5,000+ TPS No reorgs 1 second block time 5 second finality Unified bridge liquidity via Agglayer Everything is coming before end of this year. Much more next year. First hardfork which brings 5 second finality is going live within a month! All powered by POL.

x.com/i/article/1986…

what’s better, 200k bounty that has been paid out plenty of times or a 1m+ bounty that has never been paid? if someone made a dashboard of actual payouts, yearn would come out close to the top, with a strong track record of fruitful collaboration with whitehat researchers.

yETH Exploit Deep Dive After spending some time exploring the recent yETH exploit, I quickly realized that it's easily one of the most sophisticated attacks I've ever seen. In fact, it was so complicated that every writeup I read misunderstood at least some part of the attack.

Most protocols spend a lot on audits and bug bounties but have zero internal security Launching whohassecurity.com to highlight the ones that do Having an internal security team should be in every protocol's New Year's resolutions for 2026

🚨🇧🇷 A cybersecurity researcher from Brazil exposed a large scale scam operation by buying a "Ledger" hardware wallet off a Chinese marketplace — suspiciously cheap and the packaging looked original from a distance. Here's what he found after cracking the thing open: The

the DVN is only as strong as the signer set securing it did you also know that different DVNs can have the same signer set? and if they did ... the executor can replay the sig across both DVNs since there is no unique identifier which breaks the “two independent verifiers”

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called Context.ai that he was using. The details

x.com/i/article/2046…

We really need circuit breakers—especially for high-TVL systems. If a transaction moves an unusually large amount, safeguards should kick in across smart contracts, relayers, etc. Done right, this buys security teams time to pause, investigate and roll out fixes.

Aave saying only rsETH on Ethereum is 100% backed. LayerZero saying everything worked as expected. KelpDAO saying LayerZero's fault. Looks like blame game instead of collaborative effort to help users.

👀