🗳️ With @tallyxyz winding down, delegates and token holders need reliable places to participate. Multiple independent frontends aren't just nice to have, they reduce single points of failure. 🔗 Anticapture is now available as a governance interface: anticapture.com

Capture resilience is about whether the system can resist someone gaining control over its decision-making. The attack surface is wide: an attacker can buy votes, borrow voting power, bribe delegates, coordinate insiders, or pass a malicious proposal while nobody is watching. Beanstalk lost $182M when an attacker borrowed $350M in DAI, acquired enough governance tokens in a single transaction to pass a proposal draining the protocol, then repaid the loan - all before the community could react. The governance mechanism worked exactly as designed. That was the problem.

The crypto industry uses at least four labels for what is structurally one risk. They describe different paths to the same failure mode - and confusing the label with the analysis is how protocols end up exposed to attacks they thought they had addressed. 🧵

Access Control is becoming one of DeFi’s most critical risk layers. Between May and June, 70 exploits took place, with around $650M stolen in May and $81M in June. Many of them shared a common pattern: weak permissions, unsafe execution paths, or failures in Access Control. Why does that matter? 🧵

I hope a lot of DAOs found out about Anticapture! We need it!

Our first funding round was a massive success! Congratulations to all the Ethereum security projects collecting about $1.6M in total and to Giveth for organizing a fantastic QF Round. What started as a 500 ETH matching pool ultimately grew to 637 ETH thanks to ecosystem contributions. Shout out to @wintermute_t for adding $200K to the matching pool and to @Quantstamp whose early $50K donation helped kick off momentum for direct matching pool contributions across the round. We also saw over $300k in direct donations to 134 projects! Our hope is that one day using Ethereum will be safer than using banks. To get to that day we believe it will require a community effort. This round validates that approach.

The Ethereum Security QF results are live. To the 100 people who supported Anticapture: thank you 🫡 And thank you to everyone who donated across the round. So many strong projects showed up. Funding security is an ecosystem effort. Thank you @Giveth and @thedaofund.

This Wednesday, blockful Research goes live to break down the @giddydefi exploit. $1.25M was stolen, but the compromised key was only part of the story. Set a reminder and join us live. x.com/i/spaces/1pKdRbqmAnqJW

The Giddy incident was not only about a compromised keeper key. It also showed what can happen when an execution path carries more authority than it should. Tomorrow, we’ll go through the case with blockful Research.

The SquidRouterModule incident shows how security risk can sit outside the core protocol while still affecting users through trusted execution paths. According to public reports, around $3.2M was drained from Safe wallets across Ethereum and Base through a third-party module carrying the Squid name. Squid stated that its core protocol and router contract were not affected, and that the exploited module was not built, deployed, or operated by its team. That distinction matters because modular systems often depend on components that sit close to trusted infrastructure without being part of the core protocol itself. Wallet modules, permissions, integrations, and deployment history can all become part of the actual risk path. For DAOs and DeFi teams, this points to a security review problem that goes beyond the core protocol: the full permission and execution path needs to be understood before a module is treated as safe to use. Read more via @TheBlockCo

This Wednesday, the research team behind Anticapture’s analysis framework will be live with blockful Research. A closer look at execution paths, authority assumptions, and the design choices that shape security outcomes.

New date for our X Space on the Giddy Finance exploit: 🗓 Wednesday, May 27 🕑 7pm UTC / 4pm BRT We’ll take a closer look at the incident with blockful Research and unpack what this case reveals about execution, authority, and design under stress.

@anticapture — Anticapture’s mission is to make governance security easy to adopt and analyze. Built by Blockful, it turns unknown governance risks into monitored indicators, helping DAOs understand where they are exposed and what needs attention. The goal is to give protocols, delegates, and ecosystem stewards clear step-by-step roadmaps to evolve from fragile governance structures into safer, more resilient systems. karmahq.xyz/project/anticapt…

The space will be led by blockful Research, the team behind @anticapture’s analysis framework: @theZeugh and @guiriba. We’ll use it to unpack what this exploit reveals about execution, authority, and design under stress, and why those lessons matter beyond Giddy itself. Join us live on Thursday.

This week, we’re hosting an X Space with our research team to break down recent DAO and DeFi security incidents across the ecosystem. 🗓 Thursday, May 21 🕔 5pm BRT / 8pm UTC The idea is to make this a weekly session, looking at one attack at a time. Set a reminder and join us live.

we are in the final hour of the Ethereum Security QF round! @Quantstamp said it best.

2/ @anticapture is an open-source framework and dashboard for governance security. It makes information legible to catch attacks ahead of time, helping DAOs read governance risk through concrete signals: - voting concentration - treasury exposure - capture risk - attack profitability - governance activity - classified into risk stages

4/ QF rewards broad support, not only large checks. We’re grateful to the 100 people who have donated to @anticapture so far! Small donations count: more unique supporters can increase the matching. Support open-source governance security: giveth.io/project/anticaptur…

14 hours left to support Anticapture and other security projects in @thedaofund Ethereum Security QF. April 2026 showed why this matters: - projects faced attacks almost every day - 30 incidents - ~$630M drained Attacks exploit economic and behavioral vulnerabilities.

Love to see people using this visualizer to share :) Thank you for tagging! Focusing on making data visible is also exactly what we do on @anticapture but for governance security! Any donations in the QF from $1 or up go a long way for us!

the Ethereum Security QF round closes in 20h from now respectfully, we need everyone to lock in 🔥 qf.giveth.io/qf/ethereum-sec…