465 Photos and videos
alcueca retweeted
my pov:
-> security is cat and mouse game. always has been (check early internet days)
-> security holes were already there, it's just became cheaper to exploit
-> it will become cheaper to fix as well
-> security tools are going to catch up very soon
-> most recent hacks are opsec related not SC related ( @flipdazed pulled the numbers recently)
-> we need to level up on opsec :for sure:
-> we see noncustodiality and risk isolation has 2 key very important design choice to limit hack impacts
-> more LOC = larger attack vector so simplicity is paramount
-> i've never seen a more exciting time to build stuff than today
May 26
PSA: I now consider *all* of DeFi unsafe.
Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.
5
5
46
4,447
The team at @veda_labs are talented, ambitious, and pragmatic. We are building the future of finance, and we will all win.
Apr 28
So excited to welcome @alcueca as Head of Onchain Security at @veda_labs - a legend in DeFi security and co-inventor of ERC-4626, the standard that made DeFi vaults composable and legible. Not a bad person to have designing the security model for the next generation of onchain markets 🙂
2
2
16
2,162
During my time at @Optimism, I led the development of the SaferSafes tools, a Liveness Module and Timelock Guard designed to provide deep security on Gnosis Safes.
This article provides the reasoning for developing precisely those two tools.
x.com/alcueca/status/2043711…
7
1,128
This sounds like a worthy program to come out of a chain foundation, which would help setting security standards.
@ethereum, what's your take on this?
Apr 6
Solana was built for security. As the ecosystem scales, so does our investment in the tools, standards, and support.
Today that commitment deepens with a new security program, active monitoring, formal verification for top protocols, and a new crisis response network.
Learn more 👇
1
11
1,579
The level of sophistication on the Drift Protocol hack is truly next level. It's reasonable to think that many others are being targeted in the same way. For your own sake, if you run a successful crypto protocol, read on.
1
3
1,022
I’ve been screaming this since before 2020 how are people still asking this question
A SMART CONTRACT AUDIT WONT SAVE YOU FROM THE BIGGEST, MOST PREVALENT RISKS IN THIS ECOSYSTEM.
THEY DONT EVEN TRY TO SAVE YOU!!!!!
Crypto folks (hopefully) already know that Lazarus is one of the most prevalent threat actors targeting this industry.
They rekt more people, companies, protocols than anyone else.
But it's good to know exactly how they get in. Bc another smart contract audit won't save you.
5
7
49
7,769
I wrote an article on threat modelling after the Resolv hack, not very long ago. Yesterday, the biggest DEX in Solana gets again hacked through a multisig compromise.
It is possible to assess your risks and come up with targeted mitigations to avoid hacks like these.
Read this:
x.com/alcueca/status/2036760…
Drift Protocol on Solana just got drained. It's looking like a multisig member compromise -- and the story starts at least a 20 days before the attack. Here's the breakdown:
7
1,235
x.com/alcueca/status/2036760…
Once again, a protocol is hacked in a completely avoidable way.
Everyone knows to audit their code, and to run a bug bounty, but beyond there, confusion is the norm.
Threat modelling protects your protocol as a whole: infrastructure, code, processes, people.
1
4
1,034
Yesterday was my last day at @OPLabsPBC.
During the year a shared with its incredible team, I helped shape up its security practice. New processes made it more efficient, scalable and targeted.
I loved doing that, if you are building an L1/L2, hit me up.
Still bullish OP.
Mar 12
Today we shared difficult news with the OP Labs team.
Our priority was to communicate with the impacted people & give the team time to process the news before sharing publicly. This decision reflects a narrowing of our focus, not our runway.
I’m sharing the note I sent to the team earlier today, and I strongly encourage teams across the ecosystem to reach out to the people leaving OP Labs because they are talented engineers, operators, and builders who helped build Optimism into what it is today.
If you are genuinely hiring, feel free to shoot me a DM with your open roles and I will make introductions (with dual consent).
5
4
74
14,577
It feels good to be back in the arena
26 Nov 2025
I’ve been wanting to talk about this for a while.
The truth is… Optimism did too much and focused too little. We massively over-hired without a clear strategy. And token price is in the gutter.
We’ve been bathing in tactics for a long time, clinging to previous successes like launching Base, Ink, Unichain, Worldchain, Soneium… without building the operating machinery to continue that momentum into a market that’s dramatically different today.
Sun Tzu says: “Tactics without strategy is the noise before defeat.”
For a long time, I rationalized our difficulties as due to regulatory uncertainty, market noise, and the impossibility of coordinating 3 independent organizations. But at this point, doesn’t matter.
The world today is vastly different than when Optimism started. So we’ve been upgrading Optimism for this new world. We’ve parted ways with many talented teammates, re-unified execution under a single entity, and re-built our engineering and enterprise sales orgs.
The goal is simple:
1. Build the most scalable financial infrastructure
2. Bring enterprises and their assets onchain
3. Maximize the productivity of those assets
Enterprise deals are now a competitive space. When we talk to these enterprises, we see Solana, Tempo, Arbitrum, Avalanche, all trying to help enterprises come onchain.
But I’m confident OP Stack is going to beat them all.
Why?
The OP Stack is the only stack that has successfully brought & scaled multiple enterprises onchain. We’ve seen what works & what doesn’t work. We’ve earned this knowledge by—honestly—wasting a lot of money. We’ve seen every single enterprise blockchain failure mode because we’ve been doing this longer than anyone else.
Here’s why enterprises consistently end up choosing OP Stack: enterprises’ expectations on scale and reliability are far beyond what Web3 is used to, and the OP Stack is the closest to what enterprises need. That’s not a coincidence - we’ve co-developed this infrastructure alongside the fastest growing enterprise in web3: Base.
At the end of the day, enterprises want to control their own economics. They aren't gonna be sharecroppers on Stripe's blockchain.
The OP Stack vision will win. Shared standards balanced with chain autonomy.
The starting gun is now. See you in the ring.
1
9
1,336
OP Mainnet provides the foundation for enterprises to build and scale onchain.
It delivers secure, high-performance blockspace, and now features a full enterprise yield stack with @MorphoLabs, @gauntlet_xyz, and @utila_io.
Learn more in our latest blog: optimism.io/blog/op-mainnet-…
21
28
208
31,499
alcueca retweeted
31 Oct 2025
For Fintechs, Neo-Banks, PSPs and CEXs, the journey from one-click 'Earn' to launching their own OP Stack chain starts with @Optimism's OP Mainnet:
➡️ 99.99% uptime 🟢
➡️ $3B Total Value Secured 🪙
➡️ 250ms trxns via Flashblocks ⚡️
➡️ 20Mgas/s scaling to 100Mgas/s 👀
OP Mainnet provides the foundation for enterprises to build and scale onchain.
It delivers secure, high-performance blockspace, and now features a full enterprise yield stack with @MorphoLabs, @gauntlet_xyz, and @utila_io.
Learn more in our latest blog: optimism.io/blog/op-mainnet-…
11
5
65
15,657