Filip Srdoc

You raise your seed round.....now what? The first thing you do when $1-2M hits the bank account is open the app, look at the number, take the screenshot, smile, send it to your family group chat to make your dickhead brother jealous....then close it. You just got 18-24 months if you're disciplined, 8-10 if you're stupid. Firstly, Don't change your fucking life. Pay yourself enough to not stress about rent. $80-120k depending on city, even lower if you can stomach it. If you pay yourself $350k after a $2M raise.....chances are, you will not last. You're not running a company just yet.....it's an experiment...one that will end quickly if you prioritize short term gains > long term greatness. Same with office. You don't need one. The "we need a real space for the culture" is bullshit. Work from home. Your only job for the first 6 months is to talk to users and ship quickly. If you raised $2M and you're not doing (minimum) 5 customer calls a week as a founder........your priorities are messed up. You need to understand as quickly as possible if the people who use your product, come back without you begging them to do so! Almost everything else is a vanity exercise. Series A timeline in 2026 is 600+ days from seed. Less than 15% of seed-funded startups ever raise an A. So track burn weekly. Know your runway to the day. Every dollar should ship product or facilitates customer feedback . If a tool, hire, or expense doesn't do that, stop it. Conference tickets? No. PR firm? Absolutely fucking not. "Brand consultant" don't be stupid. Logo redesign? GTFOH. 72% of seed stage burn is "people". 74% of startup failures involve premature scaling. You raise, you feel pressure to "build the team," you hire 4 people in 90 days, burn goes from $40k/mo to $180k/mo, the new hires don't have product to work on because there isn't one yet, you spend your time managing them instead of talking to users, runway evaporates, you're back fundraising at month 9 with worse metrics than when you started. Stay 2-3 founders + AI for as long as humanly possible. The teams crushing right now have 4 people doing what 15 used to do just 24 months ago. When/If you do hire.......focus on builders, forget managers. Focus on operators, not "credentials". If you're not using AI for code (Cursor, Claude Code), customer support, sales prospecting, content, ops, brand, recruitment vetting......your competition is winning. Tech is commodity now. GTM and data are the moats. Use AI to compress everything that isn't either of those things. Try to avoid giving advisors equity. An "advisor" (who you mistakenly thought would enhance "credibility optics") who takes 1%, for doing absolutely nothing, is the same prick that costs you seven figures in a future round. Model dilution before signing every SAFE. Don't talk to VCs for 6 months. (forget the "always raising" mindset for now) Keep relationships warm with periodic updates but take the foot of the gas slightly. I know. I'm a VC saying this. But I mean it. The gravitational, distractional pull of the next round, will fuck up your focus harder than anything else. Send your existing investors a 5 line monthly email. Don't go to investor dinners. Don't "build relationships for the A." If you're talking to VCs more than building, again, your priorities are misjudged and it will show up against your development goals. The money will fuck with your head. People will ultimately treat you differently. Nobody really prepares you for that. You'll get DMs from people you haven't talked to since school. You'll feel the urge to announce, to LinkedIn post, to look like a "real founder." You'll also be lonelier than ever. You raised, your "friends" think you've made it, you can't tell them you're scared shitless and don't know if it'll work. I would recommend finding 1-2 founders.....who are 6 months ahead of you, and text them weekly. That's effective therapy (at least from my personal experience). Last thing. The party ended when the money hit. Now you have a shot and a clock.....the only thing that matters is whether you ship something people genuinely want before that timer runs out. Most people who give you advice in the next 6 months are probably going to try selling you something. Filter everything ruthlessly. Trust your user feedback and trust the burn rate. Now go build and say "no"...... consistently. Godspeed.

How to save $300m in crypto. > Step 1: Have $300m. > Step 2: Stop treating old approvals like live authority. One of the weirdest things about agentic systems is realizing that the most dangerous failures do not always look dramatic at first. Sometimes nothing “breaks.” The system just keeps obeying a decision that no longer makes sense. That is why the Drift situation stuck with us. This wasn't the usual crypto story where a contract bug blows open and everyone gets to point at the broken line of code and move on. It was more unsettling than that. The real issue was stale authority. > Approvals were gathered earlier. > Context changed later. Execution happened when the conditions were finally right. And the system still treated past consent like present permission. That is such a brutal design flaw because it sounds reasonable until it costs nine figures. And honestly, this is exactly where I think zKYC could have helped. Not in the shallow “identity solves security” way. That is not the point. The point is that zKYC creates the possibility of live, execution-time verification. Not just: did enough people sign this once? But: who is acting right now? Are they still verified? Do they still have the right permissions? Has risk changed? Should this action still be allowed under current conditions? That is a completely different security posture. If a critical admin action had to pass a fresh policy check at execution time — with the system able to return allow, deny, or step-up based on live credential and policy state — then old approvals would stop functioning like permanent authority. And that is the deeper lesson here. Crypto has spent years securing signatures. The next layer is securing context. Because in systems moving this much money, stale authority is not just a governance problem. It is an exploit surface.

Drift lost roughly ~$280M. No obvious smart contract bug. No simple private key leak. The exploit path did not look like the usual “code broke, funds vanished” story. That is what should make people uncomfortable. What actually happened: - An attacker manipulated multisig signers - Got approvals in advance - Didn’t execute immediately - Waited Then used durable nonce, a Solana feature that can keep a transaction executable longer than a normal blockhash window. When the timing was right, the attacker used that approval path to: - take admin control, - reshape market and collateral conditions, - weaken or remove safety protections, - and drain funds quickly. That is the core pattern. This was not just a normal hack story. It was a case of approvals gathered earlier being treated as valid authority later, after the context had changed. And the system largely asked: “Was this approved?” It did not adequately ask: “Should this still be allowed right now?” That is the dangerous part. You think multisig protects you. It does. But only at one moment in time. After that? 👉 You’re trusting that nothing changes 👉 That nobody got tricked 👉 That the situation is still safe That is a much bigger assumption than most people realize. Crypto systems ask: “Did enough people sign this?” They don’t ask: “Should this still happen right now, under current conditions?” That’s the gap. And that gap is what a Drift-style exploit makes painfully visible. We need a different rule: Critical actions should not execute just because they were approved at some earlier point. They should require a fresh decision at the moment execution happens. Not before. Not “a few days ago.” Not “it was signed already.” Now. This is exactly the gap we’re building around. Not replacing multisig. Not replacing timelocks or guardrails. Working alongside them to add the missing execution-time check before critical actions go through. Execution-Time Authority adds a fresh runtime decision before critical actions go through. Just making sure: approval doesn’t turn into permanent authority Drift was not just a story about broken code. It was a story about stale authority being treated like live authority. Approvals made in the past were treated as authority in the present. Execution-Time Authority fixes this by requiring every critical action to be validated in real time. If your system can’t do that, it’s not secure. It’s just delayed failure.

Here's one of the best life advice I've heard recently: "Don't save the good wine for a good day. Good wine is wasted on a good day. On a good day, all wine is good wine. Bad wine is good wine. Drink good wine on a bad day. That's what it's for." Hope all of you are gonna be opening bad wines tonight!