I am learning once again that simple software is maintainable software.
Yearning for a formal model of encapsulated and systemic complexity.
I have yet to see my AIs execute on this. Maybe I need to pay them more.
For me, this AI system finding a bug was a massive turning point.
Over the past years we've all seen AI breakthrough after breakthrough. But often those developments are abstract. Sure, AI can beat the world-champion at Go and Chess but I'm not even that good at those games.
But now, a well-orchestrated AI-fueled system can find absolutely *critical* bugs in a codebase which me and many brilliant people I personally know have thoroughly reviewed for years.
I believe humans will continue to play a role in software for a long time to come - but that role can't just make use of AI, it now *demands* usage. The AI-safety and EA-community was truly ahead of their time.
🧵Veria AI autonomously found and demonstrated a critical vulnerability in Aleo, finding a proof forgery in Aleo's snarkVM. The project awarded us the maximum bounty of $65,000 for the find.
Realised that over a 6 hour flight I've just witnessed more gruesome deaths (from the movies screening in front of everyone) than a hunter-gatherer in its entire lifetime.
@secparam Do you know any research for where FV engineering can have the biggest gains?
There are many properties one might care about. I'm all on team "FV proof system soundness", and we did plenty for Aleo. But FVing entire libraries E2E seems far away.
Where should we draw the line?
Private payments are getting easier and easier to use!
Made possible by:
- MPC-based signing powered by @sodot_hq
- robust delegated proving infrastructure by @ProvableHQ
- a new constant time & formally verified library for Aleo's Edwards BLS12 curve operations
Private payments just got a whole lot easier.
@dynamic_xyz, a @FireblocksHQ company, just became the first wallet provider in the world to support private payments through an embedded wallet, enabled by @AleoHQ.
No extensions. No seed phrases. Just login with an email and pay anyone, anywhere privately, available now to all Aleo and Dynamic builders..
Building wallet infrastructure has been a major barrier for mainstream businesses adopting private payment protocols. Dynamic on Aleo solves this.
Teams can now integrate private payments without building infra from scratch.
Enterprise-grade security combined with real privacy.
Read more about what this unlocks 👇
https://t.co/yiJONUcLeB
@timmustafin Looks like there's a lot of recent work on this (I wasn't aware yet)
- https://t.co/RDCfLn0Oa5
- https://t.co/acDKds3uz3
- https://t.co/7E6jivvMSw
Calling it now: all future open source software of significance will be formally verified
Libraries without it will be regarded like we regard websites without https - a comedic defiance
@luhelminger > The endgame is privacy guaranteed by cryptography.
And important point that most posts seem to miss, they rely on Validium rollups!
So private they don't market their privacy haha
Blockchains still broadcast every transaction publicly. Every stablecoin payment leaks the amount, the sender, and the recipient.
We’re excited to share that Tempo is building Zones for businesses that need privacy: private blockchains that are interoperable with the rest of Tempo for stablecoin use cases like payroll, treasury, and settlement.
By representing all encrypted state as fixed-size merkle trees, and by creating ZK-proofs of encrypted state equivalence, this issue has now been resolved. :)
You can read more here:
- https://t.co/4z4iPzqTAP
- https://t.co/wBcsIr0ER5
"Most private systems give up on interoperability and shared liquidity"
Indeed, but let me share a few interesting design choices which let @AleoHQ overcome this! 🧵
Privacy on blockchains today usually comes with a bad tradeoff.
Public chains expose sensitive business data despite pseudonymity and most private systems give up interoperability and shared liquidity or create operational complexity.
Zones are built to give businesses privacy without cutting them off from the rest of Tempo.
For a long time, DeFi applications on Aleo could not dynamically call contracts to access liquidity - because encrypted state was not constant size.
Want to do 10 contract calls with 10 different record types? That'll be 10 different circuits please.
Very expensive to handle!
Drift Protocol, one of the leading perpetual DEXs on Solana, has been hacked for approximately $213M. This makes it the biggest hack of 2026 so far, and one of the largest ever on the Solana blockchain, right behind the Wormhole Bridge exploit of 2022.
The full details of the attack are still unfolding, but from what I understand so far, the multisig controlling the protocol was compromised, potentially days or even weeks before the funds were actually drained.
Either the attackers directly stole enough private keys to meet the multisig threshold, or, more likely, they compromised several machines belonging to multisig signers and tricked the operators into approving a malicious transaction. The signers may have believed they were signing a legitimate operation while unknowingly authorizing the drain.
This modus operandi is similar to the Bybit hack last year, widely attributed to DPRK-linked actors. The pattern is becoming familiar: patient, sophisticated supply-chain-level compromise targeting the human and operational layer, not the smart contracts themselves.
This is yet another wake-up call for the industry. We need to collectively raise the bar on security:
- Better detection mechanisms at the network and endpoint level to catch compromised environments before they can be weaponized.
- Secure key management with proper governance, hardware-backed signing, operational procedures that assume individual machines can be compromised.
- Clear signing: ensuring that signers always have full, human-readable visibility into what they are actually approving.
Ultimately, security is not just about code audits. It's about giving operators and users the right information at the right time, so they can make informed decisions about what they sign.
Stay safe.