MantisClone

Discovered a new method for detecting if someone is using Incognito in Chrome: Write 512 tiny 1-byte responses into a scratch Cache API cache, then read: https://t.co/gsVNLl57y6.estimate().usageDetails.caches Normal Chrome: ~393kb Incognito: ~85kb Why? When you're in incognito, Chrome writes to memory instead of disk, which leaves less metadata residue

🚨 TL;DR: Attackers are sending fake Sentry bug alerts to projects using public Sentry DSNs. The fake alert is designed to trick AI agents into running a malicious `npx` command that looks like a Sentry profiling diagnostic. Do NOT run commands from Sentry issues/logs/alerts unless verified. These are not legitimate Sentry fix commands. The malicious package reportedly steals environment variables/secrets and sends them to advisory-tracker[.]com.

Anthropic is questioning whether AI may turn out to be altogether useless. This is the single most honest thing Anthropic has ever written. “But achieving recursive improvement alone does not suggest an immediate change in how industrial production occurs, societies organize, or markets function. More intelligence can’t learn what a drug does over decades of use, can’t hold elections sooner than a constitution dictates, and can’t turn a stranger into an old friend in a weekend. For most people, the felt pace of this future will still be set by the bottlenecks, even if the laboratory upstream runs at the speed of compute. That collision, where recursive intelligence building itself ever faster meets the world of humans, relationships, and governance, is another part of this future we can’t predict.”

Circle's compliance system flagged an external depositor's wallet. Because that wallet held funds in the cUSDC contract, the entire contract was swept into a standard holding freeze. This is collateral damage, not a sanction against the Zama Protocol. Our legal team is already engaged to isolate the flagged address and restore access for all unaffected participants as quickly as possible.

📢 On Monday, we are announcing a new payment approach. Crypto payments in iGaming grew exponentially. The payment experience didn’t. Operators still rely on fragmented payment processors, custodial flows, cross-chain complexity, and unnecessary exposure to risky funds. #iGaming #CryptoPayments #Stablecoin

This incident is unrelated to Squid’s core protocol and contracts. All Squid users and integrators are unaffected and no action is needed. A third-party Gnosis Safe module was exploited today across Base and Ethereum, resulting in approximately $3.2M in losses. The vulnerable contract is verified on Basescan under the name “SquidRouterModule” but this contract was not built, deployed, or operated by Squid. It is a third-party smart-wallet product that chose to integrate with Squid, among other protocols, but has not been in contact with us. The exploit worked because the third-party module accepted a caller-supplied constant string as proof that a message was secure. If you pass in this string (which is publicly available in the verified contract’s code), then you can execute an array of arbitrary calldata, stealing funds at will. The victims’ Safes had added this faulty contract as a trusted Safe Module, which gives the contract the ability to spend any tokens in the Safe without signatures. Squid’s own router (0xce16F69375520ab01377ce7B88f5BA8C48F8D666) is architecturally different and was not touched. Squid user funds, approvals, and integrations are fully secure. Early public reporting may reference “SquidRouter” due to the contract’s verified name on Basescan. The accurate framing is: a third-party SquidRouterModule was exploited, not Squid’s Router contract. The contract shares our name but is not our code. We are monitoring the situation and will share updates if anything changes materially.

Listening to David’s explanation of why he sold was pretty mind numbing lol… I recently shared that I was a toxic Bitcoin maximalist for roughly 8 years, from 2017 to late 2024. Stablecoins are what initially made me revisit my thesis on Ethereum, and on ether as Ethereum’s native asset. That, combined with the rapid approach of the agentic economy - a world with an infinite number of autonomous economic actors sending value through stablecoins across a small handful of networks that society has deemed valuable - made me reevaluate further. So I went back and revisited my priors on Ethereum. Were my early concerns around centralization, monetary policy, and network effects still valid after all these years? Surely, yes. I set out to prove myself right. I found out I was wrong. The centralization concerns I had entirely faded. While I was 100% encapsulated in my Bitcoin bubble, Ethereum had slowly, quietly, and relentlessly built the only other WWIII-proof, global, credibly neutral, decentralized protocol. And in some areas, Ethereum had actually become more decentralized than Bitcoin: client diversity, validator distribution, and a secure long-term scaling/security model through proof of stake. Ethereum had matured. It had grown out of its early “shitcoin” association. It had become the only truly permissionless, censorship resistant, credibly neutral, and valuable protocol outside of Bitcoin. It grew up. That matters because the only reason I was ever Bitcoin-only was that, at the time, there were no other networks with the protocol traits that could plausibly make all of global finance, and eventually much of humanity, value them at the deepest level. Back then, it was only Bitcoin. So the irony here is incredible. Just as Ethereum and ether have finally matured, just as Ethereum has distanced itself from the decentralized-in-name-only, venture-backed, fake startup, “we’re hiding behind a blockchain” mentality, now a small group of influencers have decided to become negative on Ethereum. When Bitcoiners use the term “shitcoiner,” this is what they are usually talking about. Bag chasers. People who want their chain to act like a company. Permissioned. Hyper-structured. Marketing team. CEO. Quarterly reports. Revenue. Earnings. Some polished growth narrative for VCs. Basically, a bunch of stupid shit that already exists in the fiat world. The same world Bitcoin, and now Ethereum, were created to help us escape from. To suddenly be disappointed that Ethereum has a broader mandate than “pump my bag,” and is instead focused on hardening the traits that make the network valuable over decades, tells you a lot about how these people misunderstand it. CROPS is the value proposition. Censorship resistance. Resilience. Openness. Permissionlessness. Security. That is why society values Bitcoin. That is why society now values Ethereum. And that is why the Laura Shins, Ansems, and David Hoffmans of the world jumping ship now is so revealing. They are not leaving because the thesis broke. They are leaving because they never had the thesis in the first place. They do not and never have seen the value in decentralized, global, open systems - sanctuary technologies or neutral rails that can materially improve people’s lives. What they have always chased is a high-growth stock equivalent with a smaller market cap. A shiny new object that appears once or twice per cycle; violent upward momentum, narrative, and upside without the patience required to actually understand what is being built. They need to chase because they do not have the time horizon to hold a thesis and let conviction compound over time. CROPS is the entire value proposition. Do not let startup-brain influencers, who never understood why this ecosystem was created in the first place, gaslight you out of conviction.

🦔Microsoft canceled its internal Claude Code licenses this week after token-based billing made the cost untenable, even for a company with effectively infinite cloud resources. Uber's CTO sent an internal memo warning the company burned through its entire 2026 AI budget in just four months. American AI software prices have jumped 20% to 37%, and GitHub (owned by Microsoft) is dropping flat-rate plans for usage-based billing across its products. My Take The AI subsidy era is ending in real time. The same company that put $13 billion into OpenAI and built the Azure infrastructure powering most of Anthropic's compute just looked at the bill from a competitor's coding tool and decided it was not worth paying. That is not a productivity failure on Anthropic's end. Token-based pricing is forcing every enterprise customer to confront the actual cost of running these models at scale, and the number turns out to be far higher than the flat-rate experiments suggested. This ties directly to my Gemini Flash post yesterday. Anthropic, OpenAI, and Google all raised effective prices in the last six months. Enterprises that built workflows assuming AI costs would keep falling are now watching annual budgets evaporate in months. Two outcomes look likely from here. Either enterprises scale back AI usage to fit budgets, which slows the revenue ramp the labs need to justify their valuations ahead of IPOs, or the labs cut prices and absorb the losses, which makes the unit economics worse at exactly the wrong moment. Both paths land in the same place, the numbers stop working, and somebody has to take the writedown. Hedgie🤗

Yep, that works as a lightweight local guardrail. It makes Socket Firewall the default path for everyday installs. For macOS/Linux users, the equivalent in zsh/bash would be: alias npm="sfw npm" alias yarn="sfw yarn" alias pnpm="sfw pnpm" alias pip="sfw pip" alias uv="sfw uv" alias cargo="sfw cargo"