didnt even pay fees

We're excited about the US CLARITY Act. We think all YC companies will use crypto technology, like stablecoins, before long. Not just crypto startups, not just fintech startups, but every company. Here's why this law is such a big deal 🧵 x.com/SenLummis/status/20637…

Tokyo real estate and GPUs

I have often wondered how exactly external groups distill the frontier models - this is how. By doing this they get the benefits of genuine user prompts (multi-turn, real codebases, human feedback), subsidize the cost of distilling many tokens, and display real usage patterns and behaviours making detection harder.

a part of the reason why lending against pm shares is hard - you have to underwrite not just the event outcome but also the resolution mechanism

Proud to officially join the Transparency Alliance with the biggest names in crypto. Having developed the TTF, we've been using it internally since before day 1. Transparency is becoming the standard and this is how we bring real institutional trust to token markets.

When you buy a stock, you own the business. When you buy a token, ownership can sometimes be difficult to identify. The Token Transparency Framework fixes that. The Transparency Alliance drives TTF adoption across every major layer of token capital markets.

ok we are doing it the R&D Book Club by me and @Rashan if you're interested in joining fill out the form here: flax-voice-407.notion.site/T…

underappreciated that USDH migration can bring a net ~80-100x increase in HYPE buybacks: with USDC becoming the aligned quote asset, the "vast majority" of reserve yield will flow back to the HL assistance fund. in numbers, today's USDH supply at ~$102m translates to ~$3.1–3.7m annual yield, 50% of it to HL(~$1.6m/yr). meanwhile USDC supply is at ~$5.08b and shares nothing. a unified ~$5.18B AQA supply and 90% yield share would bring ~$137–160m annualized to the assistance fund. a stream that is not directly linked to trading volumes!

skin in the game: 25% GP commit

it continues, an AI-assisted attack on a non-custodial p2p protocol

When we met @SimkinStepan and team in November 2022 they told us they don't use banking rails. Now, with @altitude, your business doesn't have to either. Congrats!

a prescient article to revisit:

so how can I filter how many of those are 1/1?

What likely happened: attacker got deep access to LayerZero's RPC nodes. Planted fake data that only the DVN could see while everything else looked normal. Knocked out the honest RPCs with DDoS so the DVN had no choice but to read from the poisoned ones. DVN saw a fake transaction, verified it, bridge released the rsETH. What LZ still hasn't explained is how the attacker got deep enough into their RPC nodes to replace binaries and delete logs. That's root level access. The entry point is the real story here and the post skips it entirely. Now the big question, would 2/2 DVN have prevented this? If the second DVN runs on completely different infra and different RPC providers, yes. Attacker would need to compromise two separate systems independently. Much harder. If the second DVN uses similar infra or same RPC providers, no. Same attack just needs to be done twice. More DVNs alone doesn't fix anything if they all run on similar infrastructure.

A security researcher just documented a large-scale counterfeit Ledger Nano S Plus operation selling compromised devices across multiple online marketplaces. The fake units look identical to the real thing but contain completely different hardware. Instead of Ledger's secure element chip, the counterfeits run an ESP32 microcontroller with modified firmware labeled "Nano S V2.1." Seeds and PINs are stored in plain text and transmitted to attacker-controlled servers. Any wallet initialized on the device is drained. The operation goes beyond the hardware. The sellers also distribute a fake version of Ledger Live built with React Native and signed with a debug certificate. It intercepts transactions and exfiltrates sensitive data to multiple command-and-control servers. The campaign spans five attack vectors: compromised hardware, Android APKs, Windows executables, macOS installers, and iOS apps distributed through TestFlight to bypass App Store review. This comes days after ZachXBT documented a separate fake Ledger Live app that made it through Apple's Mac App Store review process. That operation drained over $9.5 million from more than 50 victims, including musician G. Love, who lost 5.92 BTC after entering his recovery phrase into what he believed was the legitimate app. The pattern is clear: the attack surface for hardware wallet users has shifted from firmware exploits to supply chain and distribution fraud. The devices themselves remain secure. The problem is that users are being intercepted before they ever touch a real one. Ledger's own "genuine check" feature can be bypassed when the hardware itself is compromised at the source, which makes where you buy the device as important as how you use it. The rules haven't changed, but they've never been more important: buy hardware wallets only from the manufacturer. Never enter your recovery phrase into any software. If a companion app asks for your 24 words on a screen, it's a scam. Every time.

solana landscape right now: 4 protocols with program and 8 with governance timelocks h/t @Trader_CSK