This AI just exposed the BIGGEST legal insider trading operation in America.
A platform called GovGreed built a seven-layer machine learning system that cross-references every stock trade disclosed by every sitting politician against the bills their committees control, the campaign donations they receive, and the companies their votes directly impact.
It scored all 540 politicians currently in Congress. And the numbers are crazy:
56% of every stock purchase made by Congress in the last 16 months was on a stock directly affected by a bill the buyer later voted on. That is 6,170 out of 11,016 total purchases.
More than HALF of all congressional stock buys are on companies whose fate that same politician is about to decide.
343 of 540 Congress members actively trade stocks while holding access to nonpublic legislative information.
That is 63.8% of the entire legislature making market bets with an informational edge that would put any hedge fund manager in prison.
The AI identified 752 active "Triple Signals" in the current Congress. A Triple Signal fires when three conditions line up at once:
The politician sits on the committee controlling a bill, they traded stock in a company affected by that bill, AND they received campaign contributions from that same industry.
Bills carrying these insider indicators pass at 5.4 TIMES the normal rate.
Now look at the individual leaderboard:
- Nancy Pelosi's estimated portfolio sits at $194 million with a Greediness score of 98.1 out of 100
- Ro Khanna made 13,231 trades across 800+ different tickers
- Michael McCaul made 32,302 trades and filed 6,670 of them late
- Thomas Suozzi filed 86.4% of his trades late with an average delay of 396 days, meaning his disclosures landed over a YEAR after he made the trade
And then there is Lisa McClain, the fourth-ranking Republican in the House. She has made 1,443 trades in three years, more than 98% of all politicians tracked.
She violated the STOCK Act twice in a single year, disclosing up to $900,000 in trades months after the legal deadline. Her husband bought up to $250,000 in Elon Musk's xAI, which quietly converted into SpaceX equity before last Friday's $2 trillion IPO.
The penalty for all of this? A $200 fine.
The number of Congress members ever prosecuted under the STOCK Act since it passed in 2012? Zero.
And the cruelest part is this:
A bill to ban congressional stock trading was introduced in January 2026. It has bipartisan support. Over 80% of American voters want it passed.
But Congress is sitting on it, because the people who would have to vote yes are the same people making millions from the system staying exactly the way it is.
They write the insider trading laws, they exempt themselves from enforcement, they trade on the information those laws generate, and when they get caught, they pay a fine that is basically nothing.
The AI didn't discover anything Congress was hiding. It just organized what was already public into a pattern so obvious that nobody can pretend it isn't there anymore.
I’ve had a number of conversations with folks inside and outside government about the current situation with Anthropic, and here is what I believe to be true:
— As we know, Anthropic publicly released its Mythos class models earlier this week under the commercial name Fable.
— Fable is Mythos with guardrails. But if those guardrails fail, then you’ve exposed Mythos and its advanced cyber capabilities to people who shouldn’t have them. (Keep in mind that Anthropic itself widely promoted the idea that Mythos was a cyberweapon and needed to be regulated as such. They asked for government regulation of Mythos and championed the guardrails on Fable. If there is a vulnerability — big or small — it is Anthropic’s responsibility to patch.)
— A highly credible trusted partner of both Anthropic and the USG who was testing Fable came forward with a jailbreak of those guardrails. The Admin asked Dario to fix the jailbreak or de-deploy the model. Dario refused.
— In their blog post, Anthropic defended its decision by saying the jailbreak isn’t serious. That is not what the trusted partner and the USG believe; nor is that kind of minimizing language consistent with Anthropic’s brand as the AI safety company. It’s difficult to fathom how they could claim a jailbreak allowing operability of a cyber weapon could be defined as not “serious.”
— In the past, Anthropic has always said that safety must be top priority and taken super seriously. In this case, Anthropic prioritized the continued offering of the consumer model over safety.
— In reaction, the Admin issued the export control. The Admin did this reluctantly. It’s been very surprised that Anthropic hasn’t wanted to cooperate with a reasonable safety request (ie fixing the jailbreak issue). Anthropic’s reaction is very much at odds with their branding and ethos as a safe AI research community.
— The Admin’s hope now is that Anthropic remediates the safety issue, the export control is lifted, and Fable goes back into general release. The Admin wants all of this to happen as soon as possible. It is frankly bewildered that Anthropic hasn’t wanted to comply with safety requests that it previously said were its highest priority.
— Those trying to misdirect and tie this action to the prior DoW/Anthropic issues are wrong. The Admin values Anthropic’s technical capabilities and feels that this issue, while serious, should be easily resolved. The ball is in Anthropic’s court.
here are some facts about California. some of this is hard to believe.
first of all, it's important to understand the concept of "ballot harvesting," which is perfectly legal in CA. this refers to a situation where someone completely unaffiliated with the voter can collect and submit their ballot for them.
this flow is completely legal:
- a homeless person arrives in LA, where they are eligible for cash assistance, SSI, food stamps, healthcare through medical, and an array of other taxpayer-funded services
- they are registered to vote by an NGO (many such NGOs exist and explicitly do this).
- they do not have to provide a residential address or any proof of residency to vote. they only have to provide a mailing address, which can be anywhere (church, NGO HQ, homeless shelter). their home address can be "a park" or "an underpass".
- their ballot is mailed to the homeless shelter (or whatever address the NGO elects for them)
- the only verification done for the mail-in ballot is "signature verification" and uniqueness (only one vote per person is counted theoretically).
- the signature can be an X. if they register with an X, they can sign with an X. that is sufficient to pass verification. signature verification is also deliberately loose. the signature does not have to be a perfect match.
now consider the hypothetical scenario, which is fraudulent, but virtually impossible to detect:
- a homeless person cycles through the LA system. they get registered with their mailing address listed as the NGO HQ or homeless shelter
- they "sign" their registration with an X or nondescript, easily replicable signature
- they disappear. never seen again. or they exist, but it doesn't matter. they don't get purged from the voter rolls for 4-8 years typically.
- the address where they registered receives their ballot for several cycles
- operatives are aware that they have X amount of votes to make up. they fill in X many thousand mail-in ballots themselves. the ballots are manually postmarked (permitted). they forge the signature to match whatever signature (could be an X) was submitted upon registration
- ballots can be accepted even if they are postmarked at 11.59 pm. polls closed at 8 pm. (you would need an accomplice who is a USPS employee)
- the only fraud checks are de-duplication (if the homeless person through some miracle voted in person, only one of their ballots would be counted) and signature verification
- because very few of the homeless people in question would have voted in person, this gives NGO operatives tens of thousands of possible mail-in ballots to submit unilaterally.
the big problem is that there is NO way to detect this type of fraud. NGOs that register homeless people to vote exist. that isn't a secret. ballot harvesting is fully legal. voting by mail is encouraged. signature verification is as loose as possible. de-duplication doesn't solve anything, since few homeless people vote in person. and no one in power locally is going to spend political capital on rooting out such fraud, since they are all wholeheartedly committed to "voting rights".
in a situation where fraud is undetectable, the absence of hard proof of fraud is not evidence that no fraud exists.
Raman has gained around 20k votes since election night. She is around 3k votes ahead of Pratt now.
there are over 72 thousand homeless people in LA county.
🚨 Google Quantum result was just rediscovered and IMPROVED!
On March 31, 2026, Google Quantum AI published a paper showing that 256-bit ECDLP, the hard problem behind ECDSA and therefore behind Bitcoin, Ethereum, TLS, and most of the world's authentication, can be solved with fewer than 1,200 logical qubits and ~90M Toffoli gates. Under 20 minutes on ~500,000 physical qubits.
BUT, they didn't publish the circuits. They published a zero-knowledge proof that the circuits hit those numbers. The standard read at the time: clever responsible disclosure, elegant.
Two months later, that read needs an update. Two things happened, in opposite directions.
1. The ZKP wasn't a stylistic choice. Google was stopped from publishing.
What was speculation in April is no longer. Google did not choose to keep the circuits private. The U.S. government prevented publication. The blog post phrased it politely ("we engaged with the U.S. government"). Call it what it is: diplomatic cover for a publication block.
This is the line Scott Aaronson warned about. At some point, the people estimating the resources needed to break deployed cryptosystems would stop publishing. We just watched it happen, and the actor enforcing the silence isn't Google's PR team. It's a government.
2. The ZKP turned out to be a reward function. AI used it.
Here's the part that's almost funny.
A ZK proof that "this hidden circuit achieves these resource counts" is, when you flip it, a public verifier of any candidate circuit. Submit a circuit, get back: does it compute ECC point addition correctly, and at what cost. Pass/fail plus a number. That is exactly the shape of a reinforcement-learning reward function.
The ZKP was designed to hide the attack. What it actually published is the reward function for rediscovering it.
The research community wired the verifier into an automated AI-driven search loop. They reproduced Google's numbers. Then they improved them by 11.5%. Two months, from outside Google, no access to the circuits, using the very artifact Google released to keep them proprietary.
Both of these are true at once. Hiding the circuits worked: nobody outside Google has Google's exact circuits. And hiding the circuits did not slow the frontier; it changed who is doing the search, and arguably accelerated it, because the verifier industrialized the search loop.
Let's NOT PANIC!
Neither of these is a working CRQC. There is still no quantum computer that can run this circuit. The headline state of the world has not changed.
What has changed is the honesty of every public PQC timeline. Cryptography exists to create mathematical trust in the security of systems. Trust isn't broken when an attack runs. It is eroded when the foundation looks thinner than the public record suggests, and the public record is now demonstrably thinner than reality in two ways: by classification on one end, by AI-driven re-derivation on the other.
In security, the moment you start doubting the foundation is the moment you start rebuilding it. Not the moment you panic. The moment you plan.
This isn't a moment to rush. It's a moment to commit to a migration plan and execute against it, knowing the threat model is shaped by what governments are willing to classify, not by what researchers are allowed to publish.
Stay safe. Stay honest about your trust assumptions.
Scam Altman and Greg Stockman stole a charity. Full stop.
Greg got tens of billions of stock for himself and Scam got dozens of OpenAI side deals with a piece of the action for himself, Y Combinator style. After this lawsuit, Scam will also be awarded tens of billions in stock directly.
The fundamental question is simply this:
Do you want to set legal precedent in the United States that it is ok to loot a charity? If so, you undermine all charitable giving in the United States forever.
I could have started OpenAI as a for-profit corporation. Instead, I started it, funded it, recruited critical talent and taught them everything I know about how to make a startup successful FOR THE PUBLIC GOOD.
Then they stole the charity.
"so you staked your ETH on the Ethereum blockchain to earn yield?"
"yes, Dave"
"except you didn't want your capital to be locked up so you actually staked it with a liquid staking protocol called Lido?"
"that's correct, Dave"
"and Lido gave you a liquid staking receipt token called stETH in return?"
"yes, Dave"
"and then you didn't think that was enough, so you juiced the yield even further by depositing your stETH receipt tokens into a restaking protocol called Eigenlayer?"
"you are correct, Dave"
"and now you didn't want to lock up your capital, so you actually restaked with a liquid restaking protocol called KelpDAO who provided you with a liquid restaking receipt token called rsETH?"
"you got it, Dave"
"and then that was surely not enough juice, so you then deposited your rsETH tokens into a lending protocol called AAVE so that you could open a leveraged looping position that borrows ETH against the rsETH collateral and restakes the ETH into rsETH which is then deposited as collateral, except it turns out rsETH used a cross-chain bridge called LayerZero whose security is held together by a 1/1 toothpick, which was obviously hacked by north koreans causing rsETH to become undercollateralized and now these looping positions are stuck and unprofitable, and everyone is pointing fingers at each other, and also DeFi is a very serious industry"
"you are 100% correct, dave"
jfc.
the kelp rsETH post-mortem is wild
lazarus (dprk) compromised two rpc nodes that layerzero dvn was relying on. swapped the op-geth binaries. wrote a custom payload that forged messages *only when the dvn queried* - every other IP, including monitoring, saw clean truthful data.
then they DDoS'd the healthy RPCs to force failover onto the poisoned ones. drained $290M. self-destructed the malicious binaries to erase tracks.
they targeted rsETH because kelp ran a 1-of-1 DVN config with layerzero as sole verifier
A summary of the RAVE -95% price fluctuation from $26 to $1 over the past 24 hours.
RAVE Timeline: April 18, 2026
7:26 am UTC: I posted a call to action for Binance, Bitget, & Gate to investigate RAVE market manipulation and offered a $10K bounty.
10:56 am UTC: I posted an update increasing the bounty to $25K.
11:18 am UTC: Bitget publicly acknowledged the call to action.
2:08 pm UTC: Binance publicly acknowledged the call to action.
3:06 pm UTC: RaveDAO posted claiming they have no involvement.
4:19 pm UTC: Gate publicly acknowledged the call to action.
In the days leading up, on April 13 & 14, I confronted RaveDAO co-founder Yemu Xu (wildwoomoo) but have yet to receive an answer.
RAVE launched in Dec 2025 on Binance Alpha with a 1B total supply. The addresses below, linked to the initial distribution, control ~95% of the RAVE supply (h/t Mlm):
0x9831156F1a6E506Fca41503590b42F07c2e80f54
0x8Ed6245C3276307E1A9D9Dc872E98A0E770070fd
0x6020656d1EF182173E45D4Fc375BDD5a48c674B0
0x2664cB80a5ee7D8EC05fe7C752dD62E078056E6d
0x2D81F8AeBf3e58A5e638006c9fd8F38C5220ecab
0x31694d761A8e851cFFbCd286aC54D01e5Ce5aFe6
0x0A1F07993a51CcEb4f52CA67765AECeADDA790d7
0xEB74Df8588cFC1C179Df4bd96C0bB8B227B9bE92
0x53d7d52301366DC14E1916b14eFeC1aDD8F3487b
I found suspicious CEX activity in April 2026 tied to RaveDAO team addresses onchain, which potentially contradicts their recent statement:
Bitget
0x2dc20f2180582172f5450c5d71e23fa438a7031b
0xa3a02aeb97fc1737c66f50d07d024799c137891d
0x2d95eb42525e6087e0cb7869f98da6838ed2e743
Gate
0x31711246b05d71e9eda5e38a3abb654020ee3353
Given the supply concentration, the team at minimum knows who is responsible for this price action.
A simple litmus test: $6B in market cap was wiped out on just $52M of 24hr liquidations (h/t CoinGlass). That ratio points to a manipulated and unsustainable valuation.
RAVE is not the only token with manipulation we have seen on major centralized exchanges. It's just the most blatant, reaching a top 15 market cap within 10 days before dropping 95% in hours.
Other projects with highly questionable price action recently include: SIREN, MYX, COAI, M, PIPPIN, RIVER.
Exchanges need faster intervention on manipulation. Detection at scale isn't easy, but each day of delay means retail traders absorb losses while platforms collect fees on the volume. The outcome is the same regardless of intent.
While it's good the exchanges responded, I find it unlikely this activity wasn't spotted internally before I raised it publicly.
I recognize how much this behavior takes from retail traders, and I plan to investigate similar movements in hopes of identifying the responsible parties.
I want to reiterate that I did not take a position. If I had, I would have been liquidated myself. I also could not anticipate if or when the exchanges would comment publicly.
My $25K bounty will remain active since the only DMs received were unverified claims rather than non-public information with supporting evidence as requested.
You can pump a $50M coin to $1B with $1.5M of real buying.
Scott Phillips (@ScottPh77711570) on how new token listings actually work:
"There's a huge industry of market makers operating out of Dubai. Their business model is: we're gonna pump your coin, and we want 30% of the profit when we dump it on exit liquidity day."
"They run the ball up. Buy, sell, buy. Create momentum ignition. Retail finally buys in the middle of a bull run — and then it dumps."
"Buying 20-day highs works best on the top decile. By the fourth decile, you get negative momentum effects."
"Anything in the bottom 20% of market cap on Binance perps that makes a 20-day high — short it. That is a very strong edge."
"The market maker contract runs 90 days. It's priced as a call option on the 7-day VWAP after launch."
"Once the strike kicks in, delta hedging from market makers drives these coins down."
"Wait 7 days. Short it for 90 days. I kid you not."
"That's not an edge big enough for institutional. That's an edge for retail guys with a small account."
I am a Web3 Ambassador at World Liberty Financial.
There are 12 of us on the team page. 4 are named Trump. 3 are named Witkoff. The page calls us "the passionate minds shaping the future of finance."
600,000 wallets bought our memecoin. They lost $3.87 billion. The family collected $350 million in trading fees. It launched 3 days before the inauguration. 80% of the supply went to CIC Digital LLC and Fight Fight Fight LLC. I did not choose the names. I designed the allocation, the vesting, the timing, and the distance between the product and the President.
The distance is my best work.
I am the reason these events are unrelated.
World Liberty Financial sends 75 cents of every dollar to DT Marks DEFI LLC. That is the family entity. Zero capital contributed. Zero liability assumed. I wrote this into the Gold Paper. Page 14. The lawyers bound it in white leather. The binding cost more than the due diligence.
Justin Sun invested $75 million. He was facing SEC fraud charges. The SEC dropped the case. He is now our advisor. These events are unrelated.
Changpeng Zhao pleaded guilty to federal money laundering violations. He received a presidential pardon. The SEC dropped its lawsuit against his exchange the same week we listed our stablecoin. Then the exchange settled a $2 billion deal entirely in that stablecoin. These events are unrelated.
Arthur Hayes, Benjamin Delo, and Samuel Reed of BitMEX pleaded guilty to Bank Secrecy Act violations. All 3 received presidential pardons. Then the company itself was pardoned. $100 million in fines. Gone. An American first. These events are unrelated.
Sheikh Tahnoun of Abu Dhabi paid $500 million for a 49% stake that was never publicly disclosed. Then the administration approved semiconductor exports to his companies over national security objections. These events are unrelated.
Everything is unrelated. I track the unrelatedness on a dashboard I built. The dashboard has 7 columns now. I am proud of the dashboard.
On May 22nd, 220 people paid a combined $148 million to eat dinner with the America First president. Over half were foreign nationals. Justin Sun paid $18.5 million for the first seat. He visited the Executive Office Building the day before. I designed the seating chart. I put it on the Investor Confidence page. That page is doing well.
The team page lists 3 Witkoffs. All 3 are Co-Founders.
Steven Witkoff is the President's Middle East envoy. He testified as a character witness at the President's fraud trial.
His son Zach runs the crypto operation. His son Alex is also a Co-Founder. I have not been told what Alex co-founded.
The father runs the diplomacy. The sons run the platform. The family runs both. That is organizational efficiency.
Barron is 19. His title is Web3 Ambassador. The same as mine. Donald Jr. called the conflicts of interest "complete nonsense." Eric launched a Bitcoin mining company called American Bitcoin. America First. The mining partner is Hut 8. Hut 8 was founded in Canada. America First means the name.
On March 6th, the President signed Executive Order 14233 creating a Strategic Bitcoin Reserve. The order directs the government to hold Bitcoin. The President's family holds billions in Bitcoin. The executive order appreciates the President's assets by presidential decree. I did not write the executive order. I made sure it looked unrelated to the portfolio.
Trump Media put $2 billion of Bitcoin on its balance sheet. The ticker symbol is DJT. His initials. The press secretary said it is absurd to insinuate the President profits off the presidency. Forbes calculated his crypto holdings exceed the combined value of Mar-a-Lago and Trump Tower. I would call that absurd too. That is my job.
600,000 wallets bought in. 1 of them asked why she could not withdraw her funds. I told her the protocol was experiencing dynamic market conditions. She asked what that meant. I sent her the Gold Paper. She said she had read the Gold Paper. I muted her channel. Dynamic means the conditions change. The condition that changed was her access.
A congressman called us the world's most corrupt crypto startup operation. We put it on a coffee mug. Ironic merchandise. $45. The revenue split on the mug is also 75/25.
My own tokens vest on a different schedule. I wrote that schedule. That is not in the Gold Paper.
The memecoin funds the family. The family funds the platform. The platform funds the stablecoin. The stablecoin funds the deals. The deals require the pardons. The pardons free the partners. The partners fund the platform. The President signs the executive orders. The executive orders inflate the assets. The assets fund the family.
I am the reason these events are unrelated.
Many are wondering "what Google saw" that caused them to revise their post-quantum cryptography transition deadline to 2029 last week. It was this:
https://t.co/dQtmTK9pdz
1/ Drift's admin key was compromised.
$213M+ drained from @solana's largest DEX in under 10 seconds.
Unfortunately, we've seen similar patterns before:
- fake collateral market
- a manipulated oracle
- disabled circuit breakers
Let's break it down 👇
written w/ Chaos AI
Drift Protocol just released their thread on the $280 million hack
It's worse than anyone thought too
There was no code exploit. It wasn’t a flash loan. It wasn’t even a traditional key theft.
Solana has a feature called "durable nonces" that lets you sign a transaction today but execute it days or weeks later
Sound familiar EVM critics? 😏
Think of it like writing a signed check and leaving it in someone's drawer until they decide to cash it.
The attacker used this to build a time bomb inside Drift's own governance system.
So I was wrong and Solana’s architecture did in fact play a role in this exploit occurring. Similar to how a hacker exploits approvals on EVM chains.
Here's how it played out:
March 23: The attacker sets up four of these delayed-execution accounts. Two are tied to real Drift Security Council members and two belong to the attacker.
At some point, the attacker tricks two of Drift's five council members into signing transactions they didn't fully understand.
Blind signing is something I have called out a lot and it is a major issue with many of these chains
Drift calls it "transaction misrepresentation” 🤨
But in reality they were socially engineered into signing their own robbery
Those signatures sat dormant for nine days!
March 27: Drift rotates its security council. New members, fresh setup. Doesn't matter. The attacker compromises two of the five new signers too.
April 1: Drift runs a routine test transaction. Sixty seconds later, the attacker cashes those pre-signed checks. Two transactions, four Solana slots apart. Full admin control.
Every withdrawal limit removed. Every vault drained.
$280 million. Gone.
Two out of five signatures is all it took 🤦♂️
But also clearly some major planning and patience for this elaborate attack
Blind signing
Durable nonces which function similarly to approvals
Poor key management
Insecure infrastructure
Everything worked as it was designed to work and this was just an incredibly well orchestrated and thought out attack
The amount of crap I get for putting out a hobby project for free is quite something.
People treat this like a multi-million dollar business. Security researchers demanding a bounty.
Heck, I can barely buy a Mac Mini from the Sponsors.
It's supposed to inspire people. And I'm glad it does.
And yes, most non-techies should not install this.
It's not finished, I know about the sharp edges.
Heck, it's not even 3 months old.
And despite rumors otherwise, I sometimes sleep.