Feeling FOMO on lab:native @LABtrade_ ? The trade is not finished yet, but we know the results in advance ethereum:0x17205fab260a7a6383a81452ce6315a39370db97, $RIVER, $ARIA already ended for the marketmaker, leaving the exit liquidity with -95% P&L Now the case of lab:native develops: why you should stay away 👇

Since April, Web3 has spent three days without a major crypto exploit. Quite expectable for CORE3 users who got their hands on the risk data. As it happens, we released the 1,463-project Probability of Loss (PoL) dataset the same week Drift collapsed. Frankly, the probabilities for the next collapses were already in it. Drift Protocol, PoL 47 (CCC). $285M. The attackers posed as a trading firm, met the team at conferences, and even deposited over $1M of their own capital just to drain 285x more using compromised multisig. Operational gaps. KelpDAO, PoL 46 (CCC). Another $292M. Their bridge used a 1-of-1 verifier. Attackers fed the DVN a forged message, and the bridge minted $292M of unbacked rsETH. Dependency risk. Humanity Protocol, PoL 80 (D). $30M . They used multisig 3-of-5 while having three of them on one laptop. Operational gaps compounded with security. THORChain, PoL 47 (CCC). $11M. The leading theory points to GG20, the threshold signature scheme securing its vaults: a 2020-era cryptographic library with critical flaws published back in 2023. Old code that nobody re-validated against known attacks. On-chain security. What the spring cases share is that the dominant exploit path of 2026 was key compromise. Get the keys off a founder's laptop, then mint or extract value. The best remediation is documented key storage, rotation, and signing policies, for example, under CCSS. Public data flagged the gaps that enabled those exploits. We did not know when. Probability of Loss measures, well, the probability of loss, not the date of loss. ⁉️Which projects will be next to learn how to store keys or audit deprecated infrastructure? The vigilant researcher will find answers in the data. The core3.io dataset also covers smaller projects that already suffered an incident, or still have the chance to: Verus, Haedal, LAB, RAVE, and 1,400 more. Check their risks, but don't get too bored.

Is it used? Is it needed? Is it alive? Make your take on a @centrifuge with an expert review. Join the Proof of Voice x Centrifuge community AMA as a speaker and ask the hard questions directly to the community representative. *PoV is CORE3's accountable opinion leadership initiative, where verified researchers publish project reviews under their own credentials, building a track record they put their name on.

If you used a risk infra you would have already known which won't break while you hold

ethereum:0x98a878b1cd98131b271883b390f68d2c90674665 The chart below is why a risk standard for stablecoins is needed as much as it is for the rest of DeFi few suggestions to watch for your stablecoins: • Can you really exchange it for $1 when things go >$1? • Dependancies, what your wrapped dollar relies on? • Decentralization: can and will they flip the switch or freeze the coins? and document what went wrong with APX, so it never happens again (it will)

$LAB is exactly why risk infrastructure is needed Listing teams have number to defend Allocators have parameters to demand Retail traders have threshold to avoid

The first case of a data submission from a crypto exchange under the Probability of Loss benchmark: @VALRdotcom. Before: PoL 80, D Confidence. The result after submission: PoL 39.3, B confidence. Score breakdown: Solvency: 50/100 Transparency: 100/100 Security: 59/100 VALR, South Africa’s largest exchange by trade volume, now has an evaluation of its risk surface and a documented plan of what’s missing. At the same time, users can now see both strengths and gaps reflected in the PoL index. Self-regulation, working as designed. See other exchanges’ scores: core3.io CEX methodology: docs.core3.io/cex-pol-method… VALR closer study: core3.io/blog/case-study/val…

hot take: Today's exploits are not so bad for tomorrow's Web3 The April-May exploit run showed zero new attack patterns. Every drain ran on a script the industry already known how to contain and prevent: Keys exposed; Governance overtaken; Frontend phished; Audit clean but eighteen months stale. Risk in crypto is not unknowable. It has parameters. And every previous crash wrote one of them down. Mt. Gox showed us custody is not a database. FTX made Proof-of-Reserves table stakes. The DAO and the early DeFi drains turned smart contract audits from optional into the minimum bar to attract capital. Terra and Anchor put treasury quality, yield sustainability, and protocol dependency on every serious diligence sheet. Ronin and Multichain killed the "DeFi has no key problem" myth. Four of Ronin's nine validator keys compromised, fifth was a stale allowlist permission nobody revoked. Sounds familiar? Pump.fun's era of disposable launches forced on-chain provenance into the assessment stack: mint authority, freeze authority, dev wallet concentration, LP lock status, time to first migration. CORE3's methodology defined metrics that have already collapsed projects on Security, Financial, Operational, Reputational, Compliance surfaces. That is what a risk standard is. The industry's failures, written down, so the next project gets scored against them before it ships. Not after. DeFi will not win by becoming bug-free. DeFi wins when the cost of every old exploit is priced into how the market evaluates the next launch, before the audit certificate, before the CEX listing, before the airdrop snapshot. Every loss from here is a choice. To not measure, to not disclose, to not score against what the industry already paid to learn. Your move.

What would you check when staring at the two identical projects?

Two early projects. Same vibe, same TVL, same hype. You have 20 minutes and one allocation. Probability of Loss tells you which one rhymes with FTX, with Terra, with Drift, before they got drained. How CORE3 and PoL work ⤵️