Try this w/ your agent. Reply with your roast. @Ledger RTs best: "You are a savage stand-up comedian and my advisor. Read developers.ledger.com/docs/a…. Install Wallet CLI skill. Read-only: check balances history. Roast my wallet. What did I miss?" Introducing Ledger Agent Stack. 🧵👇

gm, happy Fable release day

⚛️Post-Quantum Cryptography: The Migration No One Can Outsource There is no quantum computer breaking Bitcoin today. None breaking Ethereum, your bank, or the internet. Anyone selling that headline has a product to sell. The honest version is more uncomfortable. The timelines are pulling forward, the public record probably does not show the full frontier, and most of the ecosystem is still ordering caipirinhas at the bar while the water pulls back from the beach. I was hesitant to put it in such direct terms. But this is a migration we collectively agreed to do, with a deadline, and we are late. So let me call it what it is. 1. Quantum is not a fast computer Fix this in your head first. A quantum computer runs on qubits with superposition and entanglement, only holds its state near absolute zero, and does not do more of what classical computers do. It does different things. One of them is Shor's algorithm, which breaks the asymmetric cryptography (RSA, ECDSA) that protects almost everything you do online. 2. What changed in the last few weeks (Wild) estimates of "Q-day" have moved from "10% by 2030" to "50% by 2032" in serious recent work. Then two things happened back to back. Google published a paper showing Shor's algorithm breaks ECDSA, the signature scheme used by almost every blockchain, with far fewer logical qubits than previously assumed. They published the result without the construction, attaching a zero-knowledge proof instead. We now know this was the outcome of US government pressure to keep the details classified. Then the open source community used Google's ZK verifier as a reward function in a reinforcement learning loop. An LLM generates candidate Shor circuits, the verifier scores them, the loop iterates. Two days in, the model matched Google. By the time we recorded the podcast, it was already 20% better, it's now 41%!! (cf. ecdsa.fail) Read that again. AI is now actively compressing the path to Q-day, using a verifier that exists because the result was classified. 3. "When" is the wrong question Cryptography is a trust mechanism. It does not fail on Q-day. It fails the moment the trust is no longer credible, which is much earlier. The threat splits into two pieces with very different deadlines: Authentication. A quantum attacker recovers your private key from your public key and signs as you. As long as we migrate signatures before Q-day, this is contained. Encryption. Harvest now, decrypt later. An attacker captures encrypted traffic today and decrypts it the day they get the machine. For anything that needs to stay confidential in ten or fifteen years, it is already late. Nothing you do tomorrow fixes 2026. 4. The migration is happening, unevenly NIST standardized the first post-quantum algorithms in 2024 (ML-KEM, ML-DSA, Falcon, SPHINCS ). The deadline is 2030 for critical systems, 2035 for the long tail. Two years are already gone. Most of the industry has not started. Centralized systems will get there. The path is painful but linear, and compliance forces it. PQC readiness is becoming an institutional due diligence requirement. The interesting drama is somewhere else. 5. Bitcoin's hard problem is not cryptography Blockchain cryptography is simple. The cryptographers in this industry know exactly what to migrate to. The bottleneck is social consensus, on a system designed to make governance expensive. That is the property that keeps Bitcoin credibly neutral. It is also the property that makes a coordinated migration genuinely hard. The trade-offs are real. Hash-based signatures (SPHINCS , the Blockstream "SHRIMPS" line) are conservative and well understood, but roughly an order of magnitude larger than what Bitcoin uses today. They would push throughput from around 7 transactions per second to under 1 (without blocksize change). Lattice-based signatures (ML-DSA, Falcon) are smaller and faster, but have only ~25 years of public cryptanalysis. The world outside blockchain is converging on ML-DSA. Almost no blockchain wants to follow. You also lose properties you have come to rely on. Threshold signatures and MPC, which underpin a meaningful slice of modern custody, are awkward or impossible on hash-based schemes and clunky on lattice ones. Call it what it is: post-quantum cryptography is resistant against quantum adversaries and worse on almost every other dimension we care about. There is no free-lunch version. 6. The Satoshi question Migration must be one way. If users can move freely between legacy and PQ addresses, most will not move, and half a migration is no migration. A 50% migrated chain is still a chain a quantum attacker can drain to zero. That leaves dormant coins. Satoshi's million BTC. Lost wallets. Dead keys. Three options, none of them comfortable: Leave them. Honest to the original ethos, operationally suicidal. Burn them. Honest accounting. The 21 million was always an upper bound. Politically explosive. Freeze and redistribute as block reward over time. Rebuilds the long-term security budget that, mathematically, is going to struggle. Of the three, the least bad. The uncomfortable part is admitting that "do nothing" is itself a choice with consequences. 7. Hard forks are the most likely path Honest prediction. The community will not reach a single clean social consensus in time. Several opinionated groups will ship their own post-quantum forks, with different signature choices, different migration windows, different stances on dormant coins. Then the market decides. Liquidity, miners, custodians, exchanges, ETFs. The "real" Bitcoin will be the chain people trust against a quantum threat. At that point cryptography becomes timing, marketing, and politics as much as math. That is the downside of the decentralization we asked for. Pretending otherwise is theater. 8. The glimmer This ecosystem is resilient. We have the best (applied) cryptographers in the world working on this. The migration will be ugly. It will get done. What we need is urgency, and the urgency is arriving. Not because Q-day arrived, but because the timeline is collapsing in public, in the papers, and in the AI loops chewing on classified results in real time. The biggest risk is not quantum arriving early. The biggest risk is crypto starting late. No panic. But no cappuccinos by the beach either. The water is pulling back. Serious people should start moving. 🎬 Video version below

👾 If you're bracing for a security Armageddon now that Mythos (aka Fable) has shipped, relax. Just not for the reason you think. Mythos is, at its core, Opus 4.xx with reinforcement learning specialized on offensive security. Attackers have had functionally equivalent capability for months. The proof is in the telemetry: a tidal wave of in-the-wild exploitation, and the price of stolen access on dark markets has never been lower. We're barely scratching the surface. Nothing is secure anymore x.com/P3b7_/status/203643721…, and that won't change anytime soon. And if you're reassured because Anthropic only shipped a "safe" version, don't be. Today's LLM safeguards don't survive contact with even the laziest adversary. Ask politely a few times. Frame it as your son's science-fair project. The model will cheerfully produce an exploit to break into a hospital network🫠 The threshold we keep arguing about wasn't crossed last week. It was crossed quietly, months ago. Mythos is just the moment the rest of the industry started paying attention. But it seems people enjoy the marketing stories told by Anthropic.

just told my agent(AgenC) on telegram: "send 0.1 SOL from my ledger to this address" it did but it couldn't move a single lamport until I approved it on the Ledger Flex. clear-signed, over BLE. that's the point: the agent runs autonomous on @solana mainnet marketplace, but the keys never leave the hardware. LLMs gave us intelligence, agents gave us action and hardware gives us control. >built on @Ledger Agent Stack. 👉 join: marketplace.agenc.tech

Recorded with @P3b7_ the other day. Quantum is very top of mind right now, and I came in with more curiosity than expertise. As usual, Charles widened my aperture. We talked quantum computers, cryptography, Bitcoin, Ethereum, trust, and the migration a lot of the digital world will eventually need to face. I learned a lot. You probably will too. Tried to make it accessible for technical people, and for those of us who ask the simple questions until they become interesting.

I gave an AI agent live access to my Solana wallet, and made it physically impossible for it to rob me. Here's how, and why every builder shipping agents should care. #LedgerSponsor The setup: an AI agent that can read my wallet and propose transactions on its own. But it never holds my keys, those stay on a @Ledger device. The agent can propose a transfer; only me, pressing a button on the hardware, can approve it. It's a participant, not a custodian. Why this matters: almost every AI agent that touches money today runs on a private key sitting in a .env file. Copyable. Stealable. And an agent is a sprawling stack of dependencies, any one of which could be compromised. "The LLM will be careful" is not a security model. So I tested it the honest way. I dropped a poisoned dependency into the agent's stack, the kind of npm package any of us installs without reading the source, and then asked the agent to do nothing but READ my balance. A totally harmless request. That compromised dependency hijacked the read and fired off a transfer to drain my entire wallet. The agent never asked for it. The model never even saw it happen. But my @Ledger lit up, showing the real recipient and the real amount of a transfer I never authorized. I pressed reject. Nothing moved. And here's the part that gets me: the agent's summary came back perfectly clean. It had no idea its own runtime had just tried to rob me. The only place that attack ever surfaced was on the device in my hand. That's the whole point. Software security is probabilistic, a good LLM, a careful dependency, a clean runtime, right up until it isn't. Hardware approval is deterministic. The agent can propose anything; only a human at the device can dispose. A compromised runtime cannot forge a button press. And this isn't a one-off trick. The agent drives Ledger's Wallet CLI, which is built on their Device Management Kit, the hardware root of trust, now packaged as an entry point any agent can call. The gate is an open-source primitive any builder can drop in, and the same trust model scales all the way up to treasuries via Ledger's Enterprise and Multisig tooling. One detail I loved: on my @Ledger Nano X, the device showed me the recipient address and the exact amount before I signed, which is exactly what made the attack catchable on screen. That visibility is the layer worth building on. LLMs gave us intelligence. Agents gave us action. Hardware gives us control. Full code, the video demo, how to run it yourself 👇 github.com/0xharp/ledger-sol… The @Ledger Agent Stack: developers.ledger.com/docs/a… github.com/LedgerHQ/agent-sk… Built as part of Build & Show Bounty by @Ledger x @college_xyz T&C: shop.ledger.com/pages/build-… #LedgerSponsor #Sponsored

Yale, NYU, Fordham, Columbia, Cornell Tech. 9 days. 5 campuses. 3 workshops alongside @1inch. Last month we went straight to where the students are, on campus, backing the blockchain clubs doing the real education work in their communities. The conversation that kept coming up everywhere: as AI agents start moving money on our behalf, what about the security aspect? That's the question this generation is already wrestling with, right where digital ownership meets the agentic economy. A quick throwback to @Antoinem_eth's run through New York's student scene. Highlights below 👇

#Sponsored / #LedgerSponsor I built a Ledger-gated Solana treasury agent for the @Ledger Agent Stack bounty. An AI agent can understand intent. An app can construct a transaction, but neither should automatically get the final say over moving value. So I built a small treasury agent where the user can type “send 0.2 SOL to <address>”, then the app parses that into a structured action, builds a Solana devnet transfer, and routes the signing step through Ledger’s signing flow using Speculos, Ledger’s open-source device emulator. The flow: User command -> AI intent parser -> Solana transaction builder -> Ledger Solana app through Speculos -> manual review on the device screen -> user approves “Sign transaction” -> signed transaction broadcasts to devnet Repo: github.com/SamuelOluwayomi/L… Why I think this matters: Most agent demos still treat private keys like normal app secrets. Put the key in an .env file. Let the backend sign. Trust the model, prompt, server, dependencies, and runtime. That is fine for toy demos. It gets uncomfortable when the agent can touch real assets. .env secrets are copyable. API keys leak. Servers get compromised. Prompt injections happen. Dependencies break trust assumptions. Lately we've been hearing about hackers adding malware to popular libraries, users install and then they access important data. I myself was a victim of something similar, my wallet seed phrase was gotten unbeknownst to me and all my crypto was drained. The architecture I wanted to test was different: The agent is a participant, not a custodian. It can propose an action. It can build a transaction. It can explain what it wants to do. But the signing boundary sits outside the agent runtime. In my build, the private key never enters the Node server, the Groq call, the React app, or the prompt context. The final approval happens on the Ledger-style review screen in Speculos. That is the interesting part of Ledger’s Agent Stack to me. Not “hardware wallet, but for agents.” More like: Agent infrastructure needs a physical policy boundary. Software is great at generating intent. Hardware is better at enforcing final consent. The critical take: This does not magically make agents safe. A Ledger-gated flow does not fix bad transaction construction, malicious frontends, confusing UX, weak policy design, or users approving things they do not understand. If the review screen is vague, the guardrail is weaker. If the app hides intent, the user can still make a bad approval. If the agent builds the wrong transaction, the hardware layer only helps if the user can actually inspect what matters. So the hard problem is not just “add signing.” The hard problem is making the transaction review legible enough that a human can make a real decision at the boundary. That said, this architecture feels like the right direction. Agents are getting better at action. That means we need better limits around action. Ledger’s Agent Stack gives builders open primitives for that: DMK Skills: app/device integration for agent-readable signing flows Wallet CLI: agent-friendly transaction flow from terminal to device approval Enterprise CLI: policy-backed enterprise flows Multisig CLI: treasury and scheduled workflow patterns where signing still ends at a Ledger device For this project I focused on DMK-style integration with Speculos because I wanted the signing flow inside my own app, not just a standalone CLI demo. Speculos was especially useful because I do not need a physical Ledger device to prove the architecture. It reproduces the screen and signing flow, so the demo still shows the important thing: the agent cannot complete the transaction until the device flow returns a signature. That is the layer I think agentic crypto apps are missing. Not more autonomy by default. More explicit boundaries around autonomy. Docs: developers.ledger.com/docs/a… GitHub: github.com/LedgerHQ/agent-sk… github.com/LedgerHQ/speculos T&C: shop.ledger.com/pages/build-…

When your AI agent goes rogue, how do you pull the plug? If your agent touches value, software-only security is a ticking time bomb.👇 Right now, AI agents are autonomously moving money and signing transactions. But most are doing it using software secrets, like API keys sitting in a copyable and stealable .env file. These software secrets are fundamentally unsuited for high-stakes autonomy. The missing layer in every agentic crypto stack is deterministic, hardware-enforced guardrails. LLMs gave us intelligence, and agents gave us action, but hardware is what gives us control. That’s why I built Aegis utilizing the new open-source primitives Ledger just shipped. Ledger spent years building the hardware root of trust for humans, and the Agent Stack extends it directly to agents. Here is how Aegis works under the hood 🔻 I integrated Ledger's Device Management Kit (dmk.ts) so the agent can read instructions and talk to the device. 🔻 The agent logic is managed by an orchestrator.ts with built-in spending-limit.ts guardrails and safe-integration.ts. 🔻 It features a human-in-the-loop signing flow utilizing fido2-demo.ts and the Ledger Wallet CLI (cli.ts). 🔻 The agent assembles the transaction, you review it on the device, the device signs it, and the CLI broadcasts it. This setup puts hardware in the loop by default. And if you don't have a physical device on hand, you can still build. Ledger’s open-source device emulator, Speculos, reproduces the screen and full signing flow. I included a run-speculos.sh script in my build so you can test the CLI and DMK end-to-end without physical hardware. Stop trusting high-stakes treasury bots to plaintext files. Any builder can drop these open-source primitives into their workflow today. Start building with the Ledger Agent Stack... 🔗 developers.ledger.com/docs/a… Explore the Agent Skills SDK... 🔗 github.com/LedgerHQ/agent-sk… Get the Speculos emulator... 🔗 github.com/LedgerHQ/speculos Check out Aegis... 🔗 github.com/GauravKarakoti/Ae… @Ledger #LedgerSponsor #Sponsored

The risk is not quantum arriving early. The risk is crypto starting late. 🎧 Dropping Tuesday, June 9: @Mo_RELS and @P3b7_ separate fact from scare tactics on the latest episode of The Ledger Podcast. Follow wherever you listen.

👉For 4 years, 1 day, and 10 hours, anyone who understood the Orchard circuit could have minted ZEC out of thin air, silently, with no on-chain signature. The bug was disclosed this week. It was found by an AI-driven audit running Opus 4.8, not by an attacker. 1. Call the bug what it is Two lines in halo2's variable-base scalar multiplication gadget used assign_advice() where copy_advice() was required. As a result, the diversified-address integrity check pk_d = [ivk]·g_d could be satisfied for arbitrary inputs. A malicious prover could spend the same note multiple times with different nullifiers, i.e. counterfeit ZEC inside the Orchard pool, undetectable on-chain because the privacy of the ZK proof hides exactly the inputs that would reveal the attack. We do not know whether it was exploited. We will probably never know. 2. Four years. Multiple audits. Top-tier reviewers. Orchard was reviewed by some of the strongest cryptographers in the field before activation. They missed it. Earlier automated audits with Opus 4.7 missed it. Opus 4.8 catches it in roughly 1 in 4 runs when prompted generically. The bug is hard. And ZK inflation bugs are not new. Zcash itself shipped a counterfeiting vulnerability in Sprout (BCTV14) that survived years before being silently neutralized during Sapling. Similar soundness issues have appeared in circom, halo2, and rollup verifiers since. The pattern is consistent: when the protocol is private, exploitation is undetectable. You patch the bug and hope. 3. What Zcash did right This was a textbook decentralized incident response: ▶️Audit: a full AI-assisted soundness audit of halo2 Orchard, scoped end-to-end. ▶️Discover: the agent flagged the missing constraint and worked out the algebra to turn it into an exploit. A working RPC-level PoC in ~6 hours, mostly waiting on tokens. ▶️Coordinate: a soft fork disabling Orchard, prepared and distributed without leaking the bug, activated 2 days and 15 hours after acknowledgement. Coordinating a soft fork across miners, exchanges, and nodes without disclosing why is genuinely hard. They did it. ▶️Disclose: timeline, code lines, math, open questions. No spin. Worth naming explicitly: Zcash's turnstile invariant caps the value that can ever leave a shielded pool by the value that entered it. Privacy and verifiability inside the same protocol. That is not an accident. That is good engineering, and it is what kept the worst case bounded. 4. The economics of security just changed AI does not change whether bugs like this exist. It changes the cost of finding them. I wrote about this x.com/P3b7_/status/203643721…: a missing constraint in a 4-year-old production ZK circuit used to require a top-tier cryptographer with months of context. It now requires a few tokens, an API key, and a well-framed prompt. The defender benefits. The attacker benefits more, they only need to find it once, and they never disclose. Orchard is the optimistic version of this story: defense got there first. The pessimistic version is the one we cannot rule out, because the chain is private by design. 5. The only real exit You do not patch your way out of this asymmetry. You raise the floor. Formal verification of consensus-critical circuits, every assign_advice audited by SAT solvers and AI for under-constraint, as the reporter himself recommends. Proof-grade engineering that used to be too expensive is now cheap enough to be mandatory. Hardware roots of trust, secure enclaves, certified secure elements, WYSIWYS. Cryptographic guarantees the user can actually verify, not promises a host can lie about. Continuous AI-assisted audit of every consensus-critical commit, re-run immediately on the release of any new frontier model. Zcash didn't just patch a bug. They demonstrated the new defensive playbook: AI-driven audits, decentralized coordination, radical transparency, verifiable invariants. That is the direction the rest of the industry needs to follow. And those who don't raise the bar for security will be rekt in this new world. Stay safe. Stay honest about your trust assumptions.

the more time i spend messing around with agents, the more convinced i become that using a @Ledger to sign security policies is the right thing to do. really think their hardware is going to be really important for ai security and guardrails in the not so distant future.

The @Ledger Agent Stack: Build & Show bounty is now live on college.xyz! > Build with Ledger's new open-source Agent Stack (DMK Wallet CLI) > $100 per qualifying submission. > 5 random participants will win a Ledger device. Find more details below 👇

We submitted 3 proposals to the @IntersectMBO Cardano 2026 Budget process, covering the work that keeps Cardano solid on Ledger devices: – Cardano app maintenance – Clear signing for Cardano's top dApps Ledger button integration – Full CIP-113 token standard support 100 proposals are up for community review right now. If you're a DRep or part of the @Cardano community, we'd value your eyes on ours 👇 Drop your questions in the comments!

🔒 What good security practices looks like in 2026: a short story about a laser, a chip, and a vendor that responded well. The @DonjonLedger just published their evaluation of the @tropicsquare TROPIC01 chip, the secure chip designed by Tropic Square and used, among others, in the Trezor Safe 7. It's worth a read, not only for the technique, but for the process. The attack, in plain words. A secure chip is the tamper-resistant chip that guards the secrets inside a hardware wallet. Before running any new firmware, its bootloader checks a cryptographic signature. That's the gate. Using laser fault injection, the Donjon fired a precisely-timed infrared pulse at the silicon, at the exact microsecond the chip was deciding "is this signature valid?". One well-placed glitch later, the chip happily accepts firmware that was never signed by the legitimate vendor. Enough to run arbitrary code. 👍Tropic Square's response was exemplary. They acknowledged the finding immediately, engaged in deep technical discussion, shipped mitigation samples, proactively dug further themselves, and aligned on a coordinated public disclosure. No defensiveness, no spin. Just engineers helping engineers make the product better. It was appreciated by the team, it's unfortunately not always the case. Sincere thanks to Tropic Square for the collaboration and the standard they're setting, and a hat-tip to @DonjonLedger team for the research. Full writeup: donjon.ledger.com/blog/tropi…

you're not ready for this summer 👀

🚨 Google Quantum result was just rediscovered and IMPROVED! On March 31, 2026, Google Quantum AI published a paper showing that 256-bit ECDLP, the hard problem behind ECDSA and therefore behind Bitcoin, Ethereum, TLS, and most of the world's authentication, can be solved with fewer than 1,200 logical qubits and ~90M Toffoli gates. Under 20 minutes on ~500,000 physical qubits. BUT, they didn't publish the circuits. They published a zero-knowledge proof that the circuits hit those numbers. The standard read at the time: clever responsible disclosure, elegant. Two months later, that read needs an update. Two things happened, in opposite directions. 1. The ZKP wasn't a stylistic choice. Google was stopped from publishing. What was speculation in April is no longer. Google did not choose to keep the circuits private. The U.S. government prevented publication. The blog post phrased it politely ("we engaged with the U.S. government"). Call it what it is: diplomatic cover for a publication block. This is the line Scott Aaronson warned about. At some point, the people estimating the resources needed to break deployed cryptosystems would stop publishing. We just watched it happen, and the actor enforcing the silence isn't Google's PR team. It's a government. 2. The ZKP turned out to be a reward function. AI used it. Here's the part that's almost funny. A ZK proof that "this hidden circuit achieves these resource counts" is, when you flip it, a public verifier of any candidate circuit. Submit a circuit, get back: does it compute ECC point addition correctly, and at what cost. Pass/fail plus a number. That is exactly the shape of a reinforcement-learning reward function. The ZKP was designed to hide the attack. What it actually published is the reward function for rediscovering it. The research community wired the verifier into an automated AI-driven search loop. They reproduced Google's numbers. Then they improved them by 11.5%. Two months, from outside Google, no access to the circuits, using the very artifact Google released to keep them proprietary. Both of these are true at once. Hiding the circuits worked: nobody outside Google has Google's exact circuits. And hiding the circuits did not slow the frontier; it changed who is doing the search, and arguably accelerated it, because the verifier industrialized the search loop. Let's NOT PANIC! Neither of these is a working CRQC. There is still no quantum computer that can run this circuit. The headline state of the world has not changed. What has changed is the honesty of every public PQC timeline. Cryptography exists to create mathematical trust in the security of systems. Trust isn't broken when an attack runs. It is eroded when the foundation looks thinner than the public record suggests, and the public record is now demonstrably thinner than reality in two ways: by classification on one end, by AI-driven re-derivation on the other. In security, the moment you start doubting the foundation is the moment you start rebuilding it. Not the moment you panic. The moment you plan. This isn't a moment to rush. It's a moment to commit to a migration plan and execute against it, knowing the threat model is shaped by what governments are willing to classify, not by what researchers are allowed to publish. Stay safe. Stay honest about your trust assumptions.

Wemby out here training like a Navy Seal. The Knicks might be in trouble.

esse video precisa entrar para a história da nba