Zerodartz🛡

⚠️ New "IronWorm" supply-chain attack: 30+ npm packages from @ asteroiddao shipped a malicious Rust binary firing on preinstall. It sweeps 86 env vars + 20 credential files (AWS, GCP, Vault, npm, plus AI keys like Anthropic & OpenAI), hits Exodus wallets, hides behind an eBPF rootkit, and beacons over Tor. Self-propagates via npm Trusted Publishing OIDC, with backdated commits faked as claude/dependabot/renovate.

> be zcash > one of the most carefully built privacy systems in crypto > cryptographers, auditors, the actual best people in the field > then, a bug surfaces > it was sitting in two lines of code the whole time > “looks obvious in retrospect” > it always does > this is not a zcash problem but a problem for every piece of software ever written > smart people write code, smart people review it, but bugs ship anyway > enter the doom take > ai is now insanely good at finding bugs > faster than humans, at scale > “if machines find every bug then nothing is safe and trustless anything is dead” > mfw the thing everyone is scared of is the thing that saves us > enter formal verification > instead of writing code and testing it > you write down exactly what it should do, in math > then you PROVE it, with a proof a computer checks > been around since the 1950s > not new > testing only checks the cases you thought of > the bug lives in the case you didnt > a proof covers every possible input at once > all of them > if any input misbehaves the proof just fails > you cant ship broken and not know > the zcash bug under formal verification is not a subtle thing someone has to spot but a hole in the proof > proof doesnt complete > you find out BEFORE anything ships > not 4 hours into a thread on a saturday > “ok so why doesnt everyone do this” > used to be slow and brutally hard > lived in aerospace + chip design + nuclear > writing proofs by hand = serious expertise + serious time > then ai showed up > plot twist > the exact skill that makes ai scary on offense > reasoning through huge amounts of low level detail fast > is the skill that makes formal verification finally cheap > ai writes the code AND the proof > humans keep the one job that matters: deciding what “correct” means > crypto cares more than anyone > normal software patches the bug and moves on > crypto code holds the money > crypto code IS the rules > being wrong is public and usually permanent > highest stakes, worst margin for error, perfect fit for proving > SO > while the timeline argues about whether ai killed security forever > some people are building for the other outcome via ai enhanced formal verification > ai-assisted formal verification proven onchain can securely house ALL public software, this is the S in CROPS !!