Everyone thinks there's a hackpocalypse going on in crypto right now. But if you dig into the data, the story is not that simple. Narrative violation: total dollars hacked in 2026 actually looks pretty normal so far. Check the chart below for raw data. What's grown is not the amount hacked, but rather the NUMBER of incidents. Case in point: April was a brutal month for $$ hacked, but May was actually way below average in terms of $$ hacked (1/10th hacked compared to April). And yet by number of incidents, May was actually the highest in crypto history. So what could explain the number of hacks going crazy, but the amount stolen staying flat? Here's what I think is going on: for large protocols, using AI for cybersecurity is balanced between offense/defense. If you're Uniswap, AI makes it easier to harden your protocol, just as much as it makes it easier for randos to attack you. But for the tens of $10M TVL DeFi protocols, there's no one running AI hardening at all. So attackers are looting unattended stores. Over time that will push TVL toward the larger protocols that can actually afford to defend their gates (and eventually, formally verify their code). Analogy: In a high crime city, the Wal-Mart stays open, but the family owned corner store that can't afford security shuts down. Over time, the equilibrium is that more and more people will end up doing their shopping at Wal-Mart.

JUST IN: Anthropic co-founder Jack Clark reportedly warned new recruits to “get hobbies that aren’t computers,” saying the company is building a “superhuman coder with nation-state hacking capabilities.”

👉For 4 years, 1 day, and 10 hours, anyone who understood the Orchard circuit could have minted ZEC out of thin air, silently, with no on-chain signature. The bug was disclosed this week. It was found by an AI-driven audit running Opus 4.8, not by an attacker. 1. Call the bug what it is Two lines in halo2's variable-base scalar multiplication gadget used assign_advice() where copy_advice() was required. As a result, the diversified-address integrity check pk_d = [ivk]·g_d could be satisfied for arbitrary inputs. A malicious prover could spend the same note multiple times with different nullifiers, i.e. counterfeit ZEC inside the Orchard pool, undetectable on-chain because the privacy of the ZK proof hides exactly the inputs that would reveal the attack. We do not know whether it was exploited. We will probably never know. 2. Four years. Multiple audits. Top-tier reviewers. Orchard was reviewed by some of the strongest cryptographers in the field before activation. They missed it. Earlier automated audits with Opus 4.7 missed it. Opus 4.8 catches it in roughly 1 in 4 runs when prompted generically. The bug is hard. And ZK inflation bugs are not new. Zcash itself shipped a counterfeiting vulnerability in Sprout (BCTV14) that survived years before being silently neutralized during Sapling. Similar soundness issues have appeared in circom, halo2, and rollup verifiers since. The pattern is consistent: when the protocol is private, exploitation is undetectable. You patch the bug and hope. 3. What Zcash did right This was a textbook decentralized incident response: ▶️Audit: a full AI-assisted soundness audit of halo2 Orchard, scoped end-to-end. ▶️Discover: the agent flagged the missing constraint and worked out the algebra to turn it into an exploit. A working RPC-level PoC in ~6 hours, mostly waiting on tokens. ▶️Coordinate: a soft fork disabling Orchard, prepared and distributed without leaking the bug, activated 2 days and 15 hours after acknowledgement. Coordinating a soft fork across miners, exchanges, and nodes without disclosing why is genuinely hard. They did it. ▶️Disclose: timeline, code lines, math, open questions. No spin. Worth naming explicitly: Zcash's turnstile invariant caps the value that can ever leave a shielded pool by the value that entered it. Privacy and verifiability inside the same protocol. That is not an accident. That is good engineering, and it is what kept the worst case bounded. 4. The economics of security just changed AI does not change whether bugs like this exist. It changes the cost of finding them. I wrote about this x.com/P3b7_/status/203643721…: a missing constraint in a 4-year-old production ZK circuit used to require a top-tier cryptographer with months of context. It now requires a few tokens, an API key, and a well-framed prompt. The defender benefits. The attacker benefits more, they only need to find it once, and they never disclose. Orchard is the optimistic version of this story: defense got there first. The pessimistic version is the one we cannot rule out, because the chain is private by design. 5. The only real exit You do not patch your way out of this asymmetry. You raise the floor. Formal verification of consensus-critical circuits, every assign_advice audited by SAT solvers and AI for under-constraint, as the reporter himself recommends. Proof-grade engineering that used to be too expensive is now cheap enough to be mandatory. Hardware roots of trust, secure enclaves, certified secure elements, WYSIWYS. Cryptographic guarantees the user can actually verify, not promises a host can lie about. Continuous AI-assisted audit of every consensus-critical commit, re-run immediately on the release of any new frontier model. Zcash didn't just patch a bug. They demonstrated the new defensive playbook: AI-driven audits, decentralized coordination, radical transparency, verifiable invariants. That is the direction the rest of the industry needs to follow. And those who don't raise the bar for security will be rekt in this new world. Stay safe. Stay honest about your trust assumptions.

Unfortunately, there is a hack related to @gnosispay and the "delay module". Please be patient while we try to contain the damage. Rest assured, Gnosis will cover all user losses.

We’re thrilled to welcome Justus Hanna (@0xriptide), CEO at Grego AI, to the stage at JBWS2026! Join us in Tokyo for insights on the future of blockchain and innovation. 📅 July 12, 2026 📍 Shibuya, Tokyo 🎫 luma.com/jfsb91aj #JBWS2026

PSA: I now consider *all* of DeFi unsafe. Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.

This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.

We’re sharing our completed post-mortem on the April 18th incident, prepared with @Mandiant and @CrowdStrike. We are publishing both an executive summary and the full report at the link below. Over the past four weeks, we’ve worked with hundreds of partners to help them understand their current security posture, and harden it where appropriate. We’ll continue this work, alongside taking additional proactive steps for the benefit of not only our partners, but also the ecosystem as a whole. We want to extend our thanks to our partners for their support and patience this past month. There’s a reason that over $12 billion has moved across the network in the past four weeks, and why the world’s most valuable asset issuers have stood by our side: they believe in us, in what the LayerZero protocol has to offer, and in the value of modular, isolated, application-controlled security. The work continues. And we look forward to continue showing up for the applications that trust us with their business, as well as the broader ecosystem. layerzero.network/blog/layer…