【UXLINK × X-Agent】AI自動決済の業界標準(仕様書)策定へ
X-Agent」が、決済インフラの「Interlace」など主要8プロジェクトと共同で、
『エージェンティック決済(AI自動決済)のホワイトペーパー(共通仕様書)』を1〜2ヶ月以内に公開することを発表しました。
AIが「質問に答える」だけでなく、「自律して支払いまで実行する」時代に向けた、業界共通のルールやセキュリティ基準を定義する取り組みです。
・アプリ層:X-Agent(★UXLINK提携)
・決済実行:Interlace(発起人)
・資産管理:Cobo
・セキュリティ:BlockSec
(※ほか、Stable、Conflux、Bitget Wallet、Hetu Protocolが参画)
■ UXLINK × X-Agentの強み
「AIによる自動決済」の最大の課題であるセキュリティと信頼性を、以下のシナジーで解決します。
X-AgentのSRE: 隔離された安全な暗号化環境で、ユーザーの秘密鍵やデータを保護。
UXLINKのソーシャル基盤: 5,000万人以上のWeb3ソーシャルグラフと分散型ID(DID)を注入し、AIが人間の社会的な繋がりの中で信頼されて機能する環境を提供。
先日発表したBANA Protocolとの提携(現実資産のRWA化)に続き、今回は「その資産をAIエージェントが安全に自動決済・運用する仕組み」の基準作りとなります。UXLINKエコシステムの着実な進展にご期待ください!
Massive milestone for our ecosystem portfolio! 🔥
We are proud to see @XAgent_official anchoring the Agent Application Layer alongside @InterlaceMoney in the upcoming Agentic Payment Whitepaper.
True AI productivity cannot scale in a social vacuum. By injecting UXLINK’s 50M social graph network and decentralized identity infrastructure directly into X-Agent’s Secure Runtime Environment (SRE), we aren't just making AI agents smart—we are making them financially autonomous within real-world human connections. 🛡️💻
The Agentic Payment Economy is being built on top of UXLINK infrastructure. The next paradigm shift is here. 🚀 #UXLINK #AI #AgenticPayment
161
JUST IN: X-Agent partners with Interlace, Cobo, BlockSec, Stable, Conflux, Bitget Wallet, and Hetu to publish a whitepaper on the AI economy’s Value Transmission Layer and autonomous payments governance. Could impact future AI-Driven value transfers across ecosystems. $BTC/$ET...
41
X-Agent teams with Interlace, Cobo, BlockSec, Stable, Conflux, Bitget Wallet, Hetu, and others to build AI-powered payment infrastructure. Whitepaper "The Value Transmission Layer of the AI Economy" due in 1-2 months.
26
Jun 16
The Aztec Connect exploit isn't really a story about one protocol.
It's a stress test of the assumption that "deprecated" means "safe." On Ethereum, deprecated means frozen in time — which is very different. The verification-settlement mismatch that BlockSec identified was always there. The funds were always there. Immutability just meant nobody could fix it.
Every DeFi developer with legacy contracts on-chain should be reading this.
Jun 16
Dead protocol. Live funds. $2.19 million gone.
Aztec Connect — a DeFi privacy bridge shut down in March 2023 — was exploited yesterday for $2.19M. The attacker drained 909 ETH, 270,000 DAI, 167 wstETH, and other tokens across seven separate withdrawals.
Here's the kicker: Aztec Labs knew it was coming and could do absolutely nothing about it.
The contracts are fully immutable. The team discarded their admin keys when they deprecated the protocol. There is no pause button, no upgrade path, no emergency response. When Aztec Labs posted their incident statement, all they could say was: "holds no admin keys or control over the system; it cannot be paused."
The attacker pre-funded via Tornado Cash — then found a verification-settlement mismatch in the ZK proof logic. The contract credited them with balances that didn't exist. Then they withdrew them. Then they did it again. Seven times.
Three years after shutdown. The vulnerability sat there the whole time. The funds sat there the whole time. The only variable was when someone clever enough would notice.
This is what "immutable" actually means in DeFi. It's not just a feature. It's a countdown clock.
🔗🧵👇
#DeFi #Ethereum
12
Jun 15
⚠️ Aztec Connect Just Exposed a DeFi Nightmare: Dead Contracts Can Still Drain Real Money
CertiK flagged suspicious activity involving RollupProcessorV3, the core contract of the deprecated Aztec Connect bridge on Ethereum. According to CertiK and BlockSec, the exploit may have stemmed from flawed proof-data handling, where the contract verified transaction data one way while settlement logic interpreted it differently. That mismatch reportedly allowed the attacker to create unsupported balances and drain assets. The attacker hit seven assets in one sweep, including 909 ETH, around 270,000 DAI, 167 wstETH, and several yield-bearing tokens. The Aztec Foundation said the AZTEC token and the live Aztec network were not affected, but the old bridge could not be paused or upgraded because the deprecated contracts have no admin keys. The message for DeFi is brutal: abandoned code does not disappear — it becomes a target.
Full story available on our news portal cryptemic.com
🎓 Want to understand why old DeFi contracts can remain dangerous for years? Learn with Cryptemic Academy how smart contracts, bridges, security audits, exploits, and on-chain risk analysis shape the crypto ecosystem.
#Aztec #AztecConnect #CertiK #BlockSec #DeFi #Ethereum #SmartContracts #CryptoSecurity #cryptemic #cryptemicacademy
1
52
Jun 15
🔴 A hacker drained $2.1M from an immutable smart contract belonging to Aztec Connect, a platform whose support was discontinued in March 2023. Users of the current version were not affected.
According to BlockSec, the attacker exploited a vulnerability in the contract’s ZK proof verification logic.
According to DeFi Llama, this was the 13th crypto exploit in June. The previous 12 incidents resulted in losses of $43.93M, including the $30M Humanity Protocol hack, which was caused by compromised private keys after a developer’s device was infected with malware.
1
1
88
Jun 15
据 BlockSec Phalcon 分析,Aztec 事件的实际根因是已验证 Rollup 交易集与 L1 结算处理边界(numRealTxs / _numTxs)不匹配,导致 ZK 证明验证路径与 L1 结算逻辑对交易列表的解释不同。攻击者可将 numRealTxs 设为 1,并将真实存款交易放入第二个解码交易槽位,从而跳过对应的 L1 签名验证和待处理存款余额扣减,生成无资产支持的私有余额并提现。BlockSec 称,攻击者先在 Rollup 状态中记入 7 个不同资产的无支持余额,随后通过 7 笔提现取出资产;此外,RollupProcessorV3 于 2024 年 4 月 10 日通过 PR #67 升级,但该升级部署前似乎未经过外部审计。
wublock123.com/news/blocksec…
3
2
2,888
Jun 15
🔔Aztec Network 遭攻击损失逾 215 万美元,根因系 ZK 证明与 L1 结算边界不匹配
火星财经消息,据 BlockSec Phalcon (@Phalcon_xyz) 分析,Aztec Network 的 RollupProcessorV3 合约遭到攻击,损失超 215 万美元。根本原因在于 numRealTxs 未有效绑定至 ZK 证明所强制执行的交易集,导致证明验证路径与 L1 结算逻辑对交易列表的解释出现偏差。攻击者利用该漏洞将真实存款移至未被结算逻辑处理的槽位,绕过 decreasePendingDepositBalance() 函数,凭空创建无担保私人余额后通过正常结算流程提取,共涉及七种资产。
news.marsbit.co/flash/202606…
1
149
犬 retweeted
globianceの件で@XDCNetwork から応援してもらえたのって、blocksecのオンチェーン解析だけなのかな。
@atulkhekade さんの発言には、一時は本当に助けられたと思ったけれど、結局は期待だけさせられて、余計に落胆したし、ネガティブな感情まで持つようになってしまった。
この沈黙が意味のある沈黙であって欲しいと願うばかりです。
6
20
667
Jun 11
Sources: BlockSec and QuillAudits technical analyses of the Orchard soundness bug.
36
Jun 11
Pacifica's deposit-and-withdrawal bridge has been audited by Blocksec, one of the leading smart-contract audit firms in crypto.
The audit report is public in their docs.
1
11
Jun 11
Pacifica built its own purpose-built L1 for this, a Substrate-based chain designed for verifiable, high-performance exchange operations.
Every settlement is cryptographically verifiable. The bridge between off-chain matching and on-chain settlement has been audited by Blocksec.
1
1
12
Jun 11
Raw on-chain data provides an "anonymous skeleton"—we see connections, but we lack context. 🤔 BlockSec uses #NebulaGraph labeling to turn it into a living "Risk Network." 🕸️
👉 Learn how BlockSec built their #RiskControl system:
na2.hubs.ly/H060ZKw0
#GraphDatabase #Crypto
41
2,448
Jun 10
A detail in the Zcash Orchard story deserves more attention than it got.
The four-year-old soundness bug that could have allowed undetectable ZEC counterfeiting was found using an AI model. Per BlockSec, researcher Taylor Hornby identified it through a human-in-the-loop audit using Anthropic's Opus 4.8, released the day before. Earlier audits of the same circuit with older models missed it. Four years of expert review missed it.
The same week, separate reporting showed attackers using AI to decompile and analyse unverified contracts at scale.
AI is now auditing the defender's circuits and reverse-engineering the attacker's targets at the same time.
The capability is symmetric.
It found a flaw expert cryptographers had not discovered, and it is finding flaws developers assumed would remain hidden.
@Phalcon_xyz draws the right lesson: neither AI nor humans found this alone. The researcher built the framework, understood the cryptography and directed the investigation. The AI accelerated the search.
The breakthrough came from the collaboration.
#Zcash #CryptoSecurity #DeFi
∞ ZERØ
1
85
Jun 4
【参考までに】
ちょっとGlockさんに聞いてみました🤔。
似たような「少額・分割返金をしながら時間を稼ぎ、幕引き(逃げ切りや責任回避)を図る」パターンは、暗号資産(仮想通貨)業界でいくつか前例があります。ただし、完全に逃げ切った成功例は稀で、多くの場合で法的追及・逮捕・一部返金命令が出ています(2026年現在)。
似た事例の主な例
Thodex(トルコの暗号資産取引所、2021年)
創業者Faruk Fatih Özerが突然出金停止 → 「ハック被害」と主張して逃亡。ユーザーファンド約$2B規模で消失。
一部被害者に対して後から一部返金(数百万ドル規模)をしていた記録あり(弁護士経由で一部和解)。しかし、結局逮捕・有罪(極めて長い懲役刑)、創業者は獄死。完全逃げ切り失敗。
Africrypt(南アフリカ、2021年)
兄弟経営の取引所が「ハック」を理由に出金停止。$3.6B相当消失とされる。
被害者対応で一部プロセス開始を匂わせつつ、運営側は逃亡。法的追及が続き、完全幕引きはできず。
pig butchering(豚の肥育)系投資詐欺プラットフォーム(現在も多発)
偽の投資アプリ/プラットフォームで最初に少額利益や一部出金を許可して信頼を築き、被害者を増額投資させる。
その後出金を停止・追加手数料を要求し、徐々に連絡を絶つ(少額返金で時間を稼ぐ典型)。
多くの場合、運営は海外(東南アジアなど)にいて逃げ切りやすいが、FBIなど国際捜査で一部逮捕例あり。
その他の類似
BitConnect(2018年): 高利回りで有名になったPonzi。突然プラットフォーム停止。一部早期投資家には利益を出していたが、崩壊後ほぼ全損。創業者らは起訴・一部資産没収。
多くのDeFi rug pullや偽取引所: 最初に少額出金を許可して「信頼」を演出し、残りを吸い上げて消失。
Globianceとの共通点・違い
Globianceの現在の64%前後返金進行中という状況は、上記の「少額返金で時間を稼ぐ」パターンに表面的には似ています。
ただ、XDCブロックチェーン上で返金がon-chainで追跡可能な点や、コミュニティの監視が活発な点は、過去の完全匿名rug pullより逃げにくい要素です。
現実的な見方(プロとしてシビアに):
少額返金を続けながら大口分を放置→徐々に連絡を薄くするのは、逃げ切りを狙った古典的手法。
しかし、2026年現在は規制当局(各国金融庁・FBIなど)の監視が厳しく、完全に逃げ切れる確率は低い。On-chain証拠が残るXDCの場合、特に追及されやすい。
多くの前例で、最終的に刑事事件化・資産凍結・一部強制返還になっています。
アドバイス:
返金進捗をxdcscanで継続監視。
被害者コミュニティ(blocksecさん含む)と連携。
並行して警察・弁護士・金融庁への相談を進める(時効や証拠集めのため早めに)。
#Globiance #GBEX #XDC
1
3
698