The STRIDE site is live. Explore the framework, assessment process, and what protocols need to qualify ↓

While it's been an epic few years at Helium, I couldn't resist the call of another migration-level challenge. Those of you who know me know I can't resist chewing some glass. As such, I am going to join @DriftProtocol team and help them relaunch. Why? Because I genuinely believe that Drift provides a valuable set of primitives to the ecosystem and is worth saving. This is also the best path to funding user recovery; we must build something so useful it can generate the revenue needed for the recovery pool. Tall order. The landscape has shifted. Trust is eroded. Things that are worthwhile are rarely easy, and this is no exception. I fully acknowledge I could be applying for a job at Wendy’s in 6 months. Everyone has forks in the road in their careers, easier paths vs harder paths. I have chosen the harder path at every turn; and it has paid off. Not every swing hits, but even in failure you massively level up your skillset. My focus is on improving the security stance of Drift, getting it relaunched, then turning it into the best perps exchange in existence: First, that means working with STRIDE to ensure we're following the best multisig and opsec practices. I won’t be taking this endeavor alone, the chads at @asymmetric_re and @osec_io have been incredibly helpful and continue to be deeply involved in auditing both new code and new operational practices. Security does not come from one individual, it comes from cultivating a culture of security and having outside professionals continuously verify that work. Second, I am overhauling the codebase (within reason). Over the years it has picked up a large set of features, many of which no longer need to be used. The protocol has solid bones, but tight coupling has led to a buildup of tech debt that is easier to fix during this downtime. Third, I want to build multiple levels of security and circuit breakers into the protocol. DeFi protocols must be structured to limit the ability of a single incident or contagion to create havoc. I will be thinking from the perspective of defense-in-depth; there should be layers of protection to prevent incidents like the April 1st hack. The program should reject suspicious changes even if they come from an operational multisig. Lastly, and more long term, I want Drift to become the most compelling perps exchange on the market. I am very much looking forward to entering the arena that is perps on Solana. It is an honor to be competing with the chads on all the other teams (Phoenix, Bulk, Gm, Imperial, Pacifica, etc). Steel sharpens steel, and I eagerly await the firehose of knowledge over these next few months. Solana needs as many shots on goal as it can get. One (or many) of us will win.

I finally did the evidence equipment unboxing at some point I'll edit the 30 minutes of footage cause there's a lot of things I need to blur 💀

🚨 Zebra 4.5.0 is out. This release fixes multiple security vulnerabilities across consensus and networking. All node operators should upgrade immediately. zfnd.org/zebra-4-5-0-release…

claudio and gepetto