The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

the negative and positive things that have happened since saturday are the result of _centralised_ points of building. everything that has happened (the bad and good things) would not have happened if we built in a truly decentralised way. overall, dprk would have far fewer "gains" if we stuck to cypherpunk principles. like, dprk does _not_ focus on smart contract hacks, they almost exclusively target centralised attack vectors. if we want to win against dprk (and any other state actor, which all focus on web2-based attack vectors), we need to go full cypherpunk mode. if this is not a wake up call, i do not think we will get a second chance.

Update on rsETH incident: WETH reserves on the Ethereum Core V3 market have been unfrozen and users can supply WETH to Ethereum Core V3 again. WETH LTV remains at 0. WETH reserves on Ethereum Prime, Arbitrum, Base, Mantle, and Linea remain frozen. Aave service providers will continue to work on next steps and provide updates accordingly.

Here's my update to the broader community about the ongoing incident investigation. I want to give you the rundown of the situation directly. A Vercel employee got compromised via the breach of an AI platform customer called http://Context.ai that he was using. The details are being fully investigated. Through a series of maneuvers that escalated from our colleague’s compromised Vercel Google Workspace account, the attacker got further access to Vercel environments. Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as “non-sensitive”. Unfortunately, the attacker got further access through their enumeration. We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel. At the moment, we believe the number of customers with security impact to be quite limited. We’ve reached out with utmost priority to the ones we have concerns about. All of our focus right now is on investigation, communication to customers, enhancement of security measures, and sanitization of our environments. We’ve deployed extensive protection measures and monitoring. We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community. The recommendation for all Vercel customers is to follow the Security Bulletin closely (https://vercel.com/kb/bulletin/vercel-ap… My advice to everyone is to follow the best practices of security response: secret rotation, monitoring access to your Vercel environments and linked services, and ensuring the proper use of the sensitive env variables feature. In response to this, and to aid in the improvement of all of our customers’ security postures, we’ve already rolled out new capabilities in the dashboard, including an overview page of environment variables, and a better user interface for sensitive env var creation and management. As always, I’m totally open to your feedback. We’re working with elite cybersecurity firms, industry peers, and law enforcement. We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet. I also want to thank the Google Mandiant team for their active engagement and assistance. It’s my mission to turn this attack into the most formidable security response imaginable. It’s always been a top priority for me. Vercel employs some of the most dedicated security researchers and security-minded engineers in the world. I commit to keeping you updated and rolling out extensive improvements and defenses so you, our customers and community, can have the peace of mind that Vercel always has your back.

The past few days have been intense, but I wanted to give some updates as we continue to work on this. Our priority is our users, and every decision we are making is aimed at an orderly return to normal market conditions and the best possible outcome for everyone involved. Working around the clock, the team has made progress on multiple paths forward with several partners. The Arbitrum Security Council also recovered $70 million in ETH, which could meaningfully reduce the potential exposure, and multiple discussions and solutions are being considered. I am confident we will move towards a strong resolution. Reviewing what happened and learning from it matters. But pointing fingers is not something that gets us to the other side of this. Every bit of my energy right now is focused on the outcome for Aave users and the protocol. Aave has been my life's work, and this is an important moment for DeFi as much as it is for Aave. I am deeply grateful for the support and collaboration we have received from builders and partners across the industry. We’ll get through this together and we’ll continue to publish updates on @aave as they happen.

Nouns DAO has been captured. @GlitterProtocol founder @0xdusk_eth and anon conspirators like @0xjanedoe2008 @makenounsgreatagain have finally fully taken over @nounsdao After not voting on props for months (which has made it nearly impossible to pass proposals), they've collected enough votes to make decisions for the DAO as a small group and have all come out to vote over a new reserve auction price for Nouns at 4x higher than our daily auction. This act will likely halt income, burn daily Nouns, prevent new buyers/voters, and help them maintain a "book value" through not passing proposals and not diluting their past buys more. IMO this is a sad day for Nouns and I don't think there is much coming back from a move like this. Although we may have been doomed anyways from their lack of vision and ideas to actually make Nouns better besides staking eth with their friends at @mETHProtocol 🫠 cc @zachxbt

Wanna move out of your staked Eth positions from aave? Just use Bungee.

Introducing OpenMythos An open-source, first-principles theoretical reconstruction of Claude Mythos, implemented in PyTorch. The architecture instantiates a looped transformer with a Mixture-of-Experts (MoE) routing mechanism, enabling iterative depth via weight sharing and conditional computation across experts. My implementation explores the hypothesis that recursive application of a fixed parameterized block, coupled with sparse expert activation, can yield improved efficiency–performance tradeoffs and emergent multi-step reasoning. Learn more ⬇️🧵