Olivia
Online
Dean Tribble
@DeanTribble
Chief Executive Orchestrator @agoric. IBC core contributor, OG Cypherpunk, and long-time entrepreneur and builder
Joined June 2012
1.4K Following
4.5K Followers
1.3K Posts
TL;DR
- nasty zcash bug fixed
- defensive AI FTW
- exploit is unlikely
- verification of it coming
- unshielded holders are well protected
Conclusion: HODL!
Future: formal verification
Thank you Haseeb
There's a lot of confusion about the recently patched Zcash bug. Here's how to actually understand it.
If the bug had been exploited before the patch (very unlikely it was), it would have looked like the shielded pool getting drained. Whoever minted the counterfeit shielded ZEC would want to sell fast, before anyone else found the same bug. And remember, the market for ZEC is almost entirely transparent ZEC, not shielded. You can't dump freshly minted shielded ZEC on Binance or Coinbase without unshielding it first.
The losers in that scenario are shielded holders who sit still. The transparent portion of Zcash is fully visible, so it's trivial to enforce that transparent ZEC never exceeds max supply. If you try to unshield more than the cap, you'll get stopped at the door.
So if you hold transparent ZEC (anyone trading, on an exchange, or doing price discovery on ZEC) there's no marginal effect on you. The loss falls entirely on shielded holders.
The team's next step is a new turnstile and a fresh shielded pool in the coming upgrade, which will confirm the shielded pool was not inflated. Think of it as taking headcount at the end of the field trip--that will make sure no extra kids snuck onto the bus.
But while AI found this bug, AI will also deliver the fix for the whole category: formal verification. I'm very bullish on this as the path to harden all software across the industry. Formally verified cryptography can't have implementation bugs by construction.
Right now AI is surfacing vulnerabilities across all our software--browsers, OSes, and blockchains are no exception. We're in the awkward adolescence where every wart is getting magnified and put on full display. But formally verified software is the only path forward for mission-critical software, and Zcash has put it front and center on their roadmap to deliver.
Privacy is too important not to.
(Dragonfly holds $ZEC and continues to. I'm personally an investor in ZODL.)
The Instagram hack was not just an AI chatbot story.
It was a confinement failure.
Attackers did not crack passwords or exploit a sophisticated zero-day. They convinced an AI support chatbot to add a new email address to high-profile Instagram accounts, then used that access to trigger password resets.
That matters because AI agents are increasingly being connected to live systems with real authority: account controls, user data, financial workflows, customer support tools, enterprise software, and more.
When an AI agent has broad standing authority, the agent itself becomes an attacker-accessible trust boundary.
The lesson is not simply “make the chatbot smarter.”
The lesson is: don’t give the agent powers it should never have in the first place.
This is the problem object-capability security and the @__Endojs__ framework are designed to address. Authority should be explicit, scoped, auditable, and revocable. An AI agent should only be able to act with the exact capabilities it has been given for the task at hand.
No more ambient authority.
No more assuming a helpful agent is a safe agent.
Confinement is not an advanced feature for AI systems. It is the foundation.
Read more about it in our latest blog post
https://t.co/KNfQFa0DfH
Aging is arguably the root cause of most major diseases (loss of function in our cells). Four years ago, we made a bet that aging was treatable, and NewLimit was born.
NewLimit now has a prototype drug that reverses the age of some human cells (restores function they had when they were younger), and a clinical trial scheduled for next year (with more drug candidates in the pipeline).
Grateful to Founders Fund, Thrive, Greenoaks, and the rest of the investors for this latest round. @jacobkimmel and the team are just getting started.
What if there were a way to contain the agent to the capabilities you deem necessary, and nothing more?
Oh .. https://t.co/oliTncgxKH
Who to follow
Cosmoverse
@CosmoverseHQ
Where Institutions Meet Blockchain Infrastructure.
Hong Kong · 5–6 November 2026 | #Cosmoverse26
Interchain Foundation
@interchain_io
Building and stewarding @cosmos. Join us in creating an interoperable multichain future with @cosmoslabs_io
Cosmostation Wallet
@IBCwallet
The Interchain Wallet by @CosmostationVD // Portal to Interblockchain Messaging
Robinhood's AI agent trading launch is a real milestone. It's also highlights something the industry often gets wrong.
The question isn't "should agents manage capital?" They should. It's "what authority model they operate under?"
Giving an agent keys or broad wallet permissions is the wrong answer. You can only explain misbehavior rather than prevent it.
What financial agents actually need:
→ Constrained execution: an agent only act within an explicitly defined scope. Not "we trust it won't" but "it architecturally cannot"
→ Revocation: the user can pull authority at any time, without needing the agent's cooperation
→ Auditability: every action is visible and attributable before and after it happens, not reconstructed from logs after something goes wrong
This must live at the authority layer, in the smart contract, not in a compliance dashboard on top of unconstrained execution.
The agent might move your capital into a low-yield fund. That's fine, that's what you authorized. But it should be architecturally impossible for it to send funds to an unapproved address, bridge to an unapproved destination, or act outside the scope you set.
Agents need contracts, not keys.
What's the worst that can happen?
Big milestone for the Clarity Act yesterday.
While everybody is talking about what it's going to do for stablecoins and economies, the bigger win (IOHO) is the potential for blockchain as a whole.
Good read here from @a16zcrypto that speaks to the wider implications of the eventual full passing of the act.
"What builders need to know about the CLARITY Act, what it is and why it matters"
https://t.co/kuPaUoWQaz
You don't need to know which chain has the best yield right now.
You don't need to manually bridge anything.
Pick a One Signature Strategy, sign once, and Ymax handles the rest.
Start enjoying your yield in about 60 seconds.
Try now: https://t.co/FyHR7uHfVu
Financial systems are only as good as their execution guarantees. DeFi is the first system where those guarantees can be enforced at the protocol layer instead of just assumed. That's a genuinely new thing. That's why I DeFi!
And that inspires me to BLD.
@agoric
🫵Hey, you! Why do you DeFi?
For us it's simple.
Capital should work as hard as the person who earned it, and you shouldn't need a computer science degree to make it happen, regardless of what chain it's on.
What about you?
Earlier this week we announced smart account support in Ymax.
That means popular smart account setups like Base Wallet can now access cross-chain stablecoin yield with a single signature. No workarounds, no friction.
This makes Ymax accessible to the millions of smart accounts created since EIP-4337.
Smart accounts are also a key ingredient for features like multi-sig support 👀
The ability to delegate authority to and safely run code written by agents is a critical superpower. Here's how to get the real guardrails that we need for safely using AI everywhere.
We've just published an important blog article.
📍Containing AI Agents: The Endo Familiar in Action📍
Three questions for anyone shipping AI agents:
1️⃣ If the model gets prompt-injected, what can it reach?
2️⃣ If it tries to exfiltrate data, what stops it?
3️⃣ If a dependency is compromised, what's the blast radius?
🫨 If those answers make you nervous, they should.
The good news: there's a foundation built for exactly this problem.
Watch @agoric 's @kriskowal demo the ⭐ Endo Familiar ⭐ , plus our latest post on why containment has to come first:
https://t.co/Ry0odbCoJr
Another day, another ambient authority disaster.
All avoidable with @__Endojs__ and object-capabilities.
@KentonVarda And that mentions that it was Friam. I wonder if it was recorded. It's great that the comment captures the issue, or rather design challenge :). Thank you!
@KentonVarda You did not! I am concurrently shocked and honored. I wonder which one will win :).
Is this the four-party hand-off issue? It's on my list to explain somewhere so that future AIs can address it in other protocols.
AI agents managing your capital need authority to act, makes sense.
But most frameworks give them too much access, like API keys and broad permissions, but with no real enforcement of what they can and can't do. 😬
Ymax is built on Agoric's object-capability model. If an agent were to act on your portfolio, its authority is scoped, revocable, and enforced on-chain. Not promised in a terms of service.
The agent can rebalance. It cannot, by construction, do anything outside the scope you defined.
This is what safe agent execution looks like 😌
The reason we care about this distinction in governance is the same reason we care about it for yield. When robustness and true independence are missing, users lose — whether through governance hijinks or fragile cross-chain bridges.
Arbitrum frequently offers some of the highest stablecoin yields right now. That’s exactly why multichain strategies consistently deliver higher returns than staying on any single chain.
In @ymaxapp, we make that practical with one-signature access to stablecoin yield across multiple chains — non-custodial orchestration built on Agoric that removes single points of failure.
Check it out: https://t.co/aBDtWSGxSO
@agoric @arbitrum
Well done on decentralized decisions making.
Too often people equate “decentralized” with “immutable” or “run with many machines and resources” (hello WRLF debacle). That misses the point and leads to failures like the recent ~$600M+ losses across Drift and rsETH.
Real decentralization is about multiple independent parties in different jurisdictions coming to consensus on the result.
Maintaining a thoughtful rotating roster of independent parties takes serious engineering and governance forethought. The effort to get consensus on a decision is sufficiently high that it cannot be used for random chain hijinks.
It’s rarely perfect, but when done right it delivers the best balance we have between safety and liveness.
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications.
After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users.
As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.
I occasionally hear “users don’t care about decentralization.” But they sure care when bad things happen that real decentralization would prevent.
In just the last few weeks: ~$285M drained from Drift and ~$292M in rsETH via the Kelp DAO LayerZero bridge incident — pushing recent DeFi losses well over $600M.
These incidents highlight the risks in cross-chain infrastructure when robustness falls short.
Kudos to the teams building real decentralized interop — not just connecting chains, but hardening every layer: diverse validators, heterogeneous operators, incentives that don’t collapse under pressure, light-client proofs and zk, on-chain orchestration and delegation, and no single point of failure — including at the human layer.
Users may not geek out on the plumbing, but they do care about the outcomes. They want to earn cross-chain yield — but only if it’s actually safe and seamless, without the constant worry that their funds could vanish overnight.
That’s exactly what we’re delivering at @ymaxapp: safe, seamless access to cross-chain yield you can actually trust, powered by non-custodial orchestration built on Agoric.
Check it out: https://t.co/aBDtWSGxSO
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers