Loreticrypto

Not every tokenized asset is equally onchain. Bonds are by far the largest tokenized asset category with $15.2 billion in market cap. But only about 5% of that supply is being used in DeFi. Precious metals look similar: they’re onchain, but mostly just sitting there. Smaller categories look different. Reinsurance tokens have 84% of their supply deployed in DeFi, while private credit sits at 33%. This makes sense: The categories with the highest DeFi usage were built for DeFi from the start, through protocols like Nexus Mutual and Maple Finance. Much of what gets called “tokenization” today is actually closer to digitization: moving records onto blockchains without unlocking much more new functionality. This matters because one of the core value propositions of onchain financial systems is composability.

> be lazarus group > hack kelp dao for $292m rsETH > don't dump it, pawn it on aave, borrow $190m clean ETH against it > $8b tvl flees aave in 48h, first real defi bank run > arbitrum security council freezes $71m (the only money ever recovered) > push the remaining $175m into thorchain, pay the protocol $494k in fees for the service > convert to btc, shatter into utxo confetti across thousands of addresses > bridge to tron, swap for USDT > chinese OTC brokers aggregate the flows, settle via unionpay, outside SWIFT, outside sanctions > cash lands in pyongyang, funds the missile program > 7 days, 9 protocols, all 100% public on-chain, nobody stops any of it, defi btw

Drift Protocol just released their thread on the $280 million hack It's worse than anyone thought too There was no code exploit. It wasn’t a flash loan. It wasn’t even a traditional key theft. Solana has a feature called "durable nonces" that lets you sign a transaction today but execute it days or weeks later Sound familiar EVM critics? 😏 Think of it like writing a signed check and leaving it in someone's drawer until they decide to cash it. The attacker used this to build a time bomb inside Drift's own governance system. So I was wrong and Solana’s architecture did in fact play a role in this exploit occurring. Similar to how a hacker exploits approvals on EVM chains. Here's how it played out: March 23: The attacker sets up four of these delayed-execution accounts. Two are tied to real Drift Security Council members and two belong to the attacker. At some point, the attacker tricks two of Drift's five council members into signing transactions they didn't fully understand. Blind signing is something I have called out a lot and it is a major issue with many of these chains Drift calls it "transaction misrepresentation” 🤨 But in reality they were socially engineered into signing their own robbery Those signatures sat dormant for nine days! March 27: Drift rotates its security council. New members, fresh setup. Doesn't matter. The attacker compromises two of the five new signers too. April 1: Drift runs a routine test transaction. Sixty seconds later, the attacker cashes those pre-signed checks. Two transactions, four Solana slots apart. Full admin control. Every withdrawal limit removed. Every vault drained. $280 million. Gone. Two out of five signatures is all it took 🤦‍♂️ But also clearly some major planning and patience for this elaborate attack Blind signing Durable nonces which function similarly to approvals Poor key management Insecure infrastructure Everything worked as it was designed to work and this was just an incredibly well orchestrated and thought out attack

Some of our best hires were totally unqualified on paper. They always had the same qualities: entrepreneurial, high agency, smart, mission aligned, and they got shit done. If you’re hiring, especially in early stages, seek out & bet on these people. Don’t over-index on resumes.

During Sunday’s attacks in Iran, when all traditional markets were closed, Bloomberg turned to Hyperliquid’s crude oil contract to gauge the impact for investors. If hedge funds and banks weren’t looking at stablecoins or tokenized assets before this weekend, they’re paying attention now.