Events are just a tool to grow and nurture the community.
They’re not the end goal.
They help us find a balance between education and action, create engagement, and build an environment where real exchanges can happen.
This is an @ENS_DAO program.
The full mechanics, eligibility, and repository are on the ENS forum, and any questions are welcome.
The program runs through September 30.
Delegate in under a minute: https://t.co/62LrZU8Zje
Your ENS has been sitting idle in your wallet.
Starting today it can do two things at once:
> make ENS governance stronger
> and earn you rewards from the ENS DAO
The ENS Delegation Incentives Program is live.
@ensdomains is voting on a to renew its Security Council for two more years before its veto authority expires July 24th.
The council was created after a 2024 governance vulnerability could have enabled a ~$150M treasury theft. Its role stays narrow: 4 of 8 @safe signers can only cancel malicious proposals, not create or amend governance actions.
The renewal also uses an audited @blockful_io contract with zero findings from @NethermindSec that makes future extensions defineable by a single governance vote rather than a fresh deployment and role re-grant. One inactive seat rotates to @Coltron_eth.
Support is broad, but the scope debate matters. @nicksdjohnson supports the backstop, but says it must not veto legitimate proposals just because signers disagree with them. He voted abstain. @bcvfinance argues the two-year authority window is too long for delegates to meaningfully challenge.
35 wallets have cast 4,052,110 $ENS so far: 19.4% For, 0% Against, 80.6% Abstain.
Voting closes June 28th at 4:43pm UTC.
Proposal: https://t.co/PxXEhE8fjx
DAOs are so dead that I see nobody noticed or discussed this proposal that @ENS_DAO essentially dissolves itself and transfers control of the entire treasury (almost half a billion in ENS + stables) to the ENS foundation.
ENS can be both more ambitious and more accountable.
- Create a truly independent board, with world-class members
- No treasury transfer, improved accountability
Here is how we can make this happen:
https://t.co/wn2qEEZCNK
Last week, a DAO built on Aragon's infrastructure was exploited by an attacker who walked away with $472K in net profit.
The attack was straightforward: the attacker funded a contract and spent 662 WETH to purchase 8.192 TOP from the Balancer pool, in 2 swaps - a fraction above the 50% threshold of the token's total supply. TOP is the governance token of the Mask of Power DAO.
In DAOs deployed on Aragon, a default configuration allows any holder of a strict majority of the token supply to pass a governance proposal immediately, with no execution delay. This behavior, known as early execution, was Aragon's default for years and remained active in legacy deployments that never opted into the delayed-execution configuration introduced later.
With majority voting power secured, the attacker bundled a full attack sequence into a single transaction:
- Submit a proposal to mint 10 billion TOP tokens to the attacker-controlled contract
- Vote yes on the proposal
- Sell the 10 billion newly minted tokens across 37 sequential calls into the TOP/WETH Balancer V1 pool - necessary because Balancer V1 enforces a per-swap output cap of 1/3 of the pool's reserve
The attacker submitted, approved, and executed the mint, then drained the pool - all within a single block. The 37 swaps yielded a gross return of 944 WETH, and after deducting the 662 WETH acquisition cost, the net profit was approximately 281 WETH (~$472K).
The vulnerability was not a code bug. It was a governance design flaw: a DAO with no execution delay, no security council, and no mint cap, leaving it exposed to anyone willing to spend enough capital to acquire a bare majority of its governance token.
This attack pattern is not new. We have seen similar incidents where attackers scan for legacy DAOs with low activity, purchasable governance majorities, and enough liquidity to convert minted tokens into value. These contracts are, in practice, open bounties waiting to be claimed.
This is exactly why we keep building @anticapture : to protect protocol access control attacks, like this one.
Get in touch. contact @blockful_io
What does AI safety look like when you're building from here?
What gaps does global research miss?
Community talk on AI Safety + Cybersecurity at Ethereum Hub - warmup for the Global South AI Safety Hackathon.
🗓️ Jun 12 · 7pm · Floripa
RSVP: https://t.co/XyU0H2xJ1n
This thread is part of our monthly delegation activity update.
This edition covers our delegation activity for May 2026.
We document where blockful acted as a delegate, what we did, and why it matters for governance continuity and security.
🧵👇
All four collapse into one operational question: can someone other than the user decide the user's fate?
If the answer is yes, the label attached to the risk category does not change what needs to be mapped.
How exactly that power can fail, and who absorbs the loss when it does - those are the questions that matter.
The taxonomy is useful for communication.
It is not a substitute for the analysis.
Last week, Crypto Beyond Market Cycles brought us back to first principles.
With @0xkkonrad from @joinpeanut and @theZeugh from @blockful_io, we talked about crypto origins, p2p cash, UX, regulation, monetary systems, and why people keep building.
Fireside Chat: TODAY
Why are we still here?
Not as a slogan, but as a real conversation about why crypto started, what it tried to change, and what still feels unfinished.
A discussion on p2p cash, crypto origins, UX, and why people are still building.
https://t.co/KECvVr664x
The Ethereum Security QF results are live.
To the 100+ people who supported Anticapture: thank you 🫡
And thank you to everyone who donated across the round. So many strong projects showed up.
Funding security is an ecosystem effort.
Thank you @Giveth and @thedaofund.
This Wednesday, blockful Research goes live to break down the @giddydefi exploit.
$1.25M was stolen, but the compromised key was only part of the story.
Set a reminder and join us live. https://t.co/KvqL7aUlwB
The Giddy incident was not only about a compromised keeper key. It also showed what can happen when an execution path carries more authority than it should.
Tomorrow, we’ll go through the case with blockful Research.