Olivia
Online
Constantine | dRPC.ORG
@constantine_rm
CEO at @dRPCorg - The most performant & reliable Web3 infrastructure
Worldwide
Joined October 2017
243 Following
9.6K Followers
2K Posts
Pinned Tweet
In dRPC you can run a quorum of data providers, including internal nodes, with custom rules for quorum. We made it in 2023: https://t.co/5K8YgG6z3K. For a mission-critical application like a bridge or oracle, there's no excuse not to set it up. But they didn’t.
The framing of the recent KelpDAO and LayerZero incidents as some novel attack vector, or the work of meaningfully smarter attackers, is mostly wrong. The actual failure mode - applications trusting a single RPC endpoint to return honest data - has been discussed openly for years, by @VitalikButerin, @lomashuk, @MicahZoltu, @wagmiAlexander, @ChainLinkGod, @banteg, and many others. It is neither new nor subtle. A closely related failure happened in 2022 with the Ankr DNS hijack on Polygon and Fantom: https://t.co/MYUn9vdXui
The point here isn't ideological. In a 24/7 market where automated systems act on RPC responses in real time, assuming one provider will always return correct data is a system-level risk. There is no T+2 window in which a human notices the error and reverses it.
When we launched dRPC, cross-verification across a permissioned set of RPC providers was the core idea. The original repo and docs are still up (although outdated since then):
-https://t.co/5K8YgG6z3K
- https://t.co/rMMaul9HJW
We used a simple quorum rather than zk-based verification, partly to test real demand before overbuilding. Two observations from that period:
1. The demand was not there. In public, everyone agreed with the thesis. In private, the responses were "we are not ready to pay more for quorum," or "yes, we could apply it to sensitive paths only, but it's not a priority."
2. The risk was real. The market is now discovering this at a cost of roughly $250M.
Because full cross-verification on every request is overkill for most workloads, we eventually shifted toward shadow checks — randomized background comparisons across providers that detect and eject unhealthy nodes before they serve meaningful traffic. This is a reasonable compromise for general workloads. It is not a substitute for quorum on sensitive paths.
So the practical rule, for anyone building infrastructure whose failure mode is user funds:
1. Use at least 3–5 independent, reliable RPC providers.
2. Do not build your load balancer on training wheels. Something like https://t.co/pJDU21rKi4 is open source, free, and almost certainly better than what you would build in-house. Contributing to it is a better use of time than reinventing it.
You cannot defend against every possible attack. But this particular class is avoidable at low cost, if you are willing to treat RPC as a system-level dependency rather than a commodity input. That is a reasonable bar for anything meant to serve more than a narrow circle of users.
We will update the dRPC NodeCore (https://t.co/pJDU21rKi4) with strict rules for quorum on your side in the near future, stay tuned. If you have more sophisticated requirements for security, we are fully open for your requests - feel free to each me our via DM here or by email [email protected]
https://t.co/3vIHs3Xgs4
Today: We're the #1 DEX on the #1 chain.
Soon: We're the #1 DEX across all EVM. 🛫
Well said.
The whole world is pretty “patterned”.
Rivers finds the easiest way to flow, likewise money finds the easiest way to grow.
People could help to find these ways and adapt or spend their lives trying to change direction of the flow because “that’s right” in their mind.
Elon Musk avait dit un truc qui m'avait marqué sur l'allocation de ressources. En substance : passé un certain niveau de richesse, l'argent n'est plus de la consommation, c'est de l'allocation de capital.
Cette phrase change tout.
L'économie, dans le fond, c'est juste un problème d'allocation. Tu as des ressources finies et des usages infinis. Qui décide où va quoi ?
Imagine une cour de récré. 100 enfants, des paquets de cartes Pokémon distribués au hasard. Tu laisses faire. Très vite, un ordre émerge. Les bons joueurs accumulent les cartes rares, les collectionneurs trient, les négociateurs trouvent des deals. Personne n'a planifié. Et pourtant chaque carte finit dans les mains de celui qui en tire le plus de valeur. Le système maximise le bonheur total de la cour. C'est ça, la main invisible.
Maintenant fais entrer la maîtresse. Elle trouve ça injuste. Léo a 50 cartes, Tom en a 3. Elle confisque, redistribue, impose l'égalité. Trois effets immédiats. Les bons joueurs arrêtent de jouer, à quoi bon. Les mauvais n'ont plus de raison de progresser, ils auront leur part. Les échanges s'effondrent. La cour est égale, et morte. Elle a maximisé l'égalité, elle a détruit le bonheur.
Le problème de la maîtresse, c'est qu'elle ne peut pas avoir l'information que la cour avait collectivement. C'est le problème du calcul économique de Mises, formulé en 1920. L'URSS a essayé de le résoudre pendant 70 ans avec le Gosplan. Résultat : pénuries, queues, effondrement. Pas parce que les Soviétiques étaient bêtes, parce que le problème est mathématiquement insoluble en mode centralisé.
Quand Musk a 200 milliards, il ne les consomme pas, il les alloue. SpaceX, Starlink, Neuralink, xAI. Chaque dollar est un pari sur le futur. Et lui a un track record. PayPal, Tesla, SpaceX. Il a démontré qu'il sait identifier des problèmes immenses et y allouer des ressources avec un rendement spectaculaire.
L'État aussi a un track record. Hôpitaux qui s'effondrent, éducation qui décline, dette qui explose, services publics qui se dégradent malgré des budgets en hausse constante. Le marché identifie les bons allocateurs, la politique identifie les bons communicants.
Le profit n'est pas une finalité, c'est un signal. Il dit : tu as alloué des ressources rares vers un usage que les gens valorisent suffisamment pour payer. Plus le profit est gros, plus la création de valeur est grande. Quand Starlink est rentable, ça veut dire que des millions de gens dans des zones rurales ont enfin internet. Quand un ministère est en déficit, ça veut dire qu'il consomme plus qu'il ne produit. L'un crée, l'autre détruit, et on appelle ça redistribution.
Dans nos sociétés il y a deux catégories d'acteurs. Les entrepreneurs et les bureaucrates. L'entrepreneur prend un risque personnel pour identifier un problème, mobiliser des ressources, créer une solution. S'il se trompe il perd. S'il a raison, ses clients gagnent, ses employés gagnent, ses fournisseurs gagnent, l'État collecte des impôts. Il est la cellule de base du progrès humain.
Le bureaucrate ne prend aucun risque personnel. Son salaire est garanti. Au mieux il maintient une rente existante. Au pire il la détruit par excès de réglementation, mauvaise allocation forcée, incitations perverses qui découragent ceux qui produisent. Mais dans aucun cas il ne crée.
Regarde les 50 dernières années. iPhone, internet civil, SpaceX, Tesla, Google, Amazon, Stripe, mRNA, ChatGPT. Toutes des inventions privées, portées par des entrepreneurs, financées par du capital risque. Pas un seul ministère n'a inventé quoi que ce soit qui ait changé ta vie au quotidien.
La France est devenue le laboratoire mondial de la dérive bureaucratique. 57% du PIB en dépenses publiques, record absolu. Une administration tentaculaire, une fiscalité qui pénalise la création de richesse. Résultat : décrochage face aux États-Unis, à l'Allemagne, à la Suisse. Fuite des cerveaux. Désindustrialisation. Dette qui explose.
Et le pire c'est que la mauvaise allocation s'auto-renforce. Plus l'État prélève, moins les entrepreneurs créent. Moins ils créent, moins il y a de base fiscale. Plus l'État s'endette et taxe. Boucle de rétroaction négative parfaite. La maîtresse pense qu'elle aide, et chaque année la cour produit moins.
Dans nos sociétés, ce sont les entrepreneurs, toujours, qui font avancer la civilisation. Les bureaucrates au mieux maintiennent une rente, au pire la détruisent. Aucune société n'a jamais progressé en taxant ses créateurs pour subventionner ses gestionnaires.
La question n'est jamais qui a combien. C'est qui alloue le mieux la prochaine unité de ressource pour maximiser le futur de l'humanité. La réponse depuis 200 ans n'a jamais changé. Ce ne sont pas les fonctionnaires.
1. Yes, because it’s just default lb, where your local nodes always better and prioritized.
2. If someone catch you with gun on the street, your 16 symbols password will not help you to save money, if guy with gun know about them - correct. But LZ told that balancer was not hacked, only RPCs ;)
2.1. What is “popular”? dRPC is popular, we serve majority of well-known web3 projects. If you ask about Alchemy and QN particularly, because only those 2 more “popular” now - we don’t have them in pool, so currently you can’t use them for such quorum. But I believe it’s good momentum in time to discuss this with them as well. Eventually it’s not about competition, but collaboration for common good.
Btw, write me in DM, always happy to speak with fans 🫶
In dRPC you can run a quorum of data providers, including internal nodes, with custom rules for quorum. We made it in 2023: https://t.co/5K8YgG6z3K. For a mission-critical application like a bridge or oracle, there's no excuse not to set it up. But they didn’t.
The framing of the recent KelpDAO and LayerZero incidents as some novel attack vector, or the work of meaningfully smarter attackers, is mostly wrong. The actual failure mode - applications trusting a single RPC endpoint to return honest data - has been discussed openly for years, by @VitalikButerin, @lomashuk, @MicahZoltu, @wagmiAlexander, @ChainLinkGod, @banteg, and many others. It is neither new nor subtle. A closely related failure happened in 2022 with the Ankr DNS hijack on Polygon and Fantom: https://t.co/MYUn9vdXui
The point here isn't ideological. In a 24/7 market where automated systems act on RPC responses in real time, assuming one provider will always return correct data is a system-level risk. There is no T+2 window in which a human notices the error and reverses it.
When we launched dRPC, cross-verification across a permissioned set of RPC providers was the core idea. The original repo and docs are still up (although outdated since then):
-https://t.co/5K8YgG6z3K
- https://t.co/rMMaul9HJW
We used a simple quorum rather than zk-based verification, partly to test real demand before overbuilding. Two observations from that period:
1. The demand was not there. In public, everyone agreed with the thesis. In private, the responses were "we are not ready to pay more for quorum," or "yes, we could apply it to sensitive paths only, but it's not a priority."
2. The risk was real. The market is now discovering this at a cost of roughly $250M.
Because full cross-verification on every request is overkill for most workloads, we eventually shifted toward shadow checks — randomized background comparisons across providers that detect and eject unhealthy nodes before they serve meaningful traffic. This is a reasonable compromise for general workloads. It is not a substitute for quorum on sensitive paths.
So the practical rule, for anyone building infrastructure whose failure mode is user funds:
1. Use at least 3–5 independent, reliable RPC providers.
2. Do not build your load balancer on training wheels. Something like https://t.co/pJDU21rKi4 is open source, free, and almost certainly better than what you would build in-house. Contributing to it is a better use of time than reinventing it.
You cannot defend against every possible attack. But this particular class is avoidable at low cost, if you are willing to treat RPC as a system-level dependency rather than a commodity input. That is a reasonable bar for anything meant to serve more than a narrow circle of users.
We will update the dRPC NodeCore (https://t.co/pJDU21rKi4) with strict rules for quorum on your side in the near future, stay tuned. If you have more sophisticated requirements for security, we are fully open for your requests - feel free to each me our via DM here or by email [email protected]
https://t.co/3vIHs3Xgs4
We got a lot of requests to bring this back to life, and as promised, it's live now! https://t.co/gNoQQJrclU
If you build a mission-critical dApp, or if part of your functionality is super fragile to RPC poisoning, please use the Verification feature from dRPC via NodeCloud or NodeCore; there is no excuse not to use it, and you can't say, after yet another hack, that you were not aware of this.
In dRPC you can run a quorum of data providers, including internal nodes, with custom rules for quorum. We made it in 2023: https://t.co/5K8YgG6z3K. For a mission-critical application like a bridge or oracle, there's no excuse not to set it up. But they didn’t.
The framing of the recent KelpDAO and LayerZero incidents as some novel attack vector, or the work of meaningfully smarter attackers, is mostly wrong. The actual failure mode - applications trusting a single RPC endpoint to return honest data - has been discussed openly for years, by @VitalikButerin, @lomashuk, @MicahZoltu, @wagmiAlexander, @ChainLinkGod, @banteg, and many others. It is neither new nor subtle. A closely related failure happened in 2022 with the Ankr DNS hijack on Polygon and Fantom: https://t.co/MYUn9vdXui
The point here isn't ideological. In a 24/7 market where automated systems act on RPC responses in real time, assuming one provider will always return correct data is a system-level risk. There is no T+2 window in which a human notices the error and reverses it.
When we launched dRPC, cross-verification across a permissioned set of RPC providers was the core idea. The original repo and docs are still up (although outdated since then):
-https://t.co/5K8YgG6z3K
- https://t.co/rMMaul9HJW
We used a simple quorum rather than zk-based verification, partly to test real demand before overbuilding. Two observations from that period:
1. The demand was not there. In public, everyone agreed with the thesis. In private, the responses were "we are not ready to pay more for quorum," or "yes, we could apply it to sensitive paths only, but it's not a priority."
2. The risk was real. The market is now discovering this at a cost of roughly $250M.
Because full cross-verification on every request is overkill for most workloads, we eventually shifted toward shadow checks — randomized background comparisons across providers that detect and eject unhealthy nodes before they serve meaningful traffic. This is a reasonable compromise for general workloads. It is not a substitute for quorum on sensitive paths.
So the practical rule, for anyone building infrastructure whose failure mode is user funds:
1. Use at least 3–5 independent, reliable RPC providers.
2. Do not build your load balancer on training wheels. Something like https://t.co/pJDU21rKi4 is open source, free, and almost certainly better than what you would build in-house. Contributing to it is a better use of time than reinventing it.
You cannot defend against every possible attack. But this particular class is avoidable at low cost, if you are willing to treat RPC as a system-level dependency rather than a commodity input. That is a reasonable bar for anything meant to serve more than a narrow circle of users.
We will update the dRPC NodeCore (https://t.co/pJDU21rKi4) with strict rules for quorum on your side in the near future, stay tuned. If you have more sophisticated requirements for security, we are fully open for your requests - feel free to each me our via DM here or by email [email protected]
It's a good question, and we can't say "use dRPC's NodeCloud or NodeCore, and you will be 100% SAFU", I'm not "that" CZ :D
But the possibility of such an attack will be much lower.
Based on their message, they used 2 self-hosted RPC (poisoned) and 1 3rd-party RPC (DDoSed). With this feature, as I mentioned, https://t.co/gNoQQJrclU, it will be impossible to hack.
Why:
1. not only 3 nodes, 2 of them under the control of 1 DevOps.
2. each response signed by provider by key on provider side.
3. if quorum didn't reach (let's imagine some node was poisoned or DDoSed) you will get error, not a wrong response
@easeev @banteg @Quicknode "Send enough traffic" via eth_call? And block not particular requests that hit the limit, but the entire account? God bless users of this service in that case :)
Not really, I don't even know how KelpDAO is exactly related here. This post is about a technical design issue, based on the official message from LayerZero. And such kind of issues it's not something unique. It's not pointing to someone particular about poor design, it's a highlight of a general poor approach, where for years people refused to spend time and money on RPC reliability.
In dRPC you can run a quorum of data providers, including internal nodes, with custom rules for quorum. We made it in 2023: https://t.co/5K8YgG6z3K. For a mission-critical application like a bridge or oracle, there's no excuse not to set it up. But they didn’t.
The framing of the recent KelpDAO and LayerZero incidents as some novel attack vector, or the work of meaningfully smarter attackers, is mostly wrong. The actual failure mode - applications trusting a single RPC endpoint to return honest data - has been discussed openly for years, by @VitalikButerin, @lomashuk, @MicahZoltu, @wagmiAlexander, @ChainLinkGod, @banteg, and many others. It is neither new nor subtle. A closely related failure happened in 2022 with the Ankr DNS hijack on Polygon and Fantom: https://t.co/MYUn9vdXui
The point here isn't ideological. In a 24/7 market where automated systems act on RPC responses in real time, assuming one provider will always return correct data is a system-level risk. There is no T+2 window in which a human notices the error and reverses it.
When we launched dRPC, cross-verification across a permissioned set of RPC providers was the core idea. The original repo and docs are still up (although outdated since then):
-https://t.co/5K8YgG6z3K
- https://t.co/rMMaul9HJW
We used a simple quorum rather than zk-based verification, partly to test real demand before overbuilding. Two observations from that period:
1. The demand was not there. In public, everyone agreed with the thesis. In private, the responses were "we are not ready to pay more for quorum," or "yes, we could apply it to sensitive paths only, but it's not a priority."
2. The risk was real. The market is now discovering this at a cost of roughly $250M.
Because full cross-verification on every request is overkill for most workloads, we eventually shifted toward shadow checks — randomized background comparisons across providers that detect and eject unhealthy nodes before they serve meaningful traffic. This is a reasonable compromise for general workloads. It is not a substitute for quorum on sensitive paths.
So the practical rule, for anyone building infrastructure whose failure mode is user funds:
1. Use at least 3–5 independent, reliable RPC providers.
2. Do not build your load balancer on training wheels. Something like https://t.co/pJDU21rKi4 is open source, free, and almost certainly better than what you would build in-house. Contributing to it is a better use of time than reinventing it.
You cannot defend against every possible attack. But this particular class is avoidable at low cost, if you are willing to treat RPC as a system-level dependency rather than a commodity input. That is a reasonable bar for anything meant to serve more than a narrow circle of users.
We will update the dRPC NodeCore (https://t.co/pJDU21rKi4) with strict rules for quorum on your side in the near future, stay tuned. If you have more sophisticated requirements for security, we are fully open for your requests - feel free to each me our via DM here or by email [email protected]
I'm not really understanding how "other providers" were DDoSed by <20M eth_calls during a couple of hours, based on the provided screenshot.
And as @ChainLinkGod mentioned below, there are no clear statements on who compromised. I believe most likely it was in-house nodes. Because it's quite logical from a typical lb logic perspective:
1. lb estimate fastest nodes
2. lb send requests to it
So you don't need to DDoS anybody, you can just compromise in-house nodes which are closest to the Gateway and considered "fastest" - profit.
We initially built our system to cover such issues on RPC centralization, because such a vector of attack is not new at all, and it was just a question of time, when it would hit. Will make a post with my thoughts on all of this today.
@banteg Great points 👏
@big_duca @0xArdent @Quicknode @Helius Better to add @dRPCorg in your balancer. Not just +1 provider, but dozens with auto routing under the hood.
Plus for load balancing itself on your infra you can use https://t.co/xtdCHQSVlU
Finally, you got what your lovely agent always asked for, please meet the dRPC Agent Skills!
Why are you still writing RPC calls in 2026?
What if your AI agent could just ask for blockchain data and get it instantly?
Learn like a PRO on the thread 👇
3 rounds of audits, starting this month.
Then a bug bounty.
Then Mainnet.
See you in July.
@vasily_sumanov @wagmiAlexander @wmougayar @aerodrome @CurveFinance For sure just yet another vibe code genius 😅
@wagmiAlexander Glad to hear that people starting understand this, finally
Most Solana infra promises speed. Few explain where it comes from. Speed is not just about sending. It is about landing, and that is a product of routing. Let us break it down ↓
@wagmiAlexander Wow, that’s huge! 🚀
@tempo Mainnet is live 🚀
A new chain purpose-built for real-world payments, not general-purpose experimentation.
Builders can now start using Tempo via public RPC endpoints 👇
https://t.co/SrsYTukZDU
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers