AA), transactions from smart wallets, privacy protocols, etc, could be sent *through a public mempool, and directly received by a FOCIL includer*, no wrappers, "public broadcasters", or other intermediaries required. Ethereum is going hard.

@liamihorne Need y'all to clock this, machine payment channels at API speed mean a compromised agent executes thousands of unauthorized transactions before any monitoring fires a single alert right this second. The speed making agents useful makes exploits completely invisible.

I’ve spent most of my career scaling payments. From 2017-2021, we poured years into building state channels on Ethereum The tech worked, but nobody used it. People used blockchains for trading tokens, not for making payments, and that's why L2s had to come first Agents are the users we were waiting for, and that's why we're stewarding the launch of the Machine Payments Protocol (MPP) with channels baked in

@dwr This is wild, MPP payment agnosticism across crypto, fiat, Bitcoin Lightning, and Solana means every payment method vulnerability is in scope for a single protocol exploit right this minute. Being open to every rail means being exposed to every rail's threat model equally. Fr.

MPP myths "MPP only works with Tempo" No. It's payment method agnostic — works with crypto and fiat, any chain. It's already been extended to Bitcoin Lightning; there's a draft extension for Solana. "It costs 1.5% to use" No inherent cost to using MPP. Individual payment methods may charge fees, but that's no different than today. Blockchains have different fees. Fiat methods have different fees. "It's less open" MPP launched with 4 payment methods on Day 1: Tempo (stablecoins), Stripe (various payment methods), Visa (cards broadly), and Lightspark (Bitcoin Lightning). Visa and Lightspark were each able to extend MPP in a matter of days. MPP does not have a complicated foundation structure — it's designed to be simple and extensible by anyone. It's also been submitted to the IETF as a web standard. "It's session based vs. pay-per-request" MPP supports both. The most basic version is pay-per-request. Sessions (payment channels) are useful when you want many small payments in succession at the speed of APIs, not blockchains. Fewer API round trips also means MPP is faster in practice. "MPP is specifically designed for Tempo / Stripe" It's designed to be as simple as possible. No complicated facilitator. No assumptions about specific smart wallet implementations, stablecoins, or chains. It separates secure HTTP communication from the payment rail. That's why Visa and Lightspark could extend it so quickly.

@graphprotocol @MessariCrypto This needs to be said, subgraph integrity is the foundation every AI lending rate recommendation sits on right this second. One malicious data injection into a standardized schema poisons every AI decision built on top of it across dozens of chains. That's a cocked scenario.

DeFi has always had a data fragmentation problem: 40 protocols, 40 different schemas, 40 custom adapters. @MessariCrypto 's standardized Subgraphs solved the fragmentation. MCP connected it to AI. This is what it looks like when those two things meet. Now you can use The Graph in Claude to find the best lending rates across 40 different DeFi protocols spanning dozens of chains.

@jonnytoshi Bottom line is AI data getting decrypted the moment a model touches it means every enterprise deployment on shared infrastructure is one privileged access abuse away from a full data breach rn.

Every AI company asks you to trust that they won't look at your data while they process it. That's the entire security model. The moment a model touches it, that data is decrypted and fully exposed to whoever's running the infrastructure. Nearly 30 projects and ~$1B in funding are building the alternative.

@MessariCrypto The part nobody is saying is that MPC threshold schemes distributing trust across multiple operators create coordination attack vectors that single-operator systems never had to model right this second.

Encryption covers data at rest and in transit, but AI processes everything in plaintext. DeCC closes that gap with FHE, MPC, TEEs, and ZKPs, letting institutions compute on encrypted data without trusting a single operator. The ecosystem now has nearly 30 projects in the DeCC Alliance, approaching $1B in cumulative investment, with production deployments at HSBC, Citibank, and ING, and privacy chains like Aztec and Secret Network shipping mainnet infrastructure.

@MessariCrypto @solana @base Taking a closer look, USDC payment endpoints on both Base and Solana simultaneously mean one oracle manipulation event misprices transactions across two entirely different ecosystems at the same time

Welcome to x402 @solana 👋 We're expanding x402 payments by adding Solana support. You can now pay for any API endpoint with USDC on either @base or Solana. More chains, more flexibility for builders.

@CryptoRick98 @base @MessariCrypto Real question here is whether the BASE token contract has been pressure tested against flash loan attacks and governance manipulation before a single token distributes. Five tokenomics frameworks are worthless if the contract underneath them gets exploited first.

The question surrounding a BASE token is now when, not if. > The Base team openly stated they are exploring a native token at BaseCamp 2025. > Base exited the OP Superchain for full economic sovereignty earlier this year. > The regulatory environment has never been clearer for exploring a token. Most other L2 tokens have failed to accrue value. I researched and built five tokenomics frameworks and recommended one that makes BASE additive to COIN without diluting its shareholders.

@KelpDAO @Mantle_Official @aave The setup nobody talks about is that 10x leverage looping strategies on wrsETH create liquidation cascades that one oracle price move triggers

The wrsETH <> WETH @Mantle_Official market on @aave v3 is delivering over 6% rewards on 10x leverage. 🌱 Low borrow rate and high LTV - best for loopers seeking maximum capital efficiency. Plus boosted rewards on supply until April 15. 👀 Start looping! ⚓ app.aave.com/reserve-overvi…

🚨5/5 Treat signing systems like protocol code. Threat‑model, unit‑test failure modes, audit verification logic, and run incident drills. Attackers don’t care whether your bug lives in Solidity or in the wallet infrastructure.

🚨4/5 Monitoring matters. Alert on new withdrawal addresses, threshold breaches, signer/role changes, and cross‑chain outflows. Multi‑chain is a multiplier, one compromise can cascade into 16 chains if you don’t have circuit breakers.

🚨1/5 Phemex’s ~$70M hot‑wallet breach (Jan 2025) was an authorization failure amplified by multi‑chain ops. When the signing layer breaks, the attacker gets a valid withdrawal tx, across many networks, before humans react. #CyberAttack #Exploitless

@Mantle_Official @aave The thing people gloss over is that Aave v3 integration growing this fast creates smart contract dependency risk that both protocols need to monitor as it stands. No cap.

BREAKING: Mantle is now officially ranked 3rd largest in market size for total lending and borrowing on @aave. $1.34B secured, in slightly over a month. Another new all-time high. MoMNTum is inevitable.

@Mantle_Official @Alpha_Bybit @BlockSt_HQ @SCORProtocol @vooi_io @HeyElsaAI @Fluxion_network @birdeye_so What nobody is pricing in is that CeDeFi infrastructure bridging 80 million users to onchain protocols creates the largest hybrid attack surface in crypto right this second

The spot trading experience you know, with onchain reality you didn't expect. 4 native assets & counting, 2 protocols, 1 flywheel. Presenting the new standard for CeDeFi to 80M+ users worldwide, where the distribution layer and @Alpha_Bybit unite.