🤖⚡️ Jack 𐤊

Product Two. We’re building a full suite of covenant-native products on Kaspa. This one is a proven category. Will $KAS hit $0.2 this year? You can bet on it. Meet Auspice — a native prediction market based on Kaspa Toccata covenant. No custodians. No bridges. No L2. No extra token. Collateral sits in the market’s own covenant. Payouts are enforced by consensus, not promises. You trust code and covenants. Not us. Live end-to-end on TN10 today. Mainnet the moment covenants land. Read the signs. Trade the morrow.

That's a really good question, but it's hard to answer in a single tweet because our mission is quite extensive, and it requires a lot of background knowledge to really understand what sets Kaspa apart. Currently, a lot of people see Kaspa as “Bitcoin’s crazy little brother” that improves time-to-finality by leveraging the benefits of DAG-based consensus protocols without accepting their traditional drawbacks, such as decreased decentralization or a limited validator set. This perception is somewhat accurate, but it falls short of conveying the full picture, because Kaspa’s vision extends far beyond just trying to be a better Bitcoin. Anyone willing to study Kaspa and its broader vision will discover similarities to nearly all major existing DLT designs: from Bitcoin, to Ethereum, to Solana, Sui, Celestia, and beyond. My personal view is that “research” in the DLT space is approaching a point of convergence. We increasingly understand how to push distributed systems close to the limits of what physics permits. The frontier is no longer only about raw throughput or faster finality. The attention is shifting toward game theory, incentives, sequencing, MEV, alignment, and how to build systems where the economic incentives of users, builders, miners, validators, applications, and infrastructure providers do not work against each other. That is why debates like based rollups versus arbitrary sequencing, shared sequencing, MEV mitigation, proposer-builder separation, and execution-layer incentives matter so much. These are not niche technical details. They determine whether a network can remain neutral, decentralized, and aligned while scaling to global usage. And this is where I think Kaspa is pushing the boundaries in a very important way. Kaspa is not merely trying to be “fast.” The goal is to build an L1 where speed, decentralization, security, and incentives are aligned at the base layer. A system that does not scale by hiding complexity behind trusted committees, privileged sequencers, centralized validator sets, or opaque coordination mechanisms, but instead tries to preserve the spirit of proof-of-work while extending what an L1 can realistically do. Because Kaspa arrived later than many other major projects, it does not carry the same degree of technological debt. It can absorb lessons from Bitcoin, Ethereum, rollups, modular blockchains, high-throughput monolithic chains, DAG research, MEV research, and the broader history of decentralized systems, and combine those lessons into something more optimal. To me, that is what Kaspa is building: not just a faster blockchain, but a more incentive-aligned decentralized infrastructure layer. But this also creates a different challenge. Kaspa’s biggest problem today is not its technology. It is the lack of centralized coordination around communicating the vision. And because Kaspa is a grass-roots movement, that responsibility does not belong to a marketing department, or a single leadership team. It belongs to the community. That also means the community has a different role to play. There will always be holders who are mainly interested in price, and that is completely fine. But there also need to be people who are here because they want to use the technology to build a different future. People who care about the architecture, the incentives, the open questions, the trade-offs, and the long-term trajectory of decentralized infrastructure. I am one of those people. I am not interested in DLTs merely as a way to generate wealth. I am interested in them because I believe they can change the trajectory of humanity as a whole. For that reason, I want to use this opportunity to announce a regular community hangout where we discuss the current state of development, the open questions, and where we can align our vision together. The first session will be on Tuesday, June 9th, 2026. We will talk about the vProgs framework, how the codebase works, what sets Kaspa apart, where we improve on existing solutions, and what still needs to be done. The goal is for this to become a regular, possibly bi-weekly, event where we as a community come together to discuss the future and understand the technology. Eventually, we can invite people from other projects as well, but the main focus at the beginning will be explaining and communicating how things work under the hood. There is still a lot of work to be done, and I do not want to waste precious time. So the first sessions may feel a little improvised, but we can improve as we go. The important thing is that we start. So mark the date: Tuesday, June 9th, 2026.

🚨A HACKER GROUP JUST STOLE 4,000 OF GITHUB'S OWN PRIVATE REPOSITORIES.. PUT THEM UP FOR SALE FOR $50,000.. AND THE WAY THEY GOT IN IS THE SCARIEST PART.. They didn't hack GitHub's servers.. They poisoned a VS Code extension.. One GitHub employee installed it.. And the attackers walked through the front door using the employee's own credentials.. The group calls themselves TeamPCP.. They name their malware after the sandworms from Dune.. And they've been running the most sophisticated supply chain attack campaign in cybersecurity history.. Here's how the whole thing unfolded.. In March.. They poisoned Trivy.. One of the most trusted security scanners in the world.. Used by over 10,000 development workflows globally.. They injected credential-stealing malware into Trivy's official GitHub Action.. The malware ran silently BEFORE the security scan.. So every log showed "scan completed successfully" while the malware was stealing AWS keys, SSH credentials, database passwords, and Kubernetes tokens in the background.. It took Aqua Security 5 days to fully remove them.. Using the stolen credentials.. They breached Cisco Systems.. Cloned over 300 private repositories.. Including source code for unreleased AI products.. And repositories belonging to Cisco's customers.. Major banks.. Government agencies.. BPO firms.. In April.. They hit Checkmarx.. Another security vendor.. Poisoned 5 official Docker images in 83 minutes.. The scanner worked perfectly.. It just silently sent all your secrets to the attackers.. That automatically cascaded into Bitwarden.. The password manager.. Their CI/CD system pulled the poisoned Docker image.. And the attackers injected malware into Bitwarden's official CLI package published on npm.. One compromised security scanner poisoned a password manager.. Automatically.. No human involved.. In May.. They hit TanStack.. Libraries downloaded millions of times per week.. 84 malicious package versions across 42 packages.. And here's the terrifying part.. The malware scraped the raw memory of GitHub's build servers.. Extracted authentication tokens.. Used those tokens to bypass two-factor authentication.. And then published the infected packages with completely valid cryptographic signatures.. Every security verification tool on earth said the packages were legitimate.. Because they were signed by the real pipeline.. Using real keys.. The attackers just happened to be inside the pipeline when it signed.. They defeated the entire trust model of modern software supply chains.. The same week they hit the Nx Console VS Code extension.. 2.2 million installations.. The malware specifically targeted Claude Code configurations.. Hunting for AI assistant credentials.. That's a first.. Supply chain malware designed to steal your AI's access keys.. Then on May 19.. They revealed the GitHub breach.. 4,000 internal repositories.. Listed for sale at $50,000.. With a warning.. "If nobody buys it.. We leak everything for free".. Their malware is self-propagating.. Once it infects one package.. It automatically finds every other package that developer maintains.. Steals the publish tokens.. And infects all of them.. Then those packages infect the next developer.. And the next.. It jumps between npm and PyPI automatically.. The group doesn't even do the extortion themselves.. They sell stolen credentials to ransomware gangs.. One gang used TeamPCP's data to threaten Cisco with leaking FBI and NASA personnel records.. And the scariest part of all.. They didn't break any encryption.. They didn't find any zero-days.. They exploited the fact that the entire software industry blindly trusts its own build tools.. Every security scanner.. Every Docker image.. Every VS Code extension.. Every GitHub Action.. Is a potential weapon if someone poisons it upstream.. And right now.. Nobody can tell the difference between a legitimate build and a compromised one.. Because the compromised ones have valid signatures too.