thanks to @TheShibMagazine for the ongoing K9 coverage and in particular for the highlight on my role with the K9 Finance DAO this week 🥰 I couldn't be more thankful for the opportunity to support @K9finance and will continue to do my best for the DAO 🫡

Shibarium Bridge hacker foolishly chose not to accept the K9 bounty - it’s finally time to share the investigation we’ve been working on…🔎 this is juicy 🤤 The hacker made one stupid mistake and it completely unravelled their Tornado Cash laundering. 💰🌪️💵 That one mistake let me link: 🔗 The original hack wallets 🔗 Tornado withdrawal wallets 🔗 And dozens of KuCoin deposit accounts, likely used by money mules 👮🚨🚓 When I first noticed this transfer I couldn't believe what I was seeing. Jackpot! 🎰 I spent days tracing the blockchain: • 1000’s of transactions; 293 of interest • 111 wallets • 260 ETH laundered through Tornado Cash • 232.49 ETH ending up in KuCoin • 48 KuCoin deposits; 45 unique deposit addresses The entire obfuscation strategy fell apart because a hacker-linked wallet accidentally sent 0.0874 ETH to a “secret” withdrawal wallet that was supposed to be clean - completely destroying their privacy. Using MetaSleuth, I mapped the money flow: Original hacker wallet → “dumping” wallets → Tornado Cash → a web of post-mixer wallets → KuCoin deposit addresses. We quietly shared this with the @ShibariumNet team first so they could work with law enforcement before going public, in case any funds were still frozen or recoverable at KuCoin, but now the time has finally come where we can share this work publicly. @0xdefiturtle also tried working with @kucoincom fraud department but they told us they needed a law-enforcement case number before acting, despite having everything mapped and all the evidence handed to them on a silver platter. So now I’m publishing the on-chain evidence and methodology for the community, and for any victims who want to file their own reports. In this thread I’ll walk you through the full explanation of this analysis, step by step. Be sure to open up the @MetaSleuth dashboard (linked below) to see the graph of all the key addresses and transactions that I uncovered.

🚨Breaking News🚨 25 ETH bounty for Shibarium Bridge Hacker - final offer. I don't think they deserve it. Let's see if they foolishly miss their last chance to profit from K9.... ⏳💸 #ShibArmy please spread the news!

K9 Finance continues to await verified updates on Shibarium bridge operations. As the bounty window approaches its end, we expect to hear progress from the SHIB team so the DAO can plan its next moves with clarity. Our priority remains protecting the community and $KNINE on ETH.

Update: The decay period for the bounty offered by @K9finance to the Shibarium Bridge Exploiter has now kicked in. The 5 ETH offer is lowering every second for the next 3 weeks. The Exploiter has been sent the following message: “⏱️ Tick tock... ⏳ The bounty decay has started. 💸 Your bounty is now decreasing every second to return the blacklisted KNINE. Accept now if you want to secure any value for the KNINE” TXID: etherscan.io/tx/0xa5127d0aa3… A metadata refresh on the NFT they were sent representing the current size of the bounty has also been triggered & can be viewed below. What was once a 5 ETH bounty is now ~ 4.8 ETH and going lower the longer they choose not to accept the offer from K9 DAO etherscan.io/nft/0xce70370df… opensea.io/item/ethereum/0xc…

Happy anniversary to Bone Crusher, K9 Finance DAO's liquid staking platform on Shibarium! It's been an awesome year for me using the product and I was able to acquire hundreds of millions of $KNINE by vesting $esKNINE as well as earning hundreds of $BONE by locking and staking $KNINE! We've had bonus tokens from partners, and have added 2 new farming pools! 300 liquid stakers, bridging 2M $BONE, minting $knBONE on Shibarium, 600 lockers and stakers with 200B $KNINE locked and staked. This platform helped make the K9 Finance DAO validator the #1 validator, have the most TVL, and deepest liquidity in pools on the network. Truly leading the way for Shibarium. I am honored to be a part of this DAO. Thank you for letting me be a part of it. Here's to the K9 Finance DAO, the development team, and the sub-DAO for all their efforts to make this platform what it is today. I appreciate all of you!

The Shib team has joined @K9finance to offer a bounty to the Shib Bridge Exploiter Shib Deployer 2 has sent a message offering a 50 ETH bounty in exchange for the tokens stolen. etherscan.io/tx/0x9e6cade526…

Update: The Shibarium Bridge exploiter responded with the following message: "Hi K9 Finance DAO! I can't accept 5 ETH. The bounty I can accept is 50ETH and I will not return KNINE for less. Please let me know when you are willing to meet that price" @K9finance DAO responded with a message co-approved by @kaaldhairya: "5 ETH is the final offer from K9 DAO & it starts decaying in 5 days. This is already more than standard 10% bounty based on the 41 WETH in LP you could have gotten from selling. The KNINE is locked, so you don't have negotiating power. The SHIB team will send an additional offer for 50 ETH for the remainder of the funds separately from shiba-swap.eth (Shib Deployer 2) Keep watching messages and maybe you'll walk away with your 50 ETH and a waiver of legal actions. But your offer from K9 DAO is 5 ETH. The bounty starts to decay in 5 days. Act quickly or you'll miss your chance. Save face - either accept the 5 ETH for the KNINE or it is worth $0 to you."

Dear Shibarium Bridge Exploiter: Limited-time offer for 5 ETH in exchange for returning frozen KNINE to @k9finance DAO The bounty contract is only available for 30 days. 5 ETH reward will start to decay in 1 week. Act ASAP for the full 5 ETH reward The K9 DAO has authorized a 5 ETH bounty for you to return the funds. We have deployed a trust-less contract for you to accept the bounty. Should you accept, K9 DAO will not initiate any further civil claims

RT @kaaldhairya: 🚨 Shibarium Bridge Security Update 🚨 Earlier today, a sophisticated ( probably planned for months ) attack was carried ou…

Incident Update: We’ve temporarily disabled the knBONE bridge while we support the Shibarium devs, who have paused BONE staking/unstaking to freeze the attacker’s ~3.7M BONE. Existing balances are unaffected. Bridging knBONE ↔️ BONE is paused until containment is confirmed. We’ll share more as soon as it’s safe to do so / becomes available.

The hacker used a flash loan from Shibaswap for 4.6M BONE (the $1m BONE buy people were celebrating) and delegated it to win majority voting power over the validators, which allowed them to sign a malicious state on the chain. The hacker *may* have known that they compromised 10/12 Shibarium validators, but they needed 2/3 voting power to sign a malicious state. K9 & Unification validators' BONE holdings did not give them 2/3 of the state without the flash loan In the same transaction they covered the flash loan with the SHIB & ETH from the bridge by selling, which covered the flash loan They took 224.57 ETH & 92.6B SHIB in total. It cost them 216 ETH to repay the flash loan Now, since they needed to delegate BONE to the validator to gain 2/3 power, that leaves all of the BONE in the validator (cause of the time required to unstake), which (to my understanding) is being frozen Their next move (which they attempted 7x) was to sell KNINE (worth ~$700k) but they were unsuccessful before the K9 DAO multi-sig was able to blacklist their address As of right now they have not attempted to sell any of the other assets other than KNINE from @K9finance cc @Shibtoken @ShibariumNet @zachxbt @tayvano_

In the War Room after Shibarium bridge hack. Hack appears to be 10/12 Shibarium Validators signing keys compromised and them signing a malicious chain root state. Only @K9finance and @UnificationUND validators did NOT sign the malicious transaction.

K9 dApps (Bonecrusher, Quest, and more) were not affected by the recent NPM supply chain attack. We lock dependencies with package-lock.json, preventing auto-upgrades. Every update is carefully reviewed before production. K9 apps are safe to use ✅

Explanation of the current npm hack In any website that uses this hacked dependency, it gives a chance to the hacker to inject malicious code, so for example when you click a "swap" button on a website, the code might replace the tx sent to your wallet with a tx sending money to hacker But in your wallet you'd still see the bad tx and need to approve it, its not like you'll instantly get drained Furthermore, this will only impact websites that pushed an update since the hacked npm package was published, as other projects will have the old version And most projects pin their dependencies, so even if they push an update they'll keep using the old safe code So your wallet is safe and the effective impact area is much smaller than "all websites", but since you cannot really know if a project pinned dependencies, or if they have some dynamically downloaded dependency (very unlikely), it's just safer to avoid using crypto websites till this blows over and they clean up the bad packages

with the NPM supply chain attack still ongoing, K9 is not doing any on-chain transactions until there is more clarity/resolution. according to ledger CEO and other industry leaders, any website could be compromised via the poisoned packages. suggest everyone operates with caution for the time being k9 dev team is doing a full review of infra to ensure none of K9 infra is impacted (unlikely but better safe than sorry)

We heard you like to farm airdrops on L-2s, so we built the highest valued airdrop in the history of the @Shibtoken L-2, Shibarium. You should go check your wallet for XP. ⬇️

If you've wanted to quickly see which tasks are new in the K9 Finance DAO Quests campaign, there's a notification bell that'll show you! If you've been coming to the Dapp daily and keeping up with the tasks, this can help you complete the new tasks quicker. If you're not registered, you still have 48 days to earn as much XP as possible. Previous tasks are active all campaign long, so don't think you're missing out! At the end of the campaign, your XP will determine how much $KNINE you'll be able to claim after the Quests end.

⏱️K9 Polygon Expansion Update - Exploratory Committee Begins Research Earlier this year, the K9 DAO voted to fund the exploration of a potential expansion to the Polygon blockchain. I’m excited to share that research has officially begun, and the development team has provided an initial progress report. Before diving in, it’s important to clarify: this is not a launch announcement. What’s being conducted right now is due diligence: an in-depth feasibility study to understand the technical and economic realities of expanding to Polygon. The final report will still be weeks away, and even then, any future direction will remain up to you - the K9 community - to decide. Here’s a high-level summary of what’s been uncovered so far: 🧱 Technical Integration Feasibility No major technical blockers. Because K9 is built on Polygon POS, integration appears smooth at the base level. However, Polygon 2.0 introduces new architecture, like the AggLayer and restaking infrastructure, that we’ll need to analyze further to ensure long-term compatibility. 🔒 Validator Access Polygon supports up to 105 validators; currently, 102 slots are filled. K9 has not yet applied, but based on our performance, reputation, and contributions to Shibarium, we believe we stand a strong chance of approval if/when we choose to proceed. 📉 Lido Exit = Opportunity When Lido sunset operations on Polygon in June 2024, it left 86M POL still staked, proving demand for liquid staking remains high. The Lido exit was driven by DAO priorities and revenue vs. cost considerations, not lack of demand. 🧪 Market Research Underway The dev team is evaluating existing Polygon liquid staking solutions: Stader Labs, Ankr, Kiln, and Figment. This helps identify where K9 can differentiate and what potential integrations or partnerships might be possible. 🪙 Token Mechanics With MATIC transitioning to POL, the likely token for our liquid staking product would be knPOL. Early thinking: users would deposit POL (likely on Ethereum) and receive knPOL on Polygon for use across the DeFi ecosystem. 🏗️ Infrastructure Requirements Becoming a validator requires at least 10,000 POL staked. While the DAO could fund this directly, we’re also exploring grants, partnerships, or assistance from the Polygon team. These conversations will begin once we complete our internal time/cost/ROI evaluations, which are now in motion. 🧠 What’s Next? The team is now focused on mapping out the cost, development time, and projected return on investment. This step is crucial: without it, we can’t responsibly approach partners or make any recommendations to the DAO. When the full report is ready, it will be shared publicly. From there, the community can assess the findings and decide whether to proceed, pivot, or pursue other expansion options. You can read the original proposal on our forum with the link in the comments below.