U.S. Congress is officially more cypherpunk than most of you on here
the new CLARITY Act is better than ever on respecting 'decentralization' (loosely speaking) & gets rid of the 'we didn't promise anything so now we're unregulated' loophole many of us were worried about
it replaces the corporate style 'common control' test with 'coordinated control', which in theory will be a harder standard to meet (up to the SEC to ultimately define it, but the criteria it must consider are quite robust)..
corpochains will struggle to meet this standard...this doesn't mean they're illegal but it will mean sales of the token by insiders etc. are much more regulated and more disclosure is required
L2s will have to make sure their security councils are quite narrowly scoped
there's no halfway with this shit. you're either in a legal regime or an alegal one. now security council or DAO can debate the next step in a gray area they have no preexisting policies or procedures for and worry who might sue if the choice goes wrong. but sure, I'm the bad guy for pointing out how badly equipped an L2 is to be an arbiter of justice.
i can admit when i was wrong.
so there's good news and bad news:
bad news: sniping modern pateks/rolexes on ebay is not a thing. it's an ~efficient market
good news: passing unidetified manhattan estate liquidation lot images through a vision model to find mispricings appears to be a thing
the core of the thesis has evolved to: find auction pools where the clearing price is structurally depressed for reasons unrelated to what the item is, and value it against the current bid
you thought C-tier perp DEX RWA flow was soft?
how about regional pickup-only estate liquidation listings
that busted up old japanese paper divider that sat next to Gramps' writing corner? it's worth $12,000 to a collector, but the top bid is for $30, and the seller just wants it gone
Maw Maw's favorite brooch listed for $120? it's tiffany and it's worth $25,000
but nobody knows these valuations except a few thousand people in the entire USA per niche category. and the odds that they are going to sift thourgh hundreds of thousands of random listings daily that are mislabeled (or, more commonly, unlabeled) to find all mispricings is ~0
so i (claude) built a tool to scrape nyc tri-state area estate liquidation sales, price listings, and surface the gems
first pass does a claude haiku 4.5 valuation. 2nd pass (manual) is an opus 4.7 valuation for the high ticket items with low bids. on many thousands of listings per day
manhattan is a particularly good sub-market for this (although probably more efficient than some) because of the concentration of wealth
but any major metro will have some inefficiency / insane deals
--
to expand on the thesis a bit
edge comes primarily from the venue, not the query. we are trying to stack multiple qualifiers from the following list to determine likely 'soft' venues for listing discovery
A. limited bidder pool - small venue, obscure platform, in-person, local-only
B. wrong bidder pool - charity gala, corporate event, room full of non-specialists
C. friction - pickup only, wire/cash only, old bad website
D. non-monetary motivation - tax deduction > price, speed > price (estate, divorce, bankruptcy)
E. information asymmetry - seller doesn't know what they have
F. time-boxed release - court deadlines, closeouts, lapsed reservations
scraping currently on estate liquidations in the tri-state area but i think there is probably softer flow out there. maybe charity auctions or court-ordered liquidations
----
good side project, will continue
In late 2023, French streamer TeufeurS was extorted for a ransom after a family member was kidnapped in France.
I can finally share that I helped lead efforts that resulted in an ~$800K freeze with the Binance Security team after a $2M ransom was paid.
Six suspects tied to the incident were later arrested. Given the sensitivity of the case, I held off commenting until now.
I have since assisted with asset freezes and identifying culprits in several of the recent France home invasion robberies, and hope to share details in the coming months.
If you or someone you know falls victim, reach out as soon as possible rather than delay.
I prioritize these types of cases as they have grown more frequent amidst this disturbing trend.
Nobody in crypto has the skillset, credibility, and reach to take on RAVE and the broader extractive coin meta the way @zachxbt does. Proven track record, high signal, zero grift.
Sending him 10K for future bounties specifically on these manipulated scam coins. Every large KOL who monetizes should follow through and fund this.
If he kills this meta, it will be a far bigger win for crypto than most people realize.
We need to back him.
Hello I saw you try to blur out photos posted however I noticed you forgot to blur the third one.
Do I go ahead and report your other foreign team member living in the US to ICE?
You may be able to bribe third worlders with your small giveaways however I have zero limitations on how far I am willing to go.
@DeanEigenmann@maineguy202 We’ve got full on psyop energy over this reality on the DVN compromise… there is weird, political, “don’t believe your own eyes” energy afoot
@uttam_singhk@banteg Yes because it is the only logical explanation when we discuss the actual mechanics of the hack not this nonsense LZ put out to cover its ass
@0xngmi Won't anyone ask whether it was an insider job, and why no one thought it was a bad idea to rely on a single signer for a roughly $1.3 billion protocol? It is far too convenient to blame these "hacks" on North Korea with no evidence pointing to them.
So.. LayerZero blames the project in totality for using a quorum of 1 on their DVN.
Their defaults in their code are for a quorum of 1.
Loads of projects use a quorum of 1 in prod and not only do they know about it, they run it for them.
And.. it’s them that got hacked.
@hosseeb Nope. Bullshit. Needed LZs key to pull this exploit. Which had to come from inside LZ. There’s shitload of contagion risk since LZ is obviously compromised.
layerzero attack was not rpc poisoning
in networking poisoning is when the attacker outside the trust boundary taints a shared lookup (dns, arp, cache). the consumer has no reason to distrust the source.
this was not that.
the attackers got inside layerzero's trust boundary. they accessed the rpc list, compromised two nodes the dvn depended on, and swapped the op-geth binaries. that's an infra breach within the perimeter. supply-chain shaped, not network shaped.
and the payload was surgical. the malicious binary cloaked by ip, served forged payload only to the dvn, told the truth to scan and every other caller, then self-destructed to wipe logs and binaries.
rpc poisoning makes it sound like something that happened to the infra from the outside. the real story is a targeted implant operating inside the trust boundary.
that's a meaningfully scarier attack than the label suggests.