Matt lander

Lets be real. This story does not add up. First you said private keys of one Foundation member were compromised. But that version already conflicted with your own GitHub docs, where BMToken mint and ProxyAdmin control are described as protected by a multisig Safe. Then a few hours later the story changed. Now you say 3 of 5 BSC Safe owner keys and 3 of 6 Hyperlane Safe owner keys were compromised. That is not a simple employee laptop hack. That is full multisig quorum compromise on two different Safes. So here are the real questions. How did one laptop compromise enough keys to pass 3/5 and 3/6? Why were multiple signer keys in the same operational setup? Were these Safe signers actually independent, or was one person controlling multiple keys? Were the signer keys on hardware wallets or hot wallets? Where are the Safe tx hashes for ProxyAdmin transferOwnership? Where are the upgrade tx hashes? Was there any timelock on ProxyAdmin upgrades? If not, why? Why is the malicious implementation still unverified? And all of this happened 16 days before a major $H unlock, while the same team already launched Everything and raised $6.9M seed through Humanity Investments. I am not saying this is proven. But from the outside, this does not look like a normal hack. It looks like possible insider involvement, or at minimum catastrophic key management disguised as multisig security. Publish the actual data: Safe tx hashes, transferOwnership history, upgrade tx hashes, malicious implementation address, signer list at least anonymized, and full forensics report. Without that, the community has no reason to accept the current story.

I agree that at the token standard level, erc-223 looks much cleaner. And yeah, the Ethereum Foundation fumble also explains pretty well why adoption has stayed close to zero for 9 years. But even with the 7417 converter, how do you realistically migrate meaningful liquidity and major tokens without creating yet another layer? Are there already any TVL numbers from projects successfully using a 1:1 wrapper in production? erc223 sounds promising as a real test. I am curious how you plan to bootstrap liquidity. I am all for fundamental security improvements, but migrating away from the de facto erc-20 standard is always an extremely hard coordination problem. I would be genuinely happy to see DEXx223 prove the ERC223 advantage in 2026-2027 across both liquidity and security. Following you. Hope you guys succeed.

«You disconnected the dApp. The approval stayed. Forever.» This is crypto’s hidden permission layer that lives for months and years after you’ve already forgotten about the transaction. You confirm an unlimited approval once - to quickly swap or mint an NFT. Wallet shows a green checkmark. Disconnect. Done. In reality, you just handed the contract an open line of credit on your entire token balance. And that credit never expires. Ever. Until you manually revoke it yourself. Revoke-cash explicitly states: if you don’t revoke the approval, a dApp can spend your tokens forever. Disconnecting your wallet changes nothing - the permissions remain active on-chain. The service supports Ethereum and 100+ other networks. MetaMask built review and revoke allowances directly into Portfolio (Ethereum, Polygon, BNB Chain, Optimism, Base). The market has acknowledged the problem. But it only solves it post-factum. In 2025–2026 this stopped being theoretical. SwapNet, January 2026: $13.43M drained through stale approvals. Users who had previously interacted with the aggregator and disabled One-Time Approvals remained exposed. Ekubo, May 2026: public reports described ~$1.4M WBTC drained from users with active token approvals after an EVM swap-router callback validation flaw. According to Scam Sniffer’s 2025 report: Permit and Permit2 attacks accounted for 38% of all losses in incidents exceeding $ 1M. The largest single theft was $6.5M through a malicious Permit signature. After Pectra and EIP-7702, a new authorization-layer risk emerged: a single malicious signature can delegate your account to a malicious contract and expand the attack surface far beyond a standard approve(). Drainer infrastructure operates almost instantly. Once the signature is given, the withdrawal is automated. An important point the market prefers to ignore. A hardware wallet protects your private key. The approval you already signed - it doesn’t. The attacker doesn’t need your private key. They got the permission earlier. And the technical layer almost nobody talks about: in classic ERC-20, a spender can front-run an allowance change transaction - spend the old limit before the update lands, then use the new one. OWASP classifies this as ERC20 Approval Double-Spend / Allowance Race. The problem is not that users forget to revoke. The problem is that wallets treat approvals as transaction metadata instead of persistent permissions with long-term consequences. The right architecture must work differently. Approvals must become a first-class security object inside the signing pipeline. An on-device firewall must check the intent before signing: - Does it have an expiry? - Amount limit or unlimited? - One-time use or permanent? - Who is the spender and what is their history? - Simulation: what will actually happen to your balance? The wallet should not just ask “Sign?”. It should ask the contract: “Who are you? Why do you need permanent access to my tokens? And what exactly are you going to do?” - and reject dangerous intent at the policy enforcement layer. Not post-factum revoke. Pre-sign policy enforcement. Only then will approvals stop being a hidden permission layer that attackers understand better than the users themselves. https://t.co/TC5RvdEtyn

Yep, I agree. The real issue is approvals at the standard level, and the SwapNet, Ekubo examples show that pretty clearly. ERC223 sounds great on paper, but the big question is: why is adoption still almost zero after 9 years? Even in 20026, almost all of DeFi, major DEXs, and wallets still run on ERC20. Would moving to ERC223 just create another fragmented ecosystem with low liquidity? I’m fully for removing approvals. I just think the more realistic path is temporary approvals for one tx, account abstraction + session keys, and on-device firewalls inside wallets.