Joined March 2010
- Tweets 334
- Following 1,147
- Followers 396
- Likes 426
7 Photos and videos
Mike Voronov retweeted
π Session Feature: Modern Custody & DVMβMPC Architecture
"Key storage does not equal signature control."
Join Mike @VMS11 Voronov (Co-Founder, ClusterLodge) at Blockchain Community Day 2026 to dismantle traditional assumptions about HSMs and enclaves.
Core focus:
βͺοΈ Locating the real trust boundaries across control, identity, and runtime planes.
βͺοΈ Implementing a dual-circuit DVMβMPC model to completely isolate execution from key material.
βͺοΈ Crypto-agility: Preparing institutional custody platforms for the post-quantum (PQC) migration.
π
June 8β12, 2026 | π Online
π Claim your free spot: luma.com/wupxaqku
3
2
5
380
May 18
From my pov, no one should really use the GG/CGGMP family of protocols - they are too hard to implement correctly. The DKLS family is a way better and cryptographically simpler.
May 15
This morning, THORChain was drained of roughly $10.8m
Node operators have freezed the network for nearly 13 hours. The full analysis isn't out yet, but according to @jpthor, this could be a MPC exploit.
ECDSA and TSS is hard. THORChain's vaults rely on TSS, a flavor of MPC where a quorum of nodes jointly produces a signature without ever reconstructing the private key. Clean for Schnorr or EdDSA; painful for ECDSA, which Bitcoin and Ethereum require. That's why we saw plenty of protocol attempts (Lindell17, GG18, GG20, CMP, CGGMP21, DKLS, KU23...), each patching flaws in the previous one.
GG20 has a track record. THORChain's TSS uses GG20, on a fork of Binance's tss-lib. GG20 has shipped two well-publicized critical bugs: CVE-2023-33241 and TSSHOCK. CGGMP21, now cggmp24, are the latest protocols, but GG20 is still widely deployed.
I often hear a misconception when I hear about MPC setup: "The key is split across many nodes, so any single co-signer doesn't really matter".
In every published GG18/GG20 attack, one malicious or compromised co-signer is enough to extract everyone else's shard and reconstruct the full key.
AI changes the threat model. Compromising a full software node, complex Go stack, exposed P2P, custom signing daemons, a churn protocol that admits new participants on a schedule, has always been difficult and acted as a barrier. With LLM-driven vulnerability discovery and exploit synthesis, the bar to compromise one of N validators is dropping fast.
Here, it's a plausible TSSHOCK-style playbook:
- compromise one operator
- wait for it to churn into an active Asgard vault
- send malformed proofs during keygen or signing
- reconstruct the key offline
- sweep in a single transaction
It's unclear yet if the attacker used a known-unpatched GG20 weakness, or a fresh cryptographic flaw.
But, in all cases, MPC and TSS are not a substitute for hardening every co-signer. They sit on top of co-signers that must each be treated as critical infrastructure, hardware-isolated enclaves, minimally exposed, continuously audited, and running protocol with security proofs.
While the investigation progresses, be careful in your interactions onchain. These TSS setup are used in various protocols.
75
Mike Voronov retweeted
May 5
8
5
28
1,764
Mike Voronov retweeted
Apr 25
All the best programmers I know are starting to write code by hand again
665
337
6,685
1,485,312
Mike Voronov retweeted
Apr 20
The Kelp DAO situation highlights a critical design challenge in institutional DeFi:
complex cross-protocol assets back $280M in loans, how much data visibility is enough?
It's a question all of us building in this space need to answer.
4
7
9
911
Apr 18
Fear sells best as usual
Anthropic CEO Dario Amodei: β50% of all tech jobs, entry-level lawyers, consultants, and finance professionals will be completely wiped out within 1β5 years.β
132
Mike Voronov retweeted
Apr 10
Divisible UTXO swaps enable real L1 peer-to-peer order books.
No matching engine. Just Bitcoin Script.
Multisig protects treasuries with m-of-n approval.
Public keys stay hidden until the spend.
Multi-party sign-off on every mint and burn.
Configurable at issuer-level compliance with a designated authority now able execute regulatory orders directly on-chain.
No off-chain detours. No issuers, miners, or foundations/associations in the loop.
On-chain script-enforced - no intermediaries.
STAS 3.0 script template makes this real π
medium.com/@Stas33496115/bitβ¦
3
18
74
6,092
Mike Voronov retweeted
I vibe code every day. I have a team of 30 engineers. We spend F tons of credits.
And I will tell you this about AI from my experience.
Itβs being wildly over hyped.
Everyone is drunk. Fucking drunk. All the CEOs and Gen Zβs saying coding is dead are idiots. IDIOTS.
727
367
7,071
491,708
Mike Voronov retweeted
Feb 16
1) Hello World π
Meet Diffuse Prime - the Uncustodial Prime Broker.
π app.prime.diffuse.fi
A new DeFi primitive designed for capital efficiency, verified risk, and transparent yield.
5
13
44
3,355
Feb 7
Why do tech giants build everything in-house?
It's not NIH syndrome.
It's Ontological Gravity - the most underrated force in system architecture.
A thread π§΅
1
167
Feb 7
A simple test for your system:
Where do your base entities live - in your domain contracts or in a vendor's ontology?
If the answer is "vendor" - that's not a library choice. That's a system architecture dependency.
1
110
Feb 7
Distributed infrastructure does not guarantee independence.
Independence is determined by who owns the vocabulary your system thinks in.
Choose your gravity deliberately. Or it will choose you.
87