Earn auto-compounded BOLD and boosted CRV rewards, plus airdrops from 15 Liquity forks. What more could you want?

3Jane is now open to the public Mint USD3 to earn $JANE Liquidity mining details below

It's 10 PM, do you know where your money is? DeFi should be transparent and verifiable, but few users check where their money is. Do you know where YOUR funds actually are? Let's see the answer for Yearn vaults 🧵

anthorpic has published a new claude mythos report. 23,019 candidates entered the room. 88 advisories left.

It's been FIVE YEARS! Happy Birthday Convex

men will literally implement a Go harness to prove malformed-Paillier key leakage conditions in an outdated tss stack instead of going to therapy

Live now: how Yearn automates DeFi strategies, the risks and trust assumptions involved, and what decentralized yield management looks like in practice With @jchaskin22, joined by @omgcorn of @yearnfi x.com/i/broadcasts/1jxXgeoMV…

v3 so far is off to a good start. For the first time in over a year, @AlchemixFi is growing in TVL and borrowing, and we are seeing the dynamic between debt expansion and the fixed-duration transmuter redemption module playing out just as we had modeled. I don't expect things to rocket up in an instant (as our modeling didn't indicate they would) but it is so satisfying to see it play out like we thought it would. Due to the duration mismatches for CDP and redemptions, we can expect a constant grind upwards in TVL and debt as the system churns. If things continue like they are now, I wouldn't be surprised to see a net growth of 3-5% month over month indefinitely. It may take some time for the pegs to stabilize at our target of 0.99 , so alUSD and alETH are more-so 'bonds' right now and less-so stable-synths, but when (not if) we hit our targets, Alchemix will be the premier destination for looping yields and maximizing the effectiveness of your savings. Up Only.

layerzero solosig dependency check in if you haven't hardened your config, you are sitting on an unnecessary dependency on layerzero 3/5 solosig. if it gets compromised, it could instantly drain all the adapters that rely on the default receive library. after the kelp exploit, the vulnerable adapters tallied to $3.13 billion. after some outreach, the number has dropped to $178 million. good progress, but still not enough. there is still a long tail of projects that have ignored this advice. i will make this simple for you. here is a full list with exact calls for how to pin the default library. gist.github.com/banteg/cbf75…

they found high amount of bugs in the highly buggy rewrites. zellic is a legitimate, high-end audit firm. it's not some fake ideology spreading nonprofit. x.com/NotDeGhost/status/2050…

congrats to @Mantle_Official, which appears to be crushing their competition on exiting @aave weth exposure 46,710 weth ($108.02M) withdrawn since the exploit interestingly, liquidity often sits available for multiple blocks/minutes before mantle clears it

I want to share a quick story from a friend, who recently had ~$450k almost phished from a wallet Thanks to @SEAL_911 - it was all completely recovered and returned. A happy ending that deserves highlighting! I knew SEAL 911 existed, but this was the first time I've saw them in action. Here's the story: A friend got phished from a fake Ledger Live app (on the Apple App Store 2 weeks?!). His ETH was staked on Figment, and the phisher executed the withdrawal transaction, and the ETH entered the withdrawal queue. He reached out to the Seal 911 group and within 15 min, he was on a discord call with the White Hat Recovery team. You could imagine how shitty my friend felt, assuming that the $450k of ETH was simply going to be withdrawn and immediately captured by the attacker. They made him feel at ease, shared case studies of similar rescues and said they charge 5% (totally agreeable amount imo) of whatever funds they recovered. The tension was all down to the single block that the ETH became available for withdrawal after the exit-queue finished. $450k riding on a 12 second window. My poor friend had to wait 4 days while this all hung in the balance lol. The day finally came. Seal 911 has set up a script with Flashbots to engage in the bidding war required to access the funds. At 11pm that night, he received the long-awaited message: “got it all, best possible outcome.” Within 10 min, the funds were distributed to his new ETH wallet and the job was done. Kudos to the Seal 911 team, really amazing group of professionals.

**monitoring the situation** just published aave.wavey.info to track latest on aave v3 core: - liquidity - at-risk positions - tvl and debt - protocol fees

Carni took an opportune screenshot that is not entirely repersentative but..... It does reflect something important about Yearn risk management WETH-1 has purchased 1k stETH in the past few days at an average of about 50bps discount and is currently pending in the redemtion queue. That position will earn about 20-25% APR once redeemed, meaning total vault should net about 6-7%. However, despite the discount still being present 2/3 of the vault remains fully idle and liquid! This is a very concious choice not to yeet the rest and chase yields despite it reducing both headline vault yield as well as Yearn's own fees, because it means depositors are able to fully exit at any time, AND the vault retains complete flexibility to act as needed given the potential for the worst to come There is no other WETH vault (that I know of) that currently has both have those returns AND allow any depositor to fully exit at will.

I've answered this so many times so feel free to ask more questions but I'm just gunna hurl it at you so I dont have to answer again. Note: All times Pyongyang time. Wed April 15: Holiday, OOO Thu April 16: Pre exploit testing ramps up rapidly Fri April 17: Pre exploit testing done Sat April 18: Tornado ins and outs, prep up gas on addresses to be used on both Ethereum and Arbitrum. Take brief nap? Sun Apr 19 02:35: First hack txn (116.5k rsETH on Ethereum) Next hour: bridges to Arbitrum to "refill" the bridge, so to speak Sun Apr 19 04:30: Kelp manages to freeze before nonce 309 pops, basically rugs DPRK of the additional 40k ETH they were literally about to pull. Sun Apr 19 04:35: Last onchain transaction. All funds sat in 0x5d3919f12bcc35c26eee5f8226a9bee90c257ccc on Ethereum and Arbitrum. Sun Apr 19, all day: no activity on or offchain Mon Apr 20, all day: no activity onchain, brief activity offchain, laundering plans initiated Tue Apr 21, noon: Txn on Arbitrum rugs them Tue Apr 21, 4pm: Laundry begins Wed Apr 22, 5am (rn): Laundry still going So, some unusual things: Super fast on the hack. VERY fast. A bit of prep ~Apr 9 but basically speedran the hack starting from Apr 16. They were working 16 hour days the 16, 17, 18, right up until the moment of the hack. It was nonstop. TRTR can get on other devices. This should have been a billion dollar hack. They could have got a 2/2, no problem. One theory is they got spooked and thought they might have their access rugged. One theory is they havent hacked anything in 9 months and decided ~$380m (the planned amount) was good enough. The very odd thing though is abandoning any funds in the hack address is something they don't actually do. See: x.com/tayvano_/status/172738… They always tranche it up. This isn't necessarily bc they are scared of getting frozen. It's bc it's these guys jobs to execute the onchain side of the hack and then HAND OFF to the next team. That is their literal job. Remember, this is an army. Teams of teams. There are social engineers, there are hackers, there are launderers, there are managers. They have to coordinate and hand off. In every other instance when the hack is "done" it's always is chunks (we call them tranches) of the native asset on ETH, BTC, TRON. Multiple addresses. Not the direct theft addresses. 10k ETH. 20k ETH. Etc. Any L2s or other shitchains go to BTC/ETH. They sit in these "tranches" for days, weeks, months. Until they are read for prime time. So, what the fuck happened? I think they worked basically non-stop, in the same way SEAL folks and ZeroShadow folks and KelpDAO folks and LayerZero folks have been working *since* the moment the exploit happened. Nights, weekends, no holding back. I think at 4:30am local time when Kelp preveted them from getting the second round from the bridge (the additional $100m) they were basically like "FFFFFFUUUUUUUUUUUUUUUUUUUU" and table flipped and went home and went to bed. Bc they hadn't slept in a long ass while. I think they got Sunday off (very typical) and maybe Monday as an extra reward. Plus, they haven't hacked in a while. The actual laundering operation has to be organized. I think the second they got word that the laundering was ready they realized they needed to send over the funds. Which is when they did so. Unfortunately for them, that was <4 hours after an insane operation on the DeFi side had been completed to rug them of all their ETH on Arbitrum. Obvs ~all of this is speculative. I don't KNOW shit. But I do know a lot of things. DYOR, or something.

okay bitches, had to move all hentai to an external drive, but restoring an archive node after a few months break. it's too useful not to have handy.

Freindly reminder, no Yearn vault will have any losses from the Aave bad debt regardless of size. All vaults remained liquid for users to atomically withdraw through this incident. yvWETH-1 may be the only large WETH vault that was never illiquid or paused. Its now 90% idle and starting to rebuy depegged stETH at a giant discount yvUSD structure allowed it to remain liquid for anyone wanting to withdraw, while continuing to earn elevated yields with the rest Vaults are hard.

At first you may think that $500m of collateral that would eat a 50% haircut if even 1% of it was liquidated may be bad. But then you realize that 70-80% of the borrowed stables are recursively borrowed and supplied by the teams multisig so its totally fine and definitely not a scam at all.

Fun fact yearn has done a version of this for a very long time when integrating new protocols. It is part of our reports we are making public at curation.yearn.fi There’s some good nuggets in there CT hasn’t figured out yet for those willing to look