Unchained - Did Arbitrum Violate DRPK's Property Rights? No, Because It Wasn't Their Property
Episode Date: April 24, 2026The $300M KelpDAO exploit became a watershed moment for DeFi, and the Arbitrum Security Council voted froze $70M worth of stolen funds. Is this a slippery slope or learning from history? Thank you... to our sponsors! MultiChain Advisors is an emerging technology growth firm that has helped create $50B+ in enterprise value for 80+ clients over the past 4 years. They're the partner to help navigate markets. Build real traction today at multichainadv.com The largest DeFi hack of 2026 starts with an RPC node. Not a smart contract bug. Not a stolen key. A spoofed node and a forged transaction. And North Korea drained $300 million from Kelp DAO through LayerZero’s bridge in a single block. Then the attacker went to Aave, borrowed against assets that didn’t exist, and created a bad debt crisis that locked Kain out of his own position. That was Friday. By Sunday, North Korea had started laundering. By Tuesday, Arbitrum’s security council had done something no L2 has ever done: frozen $70 million of funds had stolen by upgrading a bridge contract mid-hack. Kain Warwick, Taylor Monahan, and Luca Netz, with guest Odysseas Lamtzidis, take apart every layer: the DVN architecture flaw, the Aave contagion, the circuit breaker debate, and why the ‘code is law’ era may have just quietly ended. Hosts: Kain Warwick, Founder of Infinex and Synthetix Taylor Monahan, Security Expert Luca Netz, CEO of Pudgy Penguins Guest: Odysseas Lamtzidis, Founder & CEO of Phylax Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hey everyone, I'm Kane Warwick and welcome to Uneasy Money because what happens on Chain never
stays on Chain. Before we start, nothing you hear on UnEasy Money is financial advice. We're just
three builders talking about what's happening on Chain, and we want you to always do your own research
before aping in. You can find all our disclosures at Uncanecrypto.com slash uneasy money.
And before we begin, here is a word from the sponsors that make this show possible.
Multi-chain Advisors is an emerging technology growth firm that has helped create 50
plus billion dollars in enterprise value for 80 plus clients over the past four years.
They're the partner to help navigate markets. Build real traction today at multi-chain adv.com.
All right. I'm here with my co-host, Taylor Monaghan, security expert,
Luke Nett's CEO of Pudgy Penguins and Antarctica and Joyer, so we think.
And we have a very special guest, Odysseus, founder and CEO of Phylax.
So, yeah, thanks for joining us, Odiocis.
I think this is going to be a good show for you for all of us.
So as I'm sure everyone is extremely aware, the biggest thing of this week has been the Kelpdal hack, the bridge heist.
So the TLDR on this is the largest defy hack of 2026 so far.
In one transaction, an attacker drained over 100,000 RSEE.
We'll get into what RSEEth is in a minute.
Around about $300 million and 20% of the circling supply of this RATEEEE asset.
So the layer zero bridge is what powered this RSIEEEE kind of
asset across all of the different L2s.
And,
and,
you know,
the attack vector and Tate,
you know,
you can,
you can jump in here because I know you tweeted,
like,
great job,
guys.
This is like the second large hack in a row that wasn't just a simple
multi-sig takeover or,
or key management loss.
But,
but yeah,
this was not a smart contract bug.
And,
was not just a simple key compromise either, right?
Which is terrifying slash exciting depending on your position.
So yeah, Tay, what's your take on like the root cause here now that we've had a few days to let the house set?
Yeah.
So basically, I think a lot of people, and this was the same for drift as well, right?
They just assumed that like someone got malware or something happened.
The keys were stolen.
In this case, it was actually quite a bit more complex.
They did get on the infrastructure of the layer zero and basically the whole bunch of web two systems, let's call them, right?
And these systems all work together with the various blockchains and the various blockchain data in order to assist and process the transactions that go across the chains.
And so in this case, rather than like compromising the key that signs the transactions,
they actually had kind of limited access to the systems in question.
They were able to get access to, I guess, like the, what most people are familiar with
is like what we call like an RPC endpoint or an RPC node, like a Geth instance.
And because sort of the core layer zero is called the DV.
VN. It's a layer zero service system that they've built, but like anyone can run it. This is like,
it's like a big open source thing. Because the DVN relies on data from the Gath nodes, which rely on
data from the blockchain, when the attackers were able to gain access to the one system,
they were basically able to spoof transactions. And so then the next step, you can imagine right,
like data goes in, it gets processed, it gets verified, it.
all the stuff happens.
If it's all good, it goes to the next step.
And then that system is the one that actually, like, signs the transactions.
And so instead of like-
It's worth pointing out here, right?
Because I think this is an interesting kind of, like unspoken,
but very well-known thing in like, you know,
crypto engineering security or whatever that like,
what the RPC say, right?
Like the RPC is a computer that's telling you what's happening, what, like, it's translating what's happening on the blockchain.
You, you know, you have the blockchain there to, like, protect you from transactions going wrong, right?
Like, the blockchain has to validate a transaction.
But the RPC is like this thing that sits in between it that says, here's what's happened or here's what's going to happen.
And if you have control of that, you can trick people into thinking that the blockchain is doing something that it's not.
Is that fair to say?
Exactly.
And so that's what happened here is that the,
they basically like spoofed a transaction that didn't actually exist on the origin blockchain.
And so the rest of the system,
I think people got upset because the post-mortem that they released,
like said, the rest of the system acted as intended.
But technically speaking.
Classic response to losing.
This is in.
intended guys. This is exactly.
Technically speaking, it didn't job properly. It was not compromised, et cetera,
but because it was acting on bad information,
it signed this transaction that ultimately went on the Ethereum blockchain for
$116,000 RSEs, even though that had not been bridged on the origin chain, right?
Because the whole point of this is like, if you, in order to get a transaction out here,
you have to get it in here.
right and if this doesn't exist then you shouldn't have the output but in this case and why this is a hack
and with theft is because they were able to basically get in the middle of the flow trick the system
spoof some transactions um and uh steal that money which was a lot of money like a lot of money and it
actually was almost more money because once they stole that money they then uh well can you have to explain
because I actually don't understand this part.
They have the RLC.
They go to compound.
They go to AVE.
They go to Khyber.
They swap it for Eith or they take out loans as well.
So yeah, I can speak to this part.
Yeah.
I'm like probably partially responsible for some of this.
Try to loop the money.
Yeah.
Look, there's a couple of, there's a couple of things, right?
that they were like, this looping game, we feel like we've been sidelined from it, right?
So the, the ETH yield ecosystem, right?
It's very complex.
There are a bunch of assets that are essentially like tokenized versions of what would in
Tradfai be a structured product, right?
Like we're going to, you know, make illiquid things more liquid by like wrapping them up and putting them in places.
And the critical thing here is that R.S.E. for reasons of looping, for reasons of like leverage, of letting people leverage their state Eith positions and then their, you know, various derivatives of state deep, was added to AVE.
And you can use RSE, and this is another kind of dangerous, let's call it, assumption, right?
You can use RSE to borrow Weth, which is RAPD, from AVE, to the tune of about 90% LTV, right?
So, you know, the value of this RSEE was then, you know, the kind of contagion compounded because you're able to basically take this RSE that you minted out of nowhere and essentially use it to borrow real ETH and then take that ETH and go and swap it on Thorchain into Bitcoin or whatever.
So personally, I woke up because I'm in Australia.
And this had happened at like, I want to say about 5 a.m.
And so it was like 6 a.m. and I wake up.
And I'm in a bunch of group chats.
And it was just chaos.
People were like, Aves dead.
Abe's not dead.
It's totally fine.
The umbrella's blown up.
And like, I know Ava really well.
And I was like, what the fuck is the umbrella?
Like, what are we talking?
Like, I didn't know where there were umbrellas involved in this process.
But so I had an Ave loan that is half with half BTC.
And I went there and I was like, let's see if I can withdraw.
And the total liquidity available to withdraw in the core wealth market was 0.05.
Weft.
So I was like, all right, well, let's see how this plays out.
that's kind of it for me so um so yeah so odysseus what's your what's what's your take on this you have
you have some hot takes um on any of the we're gonna be here so far yeah yeah so far we're so far
we're at like layer zero bridge devian uh sign the incorrect message sign you know a message that was a lie
sign to mint a bunch of this derivative version of ETH that is available on AVE for people to
use to borrow.
I could go straight to AVE and not just AVE compound and anywhere else where this RSEE
asset was listed.
Max borrows everything.
And that's where we are.
This is now, you know, whatever it was, 6 a.m. Saturday for me.
So like Friday night, US time, I guess.
I know.
Oh, wow.
Yes.
All right.
He was like, nah.
No.
So, Luca, I have some questions for you.
What is, like, I'm sure you guys in abstract land were kind of scrambling to work out what, if any,
downstream consequences there were for you guys.
What's the third order, e-thinking derivative ecosystem?
like on abstract? Because we, it's a little bit of a catch 22. We were so consumer focus that we
didn't work very hard and prioritizing defy and ended up biting us in the butt because like a lot
of the liquidity and the provisions just on a chain like kind of required defy. But the beauty
about I think some of our ramifications was there really wasn't many because we never had those
integrations in place and we didn't really prioritize them until recently.
We did shut down and just kind of froze the bridges on the Pengu side.
There's a lot of liquidity across many different chains on Pengu.
And so we halted it.
And then just internally, I think, like, we're of the guys that,
dude, you're seeing a hack every deck.
And there has to be some sort of intelligence here that is giving these guys an edge
that is, like, allowing these things to be easier.
obviously the mythos scare a couple you know a week ago and so i think like the whole team over there is
just on a red alert on like system and processes for like if something were to happen like what are we
going to do and like let's not deliberate about it right like five different code reds the the action is
there like there shouldn't be a deliberation there should just be action so i think we had the
we're we're trying to be proactive and just addressing like where the world is going and tentatively
you know, we just on the, on the layer zero side, pause the bridges.
I do want to just chime in here because I am a layer zero maxi and just like give my piece.
Oh, we know. That's why I'm, that's why I'm curious.
Yeah. I'll give you guys my take. Like, I think, I think Brian Pellegrino is the good guy.
I mean, I've never met a more higher integrity man. And any time I thought I was going to make a
mistake, he always guided me in the truest, purest direction that any human could guide another
human towards. I have so much respect for them in that entire team and I know they've gone through
hell. I take a guy that I think has the highest integrity of any man I've ever met. Sorry,
Kane, I love you. But this guy is, sorry, you know, are none there. You know, if he says something
happened the way that it did, I'm just going to take the guy at face value. And I'm just going to say,
like, look, layer zero is arguably one of the most important protocols in the space. They've done
nothing but best practice up until this point. Clearly seems like there was some miscommunication.
and something that transpired.
But like if anyone's going to trust an organization or a protocol in crypto, like through
and through down to like the head of the snake and just his moral integrity, like it's those guys.
Right.
And like whatever, you know, whatever needs to be made right, if something needs to be made
right, he's going to do everything in his power and he's going to make it right.
And he's going to, you know, do whatever he needs to do to, I think, just, you know, make sure that
I think people trust the network and, you know, continue to use it. And, you know, I, I, I just, there's no man I can
speak highly more highly of. And I, my journey specifically, like, I'm not here without this guy.
I, I would have made a fatal mistake along the way. And just his support just from the moment I met
him, like was just unbelievable, you know, through and through. And so I'll just speak to that.
And I know those guys when this happened, these dudes did not sleep for days. They were cooped up in that
office, you know, they're all in, nobody's remote.
They, they were going through and through with it.
And, you know, I'll just take this opportunity.
And again, I'm not the most technically savvy guys.
So I'm not going to speak on with technicals or what I think is true or what isn't.
I can tell you guys, though, at least from like an EQ perspective and a heart perspective,
I know they're going to do everything in their power to me.
This is an interesting point, though, right?
Because there were, there were a lot of debates in, in my group chats about how did we get here, right?
particularly when it comes to this like one of one BBN setup and and know the the
ED role that that you know layer zero has kind of played in in this and you know I like I
really like Brian as well and and Max and you know I know I know a few of those guys they are like
you know if nothing else like top absolute top here in terms of their kind of
ground game and and you know how they how they've like rolled things out and you know just the support that
they give for founders and you know all the stuff that they've tried to do and and and i you know i saw a lot
of takes of like this is one of the reasons why they've been able to get so much traction um you know
is the like ease of deployment and bd and like all of these things right that um you know uh maybe
in the case of like other setups right would have been like more clunky and you know uh and and
harder to to roll out um but yeah so so you know it's a really interesting question around like
you know layer zero for me because i'm so old right like came out of nowhere um you know like
they didn't exist and then all of a sudden they were everywhere and it was one of those
crypto things of like mass adoption um by projects and team that was that was really
surprising. So, so yeah. I know you dropped off. It is, yes. So, so yeah, there was a coordinated
attack. Give us the lowdown on, I mean, there's a lot of blame games. Let's avoid the blame games.
What, what have we learned from this situation? What do people like layer zero, but other people
who are also doing asset issuance who are also doing bridging, right? How do we make sure this
doesn't happen again, please.
I think there is a lot of responsibility from a lot of different parties.
You know, first of all, I'm willing to argue that not a lot of people understand the
systemic risk of bridges because you have all these IAUs sprinkled everywhere in the ecosystem.
Everything is like looped.
And, you know, I think part of the problem is that bridges incurring systemic
decrease, right? So it's an extra fragile piece of infrastructure that we need to, it's hard for
people to grok, even developers, even if they're not familiar with the bridging space, you know,
users. It is in the name, right? Like, we understand bridges are like pretty important things. You
want to make sure they're structural. Like, there's a lot of work that goes into making sure bridges
don't collapse and kill a bunch of people. Like, you know, it's,
It's not like super unclear how important a bridge between two blockchains feels like a structurally critical piece of infrastructure, right?
Like that we should be very afraid of and mindful of, which we used to be back in the olden times, right?
Like we were very worried about bridges when there were like three of them.
and we had wormhole, you know, the wormhole hack and, you know, some other stuff that like really
highlighted it. And then I think we just got so many chains and so many bridges and so many things
that, you know, at some point, at least from my perspective, we sort of lost light up the criticality
of bridges and cross-chain messaging.
I mean, at the end of the day, I think, you know, bridges like layer zero one because what the users
ended up caring about this what's the cheapest fastest way to transact um i don't care about
trust assumptions or any of these like weird things um and you know layer zero moved amazingly well
i'm super fast um you know ster operators um but at the same time i think you know having
a default config of you know not the most secure like a one-on-one that was definitely i think
at least that's something that resulted from like moving fast and then it was never you know
later started back to actually you know improve it right and then you have updated teams that integrate
and they don't understand as well and maybe they don't do their due diligence as they should
so they you know they also take on that responsibility and then I think it's interesting now
everybody's talking about circuit breakers which I think you know would not
solve the problem, but that would solve the systemic problem, right?
It would protect the ecosystem from having like a bankground on AVE,
which is what we have right now, right?
Why you should be, you know, trapped in AVE in a very safe position,
whether you had, when you had nothing to do with that more risky asset.
Yeah.
I have a steel man of your statement, Kane,
and then I'll actually ask you a question just in terms of like,
how do you underwrite it as a guy with size who probably like has money in D5?
but I think just to like steal man your point came like I remember those days but like there's been no reason why you know I think moving forward that we don't have um dude somebody's playing the piano I'm so sorry
uh be gone beer it's sort of pan of amazing um I am going to rectify that soon um but I think uh I think from for my perspective um like layer zero had a ginormous bug
bounty and there was no reason not to trust. And, and, you know, even to this day, like, I
don't look at that, you know, everyone's saying, like, there's so many DVNs that are one of
ones, but like none of those have any size and most of those don't do anything, right? Like,
any of the nature, like, Blair Zero bridges, right? You know, have a great DVN set up, you know,
there are at least more than two signers. Like, to be frank, like, I don't think this is, like,
obviously like any situation like this like
glierzeo is going to have to have a little bit of a climb but i think
the dynamic shifted a little bit partly because
they've done such a fucking great job for the last couple of you know since they've
basically been around and like they put their money where their mouth is like the
it's one of the biggest white hat downies in the world like if i'm not mistaken like they
they are challenging you to break this uh you know and and and and i and you know again i'm not going to
speak to accountability. I'm on Pellegrino side, Pellegrino mode. But I would say that's probably
why, you know, it's, you know, we have less of an onus on what these things, you know, at least the
risk associated to them, because you got a group that, you know, you can trust through and through,
at least that's my take on it. Yeah, I mean, the one of one DVN thing is quite interesting, right?
Because like, you know, there are many things in crypto where it's like, hey, let's get people spun up
quickly.
You know, I mean, like, if you knew some of the things that went on,
like, get a smart contract deployer, like, what, just like so many things, right?
Like how DAPs were hosted.
And we'll get there because also they're all hosted on Bursel.
And so, like, you know, this idea that, uh, one of one DVN configuration is like,
you know, the like, proximate.
calls of all of this like sure yes right but if you want to stand up a bridge and you're bridging
you know 10 grand on your like new project and testing it out you know if they were like okay in order
for you to stand up a bridge it's an 11 of 34 multi-sig with three different like like i'm sorry
but like no three-person team is going to use that technology ever and the three-person team becomes
a 30 becomes a 300 person team.
You know, so I think that's a great point, by the way.
It's a phone.
Like, I'm going to hear me regurgitate that.
No, but it's true.
It's true because the way that this, these sorts of systems are set up is like,
the team is responsible for like their configs and like what they want.
And like they know their assets.
They know their things.
And then you have the DVN, which is like the system,
which is going to be processing them.
right? And the team can choose to use the layer zero one. They can also choose to use other ones,
right? Like block day and house one. There's, there's all these different like DBN providers.
And then that's where like the 101, two of two, two of three, whatever you want to do,
that's where that configuration comes from. I don't know what happened exactly here, but I think
if you go back through the timeline, I'm going to guess that most of the people that were on one
ones were like setting up we're trying to get this going we're trying to figure it out like
who's the fuck thought kelpdow like and that helps out turns up to you right and they're like hey
we want to set up a thing and you're like yeah sure bro like go nuts right like yeah and and they've got like
50 ethne it's like oh no actually were you a raricals kelpdao cane as like a defy guy is this
like a name i've heard of it i've i've heard of it i haven't used it myself i had never heard of me
Yeah, I've heard of it.
Like, you know, there's like, there's a lot of ETH and ETH is worth a lot of money now, right?
So it doesn't take that, you know, someone managed to get their hands on like, you know, 10,000 ETH.
That's a lot of Eith, right?
But it's actually shockingly not hard to get your hands on 10,000 EAT if you're in this like, you know, ETH derivative ecosystem where there is, you know, so much looping and, and, you know,
cross collateralization and like all of these different things like once you get into this space
the systemic risk is just like through the entire thing um okay we lost looker now
what is dude we are there lazus is like solos they're starting in you day and they keep
just lastly missing me right now it was like shots so all right let's let's keep moving um so
So, you know, you have to go through this part, by the way, Kane.
And I don't know how much time we actually realistically want to spend all this.
But like, so basically what happened was like because the attacker, basically the attacker wants ETH and the conversation.
The attacker wants Eith.
Eventually they want Bitcoin.
But right now they want Eith.
And they were in R.S.E.
Yeah.
So in order to get Eith, they did this thing, which causes the bad debt.
And it actually might mean that like.
the losses are higher, like the losses sort of like realized by the impact party series
actually higher than what the attacker stole.
And I only know what the attacker stole.
But you guys have to go through the shit show that has stemmed from this now.
Well, yeah.
Sure.
FOS and A-O's like the risk hasn't seen there.
How are you going about it?
Dude, I walked into my office on Monday and I was like, I have never been more scared
have money on chain than I am right now.
And I've seen some shit.
Like, trust me, I've seen some, like, I've seen some incredibly deliberately incompetent
teams do some crazy shit.
And I like had my money in those protocols until I was like, ah, whatever, it's fine.
Like, I'm farming here.
yeah like I like genuinely I've like genuinely I've never been more concerned to have money in defy and like there's a bunch of money that I have in defy that I can't get out of defy right like you know I have these luny isn't that yeah like but you know there's there's a there's an old quote from uh from Larry Sermak from the block right it's like you know I can't even imagine uh we can we can't try and pull it up here but it goes something like this I can't even imagine it's from like 20,
20, early 2020.
I can't even imagine the stress that the DFI teams are under.
They have 24-7 gigantic bug bounty hanging over their heads at all times, right?
And also, we were retarded.
Like, that was the unspoken part of it is like we had no idea what we were doing, right?
So not only did we have like, you know, hundreds of millions of dollars at risk, we were incredibly
incompetent and like scrambling like, here, just do.
shouldn't like survive right um i it really felt like we had gotten past that and like we had
you know learned a bunch of lessons had had you know better systems better practices or
whatever um and like to a large extent we have um you know the the thing that i i say to my team right
is like most businesses the world is adversarial right the world is adversarial but it is
not crypto, right? Like, you know, if you run a large Web 2 company, you've got people trying to
break into your systems or whatever, but it's not crypto, right? Like, crypto, they can literally
kill you and your whole family, like, in one, you know, in one minute and it's over, right? It's
the equivalent of having, like, vampires outside or zombies, like outside of your house 24-7,
like, scrabbling at the windows trying to get in. And it's incented, right?
But, like, then some, like, new zombies showed up that, like, have fucking superpowers and shit.
And they're, like, smashing through the walls.
And it's like, I didn't sign up for this.
I thought we had, like, the anti-zombie defenses that we've, like, built up over the years.
And now the zombies are, like, mutated fucking superpowers, like, laser eyeballs or something.
Just, like, slicing through everything.
And it's, like, actually, I'm done.
But you've heard it from Kane here first if you want to avoid zombies with samurai swords.
You know, take your money off, defy, come park it in some Pudgy Penguin profile pictures.
There you go.
We'll beat 6%.
We'll beat 6%.
At these prices, I'll be, I can tell you, these prices will beat 6%.
This comes stick over here.
Come stick to even the penguin picture.
So, yeah.
So let's quickly talk about.
the AVE situation, right?
So they couldn't sell the RSC.
Well, actually, that's not fair.
They could have sold RSC, right?
Like, there was liquidity, you know, in various places to sell the RAC.
But there was far more liquidity to borrow because of this LTV, right?
So the fact that you could borrow up to 90% of the value of your RSC.
So the big question that I thought a lot of people lost, you know, straight away is, why would we allow
like I
yeah the borrowing
side yeah
you know a bunch of people said like
and I don't know that I
agree with these takes for what it's worth
but like you know there were a bunch of people
that were like the AVE core
instance and a bunch of
of these markets were like fairly
stable you know not super
volatile in terms of like
back in the old days they used to be really volatile
you'd have like you know
interest rate spikes people would pull out
assets, not even to do with hacks, right? It was just like a more, a more volatile market in terms of
like the borrow lend ecosystem. But, you know, it became billions of dollars and got a lot more
stable. And so, you know, I saw people saying, why should you be allowed to borrow 200 million
dollars in one transaction, right? Which, you know, is not.
Odysseus here knows the answer to this. Is this a thing that we can like, like, de-risk while
not preventing people from like legitimate people from like is that the solution what what's what
what what's your take this is on yeah you know we we're taking so many pages out of trotfi
for everything right a vault is really a fund a curator is a fund manager so we might as well
take the circuit breakers right in finance if you have something very volatile move very fast you post
the market to see what's happening from a financial point of you right uh in crypto because a hack is
like, you know, a physics event.
So I think we just need to have these systems where if you try to move a hundred million
and you're not like one of the trusted market makers that should allow to do that,
then we don't allow you.
And you just, you can slow it down, right?
Like you don't have to like ban people.
I feel like, I don't know, I feel like often this conversation is like, it's like this like,
oh, a person's trying to swap $100 million and they might be bad so then we ban them or
block them. But that's not actually
true. No, that's not as
Twitter breakers. You don't get kicked out of the
right. You just slow them down.
You just slow them down. You can
evaluate the situation. Like there's
all this. But Tay, but Tay, this is
the thing, right? Like,
this is the thing. You're
got to be frosted. Right?
But like, if we do
one thing. Yeah.
If you do one thing, then
you get stronger.
Then we have to do all of the
things.
No, you don't.
We can't do one thing, Tay.
We have to do zero things.
This is my favorite part about the slippery slope
arguments. These people are like, we cannot do the things
because we might do more things.
And I'm like, I've been here for a decade, guys.
Let me tell you, nobody in the history
of ever is like those other people
back in the day did the thing. So we must do the thing.
Never, ever, ever.
ever.
If I come to someone
and I'm like, by the way, they're doing a
good job, they're like, well,
we don't care. Like, we're different.
This is our competitive advantage.
And so then I go on Twitter,
like, you know, we'll get to the arbitrage of situation.
I'm on Twitter with the arbitrage of situation,
and people are like,
the slippery slope.
And I'm like, no, no, it's not a slippery slip.
You guys are so rebellious and independent
and like so dedicated
to not, to, to,
doing it your own way and not learning from history.
Like, we're not there yet.
So Odysseus, right?
Circuit Breakers.
What, like, what's your hot take here?
What is the, what is the, kind of lowest, let's say, slippery slope thing?
We get, what's the thing that keeps up to the top of the slide?
That's what is possible, right?
Yeah, like, we want the least slippery slope, right?
the most frictionful slope we can find that allows us to do something.
Like, what is it?
What should we do here?
Like, you just add a little bit of friction, right?
So if you have a very big order, you just have to break it over, you know, multiple
transactions, blocks, you know, in the time horizon.
And, you know, I don't think there is even a slippery slope here, right?
Because you're not stopping or banning anyone to do anything.
You just tell them, well, we need some time.
If you do want to do that, we want some time to make sure that what you're doing, you know,
we shouldn't kill.
Yeah.
I mean, the kills.
You can put that into smart contracts, right?
Like, this is not, like, you know, one of the challenges, right, that I found a bit weird,
as people were saying, like, no, no, no, no circuit breakers, no things.
There is sort of like a presumption of this is like an off-chain oracle or something that's doing something.
But, like, you can, like, smart contracts can do circuit breakers.
Like, it's possible.
So.
It is possible to do in a simple way.
but if you do it in a simple way
then you end up having a lot of false positives
like imagine I'm needing to pause every week.
So if you want to do something more complicated
that understands better the schematics
of the system
so that it can more,
you have less false positives.
Then I think this is where it started
to get very expensive or even impossible
the EVM environment was not built
with a security in mind, right?
So it doesn't allow you to do things that maybe you wanted to do.
I think I'm going to be frank.
Like my stance here is like these like super purists like these principled guys that like believe in like how this should be done like the super decentralization maxi.
Like we guys really just need to pick their arena and I like because this never made any sense to me.
Like you need just like the bucket and the categories of like what is like consumer and mass adoption.
and payment rails like needs to be put here and like the like best practice for consumer
protections needs to be put in place like this is very obvious to me yeah want to be in the other arena
like unfollow everybody else and go do xFR and zcad whatever that bucket is and just stay there
and like don't go for like this and don't touch anything else that's right and just don't think
about anything else and just stay there like like tribes exist for a
reason and like like the idea that anyone's that give somebody shit for like freezing's 70 million
dollars to save people from losing their money like the fact that you're even going to like
argue that like means you commingle the two experiences right like you need to uncomingle the
experiences and you need to really pick your principles and based on those principles like
battle in your arena like but this idea that like you guys are
in Salana trenches and the meme coins.
And then they're like, oh, my God.
Like you got away from first principles and the cypher fun ethos.
Like, no, you're just confused, my friend.
And like, you're not as, you think you are.
Right?
You actually are like pretending to be this like anonymous, moral, high integrity like guy.
But like you actually don't know what you're talking about because you just need to go
play in your arena.
Because that culture, people underestimate the psychology of what transpires when you do that.
When there it is, and that it's actually dictates decision making from the founder and the builder.
Like, so much so you think your little aggressive tweet doesn't do anything.
It actually does a lot.
And that compound of that scale then makes people less prone to innovation and kind of sticking to what the people
or what they think the people want to do.
Obviously, like one angry customer is louder than 100 happy ones.
So when you have 100 angry customers, it just sounds like hell's coming on you, and you just want to please people and make people happy.
It's huge nature.
And it's just also commingled.
And it's frankly a disaster.
And so my ass to the users is like, look, I have so much respect for anybody who's principal around the decentralization ethos and everything that's supposed to represent.
I'm a huge believer.
It's important for humanity.
We've had these discussions when it was Solana versus Ethereum.
I think they performed two different functions.
But if you are that guy, you need to stay in your.
arena and participate with people that are aligned with that.
It's like everyone in their mom knows L2s are centralized.
Like no one's hits state ever, you know, to be.
Yeah, but it's interesting that a lot of the L2s, like for example, with the
Clarity Act that, you know, the industry is really trying to push forward.
People they had, you know, they have policy people, right?
And they were making the argument that we should not be regulated as a centralized survey,
we should be regulated as bits and commodities like Ethereum and Salana, right?
So they were making these arguments from a technical point of view.
But I think now the next time they make this argument,
this Arbitrum event and that's a good segue, will be used and say,
well, guys, you did that.
So if you're in the consumer bucket, and that's great.
And I think, actually, I think Arbitrum will probably see an influx of TVL.
Right. As a user, I prefer to be there.
Right?
but probably the regulators in the future, when they try to make the same argument, they will say,
oh, actually, you guys have some power, so you should be regulated as like other services.
But they should, right?
Like that thing, the thing about regulation is saying, like, it's basically putting standards
and putting a bar in place for the things that you can do and thus should do, right?
It's an impact on the incentives, right?
Because otherwise people would just never do them, right?
That's why you have regulations.
That's why you've government.
That's why you have laws, right?
Because otherwise people would just do whatever the hell they wanted.
And so the thing is like, if you do have more control, I don't know.
Yeah, that's your choice.
You chose that.
And yes, that comes with more responsibility.
And in my argument is that, and I've made this argument with regards to Circle and others,
is that the stupidest thing you can do is beg the government to write those rules for you, right?
In my opinion, that's the stupidest thing you can do.
If nobody is getting hurt, if everyone here is doing the right thing and making the right decisions
and the risk is being properly addressed, the government and the regulators aren't going to come in
and do anything, right?
The problem at hand is that people are not making the right decisions.
They're pretending to be decentralized when they're not.
then they get hacked because they have a single key, a whole bunch of users get foxed, right?
Billions of dollars gets wiped out, right?
And then the government, because it's their job, it has to come in and be like, okay,
how do we prevent this from happening again?
Because clearly you guys aren't doing it even though you can and you should.
That's how we ended up here.
Yeah.
Yeah. All right. Let's go to an ad break and come back and discuss this because I have some, I have some takes.
right on the regulatory side of this and the potential, you know, tradeoff space here.
So let's go to a quick commercial break, and then we'll come back and try and solve all there.
Multi-chain Advisors is an emerging technology growth firm that has helped create over $50 billion in
enterprise value for more than 80 clients, like Pith, Moon Pay Commerce, and Wormhole.
They've worked with some of the largest and most impactful companies in the space.
They're the partner you want when you're navigating markets and trying to do.
break out from the noise. They help navigate TGEs, go-to-market BD and partnerships,
capital markets advisory, PR, media placements, KOLA activations, and more, driving execution from
launch to scale. Their results are measurable. To learn more and start building real traction today,
visit multi-chain adv.com. All right, we're back, guys. So talking about regulations,
talking about, you know, what the trade-off space is there.
Um, you know, and this, this is maybe one of those things that like was true and is no longer true.
Um, but, but I'll say it anyway. Like, I came from a world of fintechs. I've got a bunch of friends who, uh, were doing fintech stuff.
There was a big wave of like fintech startups in Australia and like the, um, early, uh, early 2010s.
And almost every single one of them is dead when nowhere.
never innovated, never did anything, never solved any problems because of the fact that they were unable to do crazy shit due to the regs that they were under, right?
Even as fintechs, even, you know, it was like, hey, these are fintech startups.
We've got to give them a lot of flexibility to do stuff, right?
And like the reality is that not enough flexibility.
And so most of them failed to innovate and fail to deliver anything.
You know, this is the story of like a lot of neobanks, you know, they end up just like getting into a regulatory sandbox and not going anywhere.
So I think the concern that we had in the early days, right, was we wanted to be able to move maximally fast and do, you know, crazy stuff.
And there was an assumption that the people who were around, to your point, Luca, we were all the same people.
Like, we all had a bunch of eat.
We knew the risks.
Like, you know, there weren't, like, grandmothers getting wrecked in full two, right?
Like, it just wasn't a thing.
It was, like, very PVP, you know, well understood.
Hacks would happen.
It sucked.
But, like, you know, it was mainly participants that were, you know, wasn't, what didn't spread out to the outside world.
Eight years later, we live in a different world, you know, the institutions have arrived.
have an opportunity to take something like are they out for much wider audience and like there is a strong argument that the do nothing slippery slope cyphal punk like you know ethos has hit a scalability ceiling and and you know the good work that we did in the early days of being able to do whatever the fuck we wanted and figure it out and fuck around and like
whatever has been done like we've actually done that part of the curve right and we don't need to
keep fucking around and finding out we actually know we've like learned a bunch of stuff and the next
part of this thing is like make it actually useful for normal people okay so how do we do that
how do we do that i think like for what it's worth this arbitram thing is like maybe the
first crack in this, right? Like, like, this feels to me like a, you know, one of those events
who will look back on and be like, holy shit, this is when the approach changed, right? And,
and, you know, like the fear previously from Arbitrum fairly, right, was if Arbitrum had started as a
fintech startup, they would be dead now. The things that they did, the nonsense that went on,
across the L2s, we're pretending to, like, if we had turned up to the government and said,
hey, we're going to build this, like, crazy scheme and we're going to have total control over it
and pretend like we don't and not do anything ever. And when people lose money, we're going to,
like, look the other way. Like, that would not have been an acceptable state of the world, right,
to propose. So we did it in a much less obvious way. Didn't say the quiet part out loud.
But we're now at a point where we need to actually start doing things because we're out of the existential kind of growth, you know, risk phase of like you could die.
Like arbitram is fine.
They're not going to die.
They're big enough.
They've got enough traction that the next question is like, how do you make arbitram useful to everyone?
And they can also handle this like tradeoff space of doing things, right?
And, you know, if a regulator turns up and says, hey, well, you can do things.
So now you're regulated.
But, like, fine.
Arbitram can handle it.
It's still very complex.
Because, and let me just tell you, if you, if you, if there's anyone in the space that
thinks that, like, I did, I've been awake for, like, the last five days or however long it's
been.
Okay.
I did not think that this was going to, I did not think that it was going to happen.
As it was happening, I still was like, and we knew we're up against time.
We know.
That's the biggest thing, right?
If it was a different hacker, it's interesting.
If there was a different hacker, I don't think it would have been done either, though.
I think that this was a very unique situation.
But the time, Bybit started laundering that night, literally 12 hours later, and they did not stop.
For whatever reason, we got that not only the Monday, but we got a few extra hours on Tuesday, which allowed the signatures.
And I keep saying we.
I don't know why I'm saying we.
I am like over the frick over here, like hearing rumors, right?
I am not actually involved in this.
I was like pushy and bitching on Twitter.
Of the nine signers, because there's 12 total signers, right?
Yeah.
How did three say no?
Did three sign?
No.
Three said no.
No.
Well, did they?
They just didn't.
Yeah.
Yeah.
Did they say no?
No.
That's madness to me.
That's like.
My own time is, it is, dude, dude.
You just, no, it's a nine or 12.
It's just like when DPRK hacks, multisex, right?
It would have been 12 of 12 any other time.
Like, this is what I'm saying.
Like, this is like a watershed moment, right?
Like, go back six months ago, I think it's 12th or 12th.
Like, something has changed in the, like, like, side guise, right?
Of, like, our, you know, we, there was a moment, I think, where we thought we were winning.
We were like, we're getting better.
Yeah.
Like, hacks are going.
down. It's going to be fine. We don't need to do things. We can do things before bad things happen,
et cetera, et cetera, et cetera. And then we've just been like run over by a bus. And this is why,
okay. By the way, I don't know if anyone like, okay, so I tweeted on Saturday or Sunday after the
hack because I'm sitting there on Saturday doing with the shit, right? And we, we have attributed it
at this point. We attributed to Trader Trader, which is like the big boys, the big DPRK guys.
who we haven't seen in a while,
we knew what was coming.
And so we're sitting there,
ours on the phone at like 2 a.m.
with like a whole bunch of investigators
and we're sitting there,
how the fuck are we going to stop any of this money?
Right?
Like any of it,
because the second they start moving,
it's gone and we've got like 24, 48 hours.
And then it's gone.
And when I say gone,
like it's gone.
Right now, it's gone.
Like they've started laundering Tuesday afternoon.
It's gone now, right now.
Right?
We might get another million,
two million,
that maybe we'll be recovered in two years.
It's gone, guys.
Like, they laundered that money successfully.
It's gone.
So when you're up against that and we're sitting there,
the reason I tweeted was like,
I wanted defy?
Defy?
Because, by the way,
every single freaking bridge that gets hacked
has told us in the past
they can't do anything.
And then Lazarus comes in and is like,
turns out it's a 101 and it's all on an AWS.
Okay?
So I was fed up.
when I tweeted that, right?
Like I was just, I was perfectly,
I was just completely fed up.
Like, stop telling me that you can't do anything.
Let's get, like, do anything, right?
The most surprising thing about that was,
I then did not look at Twitter at all
because I was like ready for the mob to come at me.
And then I started seeing notifications come in
and I start seeing the hate and I was like, okay, whatever.
And then someone told me like, oh,
your tweet's getting like like some positive vibes on it and I was like what so I go look
close my I was like I go and I look closer it was funny because I was on a couple threads that
Lop was also tagged in so all the hate that I was seeing was actually like separate bit bit
Bitcoiners hating on Lop and I was just like C-Ced and then I'm looking at my thread and I was like
wait people are like hold on what is happening right now i was like it's shifted it's shifted
like the the appetite is not cypherfunk right the pieglis is actually aligned with consumer protections
and cyphor fun it's doing the right it's doing the right thing and it's saying like the money is right
there we see it it was stolen from people is now how this huge impact across the ecosystem it's
right there, like, let's, like, screw this.
We, last year's, this has been screwing us for so long.
So let's, let's actually dig into this.
Because this is, it's not just that funds were frozen.
Right.
This was actually something different to the point where, like, in my groups, people were like,
no, that's not right.
Like, that didn't happen.
Like, genuinely, they're like, no, no, no, no.
Like, and then someone's like, I like, I watched this in real time.
Someone's like, but it's in a different address.
Yeah.
It's wild.
And by the way, it's not.
Like, it's not an indifferent address.
It's also, it was, it's, people keep saying like, oh, just nine and 12 people signed a
signature.
No, no, no, no, no.
That, those are, those are just the signers, guys.
None of those signers, write any code, right?
Let alone, elegant, perfect, secure, like, audited, like, come up with the solution.
the number I have no idea how many people like work together to make this happen and that's why I say like even as it was happening I didn't think it was going to happen and I like genuinely because the number of things that had to come together for the singular event to happen is like I would say like at least like a hundred people so so let's let's dig it that's what I'm for making the right to search and let's give them flowers for flowers that was 100% the right to sit there
Anyone who's...
Persia rise, I think, is, like, totally lost.
Yeah.
The pressure, like...
And, you know, I think this is one of those things where it's 70 million dollars, right?
To your point, hey, there's a ticking clock.
You need to deal with it, right?
And the reason why most of the time, like, in action is much easier, right, than action.
Like, oh, we can't, you know, there were...
Like, to your point, there are probably 10 points in this chain where six months ago or nine months
ago or two years ago, someone would have said. And we know, like, we've been in these chains,
right? Where like something bad has happened. It's like, we can't do this in this amount of time.
Or we couldn't do this or it's too hard to coordinate this. And it would have just fell apart, right?
Like the whole thing that the chain of events that needed to happen for this to happen requires
everyone believing this is the right thing. And we just didn't have that consensus.
Now we have rough consensus that actually know we are going to rug the deep.
PRK if they steal money. So let's go into it. So Arbitrum has a security council.
Yeah. They have a single sequencer and they are reliant on Ethereum security, right,
for the economic security of their own network. But they also have a lot of control.
to the point where like arbitram could just shut the entire thing down now if they were to shut the entire thing down and this is this is the interesting thing here right um the whole point of an l2 is that arbitram disappears you can go to the l1 and you can be like no no no i want my money back and the l1 will be like here you go you're fine we have
We have all of the state that's happened over here on this other network.
We can replay it.
We've made sure that the state, every single change was fair, right?
We've got, you know, these fraud proofs.
We've got all these systems to make sure that economic security of Ethereum is there, right?
So if something happens on an arbitrage address, you send funds to the wrong place or whatever,
you can and have been able to rely on this economic security to ensure that your funds are yours, right?
This somewhat changes that, right? Because...
Well, and it makes it more complex. I think a lot of people, and there were, like, when I was first asking
questions, people were getting a lot of things confused because they do have one sequencer, right?
but the underlying there's a lot of checks and balances that they have in the underlying chain so just because they have one sequencer doesn't actually mean that the sequencer can do anything it was a copyright exactly so the sequencer cannot because the cryptography the underlying cryptography right is there so the sequencer itself cannot just like move money the sequencer also cannot it can like censor you meaning that it can like choose to be blind to you which is like close to you which is like close to
locally will say the sequence are freezing your funds because it's basically saying,
like, I'm not going to include you.
But, but you can force inclusion, right?
So you go back to L1 and you force inclusion from L1.
And that's your escape patch.
That's just gay patch is like, they can't rug me because of.
Exactly.
You go back to the L1.
And so even though you can theoretically like get the sequencer, the guys that run the
sequencer, you can force them to do things or convince them to do things
It doesn't, like the extent of what they can do is limited because they built in these,
the whole thing is meant to be censorship resistance in that form.
And that's the reason why for this situation, like, that's not an option.
Right?
Like that's just not anything.
And so, so, yeah, what they, what they did and like Odysseus, feel free to.
Odysseus, do you know how, do you have a good understanding of?
what the update was?
Yeah, so basically the sequencer, right, listens to events about what transactions
should be forced included.
So basically, they upgraded the L1 contract, the inbox, as they say, and they forced
included a transaction which spoofed the address from, right?
So they sent a transaction as if the hiker was sending a transaction, which moved the
to the rescue address, right?
And then they upgraded back the L1 contract
to the original implementation, right?
So at the end of the day, it's, you know, a 9-12.
From the perspective of the L-1, right,
this was a valid state transition.
And so, you know, there's a chain of economic security
that requires the L-1 to be able to say
this was an invalid state transition.
The sequencer cheated, right?
But there's a bridge that is all now one that is the real thing that really decides what
actually happened.
And they upgraded the bridge, which they can because they, it's a multi-fig, right?
And so they upgraded the bridge to say actually up is down for this one.
For this little.
Yeah, for this one block, right?
And so they moved to transaction and said this was not an invalid state transit.
This was a valid state transition.
And then they put it back the way, the other way.
And then the blockchain, both L1 and Arbitrum, sees that for the rest of time as a valid state transition.
Yeah.
And by the way, my understanding about why, like this,
route was chosen. And I give them massive props for this is that there, because there's a lot of
things you can do, right? When when we're, once we're in the realm of like, what can we do to stop
the 70 million? There's, there's actually like a lot of things. This, in my understanding, this was
the like, the one that carried the least amount of like technical risk, the least amount of like
oopsies. We've accidentally fucked everyone else over risk. Yeah. The, the,
the most...
It's the most aggressive thing that you can do,
but therefore also...
Very...
The safest, right?
Yeah.
Like, just, you know, like, it lifts the veil of,
we can't do things.
We, it actually, you know,
it completely destroys this illusion
that we can't do things to actually,
we can do anything.
We can actually do anything.
And not only can we,
in a theoretical sense.
We have in a very practical sense done it.
It's on the chain.
You can see.
Like, we know Lazarus didn't send that transaction,
which means like someone did, right?
Which means it's nine out of, you know, 12 people.
Well, nine out of 12 that signed the upgrade, right?
Again, none of those nine of 12 are like intimately familiar with this stuff.
they are actually a lot of them are auditors and security people so i assume that they looked at
very carefully of what exactly they were doing yeah um but again like this is not like if you think
that you can go to women's nine people to do something and it'll get done let me tell you you are so
freaking wrong like it takes so much more than that because again especially the nine people that
would be on that multi-s like yeah i've been on a lot of defy multi-sigs like you couldn't get too
of us to agree on something.
Dude, even for legit upgrades.
Like, they're like chasing me down.
Still to this day, Linnea's like, Taylor.
Please.
You're fucking shit.
So, so,
Griff, who is an EthereumOG,
who's seen some hacks.
He's the guy that famously narrated the Dow hack.
You can find it on YouTube.
Yeah, this is the second, this is the second big,
life-change.
thing that Grip has done. And that was another look. There's a lot of conversations on Twitter.
I'll say this. If you put Graf on your security council, you didn't put him there to like evaluate the deep
technical code is law shit. You put in there because you wanted someone that was going to look at it from a
holistic point of view and do the right thing. If you don't, if you don't want your security counsel to be that,
don't put Griff or by the way or Zach on your freaking
jostle. And so Griff said we did not make this decision lightly. All it takes for evil
to triumph is for good men to do nothing. So today we decided to do something. And I think
that quote will go down as like, as I said, this watershed moment of like, we're not
going to take this shit anymore. We're not going to pretend. We can't do anything. We're going
to do things when those things are good. And we're going to
going to use our own judgment and we're going to try and protect users and we will deal with the
downstream consequences of that if that you know and the downstream consequences and learn from it
too because by the way I would much prefer the veil to be lifted in this situation and then
them for them to like harden against it and be like wait hold on are we sure that this is the right
like scope of people or things that have to happen for a situation like this happen or
How do you optimize it?
Right?
That's the question, right?
Like, now that it's happened, how do we actually make sure that in the future this is not a mad scramble and it's done?
But I think it's worth, there's some other quotes, right?
That it's worth calling out.
And, Luca, you're going to love this one because this is like the antithesis of that, right?
Myple from Curve, who he is one of these guys.
Like, to your point, Luca, like one of the cypher punk, do nothing, let the world burn.
and, you know, code is law people, right?
That many will probably reevaluate
whether using arbitram is safe after this.
If they can freeze anyone,
hard to argue that some Tradfai regulations
are not applicable to the chain itself
is not neutral infrastructure.
Yeah, so let me just, let me just debate that very similar.
And came, like, maybe you've got to, like,
identify, like, what actually defines a cypherpunk?
Like, because isn't that the guy that, like,
looped a bunch of money and bought, like,
a $30 million house and did the whole thing.
And like, maybe it was like a couple houses.
Right.
Yeah.
Like my thing is is like like, like, okay,
cypher fund to me is like, you know, integrity and moral compass and like doing
these things for the world that are immutable but safe.
But for the betterment of humanity, it almost reads to me a little bit.
I don't know why I'm Blank on the term, but what Sam Altman was all about the fucking,
you got.
Effective altrues.
Yeah.
Relatively aligned in that principle, but like a little, maybe a little more rebellious.
So like, but then I could like, really put the libertarian, the libertarian owner of this, right?
You know, is, is like basically property rights are property rights, right?
I'm sorry.
Okay.
No, someone just sold your property.
You can't come back and be like.
But, like, genuinely, like, the combination of, like, property rights are the only thing that anyone should care about.
And it's now the D.J.R.C. is property. You could find people on Twitter. They're like, no, the DPRK owns this. How dare we steal it from? With this is theft. Yes. Yeah. And I'm like, no, no, that's not.
DPRK, we literally can't use a property rights argument to argue against someone who just...
That's like if somebody put a gun on my head in the street, took the watch off my wrist, and now it says watch.
Like, that's insanity.
Right.
No, but then you're the criminal for taking your watchback because you're like in California for that exact reason.
It's insanity.
Like, yeah.
Let's be real here, people.
Like, that's insane.
Yeah.
No.
The funniest part for me, honestly, of the, like, and again, like, the genuine take that exists all the timeline of people being like, no, no, no.
like the code is law, the chain is the chain.
You can't roll back transactions no matter who the person is because if you do, then things will happen, right?
Meanwhile, the DPRK, they don't believe in property rights.
You're like, they're trying to defend the property rights of like DPRK.
They don't care about your property.
They're like, these idiots are, what are they doing?
Like, they're laughing all the way to the- By the way, they absolutely are.
Because they get money unbroken all the time.
They go convince services.
And by the way, when they go convince services to unlock their money,
they sound exactly like the most hardline bitcoiner that you've met.
They go into the service and they literally say things like,
this is my money.
You have no right to freeze it.
You're violating my property rights, right?
What about decentralization?
What about, I'm not even kidding.
And the service is so scared.
It happens to all the top.
It happens to all the top.
It's so scared that they literally give DPRK their money back.
on the regular and then people it i can go about this all day we're not going to do but all i'm saying
libertarian take but you know frankly but it doesn't sound very libertarian to me i mean it sounds like
it sounds like it sounds like anarchy it sounds like it sounds like anarchy disguises as as
libertarianism if i'm being frank and so like yeah like i think everyone should be praising this
and somebody who i think has benefited so much off of crypto i'm sure this curve guys great and
like obviously curve gauges and like everything
everything that like they're their pioneers in the space give him credit where credit is due.
But I mean, like, I don't think he understands how, how much he's dis-servicing the space
when you're talking about a centralized L2 that nobody knows better than him, how centralized
L-2s are and saying that this compromising trust because he's not understanding the network
effects and his voice and the respect that so much capital hats for a guy.
It just seems like it's the thing, right?
like the yeah but the lack of the the delusional take on this right um like we said you know Odysseus was like
this people are going to want to use arbitra more right and this guy he's still he's like a japanese
soldier in like 1950 still like like old war right like he's like he's like many dude like three guys
you and the three people are going to reevaluate whether or not you want to be on Arbiton
99.9% of people are going to be like,
thank fucking God that I didn't lose all my money.
Thank, like, thank these guys for, like,
stealing back the money that I thought I was going to lose.
I thought I was going to get, like, a 10% haircut on my, like, you know,
eat savings.
And instead, I'm going to get most of the fact.
Like, I just, and again, like, I was this guy.
Five years ago, I was like, we can't do anything because if you do things,
then slopes and slipperyness and whatever.
like, you know, but I'm like, I look at it now and I just think the world has changed.
We're in a different phase of whatever this is.
Odysseus, what is your recommendation for teams in this space who are building things, real things, right?
Centralize things, decentralized things, decentralized things,
like, what is your recommendation to avoid any of these bad things from happening?
You know, next time you have to prioritize between the roadmap and security, maybe prioritize security in
instead of only their roadmap once every six months.
I think, I mean, you know, the space is new.
Everyone is like, you know, fighting for PMF.
You know, people are dying left and right.
So it's like, I think, very difficult for teams
to prioritize security because it seems so, you know,
it's not going to happen to me, right?
It happens to other people.
But I think now the question they need to ask themselves
is, you know, the yield I'm providing.
How much better is than the 4% yield that is FDI insured that the customer will have to choose between that and mine?
Right.
And I think that answer is what will drive all the decisions.
Would you take 5%?
I think it's a fair take.
Like, you know, the like the market will become more efficient, right?
But part of the efficiency is like having, you know,
not the risk of every 200 days you get zero.
Yeah, right.
It's crazy.
You need a very high yield to offset the risk of total loss once every three months.
Yeah.
Yeah, it's not.
It's not viable, I don't think.
And I think that it was, it was a bit different when sort of like DeFi summer era where we're
moving fast, but the yield was insane.
But we were also just like,
yeah, you didn't perk your money anywhere.
Dude, it was a daily thing.
You wake up, you chunk your shit.
Something not hacked.
It's okay, though.
You have 20 other things, right?
But that's not what AVE is.
No.
Yeah.
Like, you know, I woke up and I was like,
holy shit, like my money is at risk in ABE.
Like, this is not what I signed up for.
I signed up for, you know, like, of course there's some risk, right?
Like, you know, this is, I'm not even earning yield on Avey.
This is like me using it for like,
borrow. I'm paying, I'm a paying customer of Albae, right?
I'm like, I didn't sign up for this shit.
Like, come on, Stani.
You know, you got to fix this.
And so, yeah, I think if we want,
if we want this intersection of tradfi and defy
to be viable and scalable,
we're going to have to make some changes to how we do things.
But I think the market has sort of forced this, right?
Like you can look at this and say this was like nine people making a decision to your point.
It's not just nine people.
There's a lot of like this was a long time coming.
It was going to be this moment, right, where someone chose to do something.
And it was going to shift the over thin window of doing things.
And that's happened now.
And, you know, the consequences of that we'll see and there'll be, you know, some bad stuff and some good stuff.
But I just think you can't you can't unwind this now.
But the take that this will somehow cause like a mass exodus from Arbitrum is just gigarretarded.
Like it just is.
Like, no, like.
And it's anti-productive.
Yeah.
Yeah.
But the second part of the tweet is true.
They will be regulated.
They will be regulated.
Yeah.
They will be regulated.
But Arbitram, this is kind of my point at the beginning.
Arbitrum can handle being regulated now.
Like, whatever that looks like, they can handle it.
They're a large enough organization.
It's not going to cause them to not be able to bootstrap their network or whatever.
They will adapt.
They will adapt and it will potentially be a better network for it if they have like really clear guidelines about what, you know.
Your, Lasberus, DPRK, you know, these guys are not going to steal your money on Arbitrum is a good.
Hypline.
Like
we'll let Lazarus get you.
We'll keep you safe
from DPRK.
I mean, that's a good slogan.
I think Lazarus will
deprioritize.
I think all hackers
will deprioritize Arbitum.
And I think that that's, and by the way,
when we were, when Linneo was first getting going,
dude, Lazarus would bridge like $2 over there
and I'd be like,
like $2.
we're like, what are you doing, Taylor?
Like, that's $2. And I'm like, these bitches need to learn that they do not, they do not,
do not come over here.
And they, the thing is like, you do that a few times, especially early on.
And they don't.
There's a thousand bridges to choose from, right?
Literally a thousand.
They're not going to choose the one that annoys them.
And like, I would recommend if you're building defy, especially as that we now know,
defy is not decentralized.
You're making choices and you're doing things.
I strongly recommend to take action before they are like obsessed with you and in love with you and using you every day for hundreds and millions of dollars because they tend to have the things that they use the most.
Okay.
Like they get to know you.
They get to know you and then they target you because they know you.
This is not.
They laundered a lot of buy a bit fun through layer zero.
Okay.
Yeah.
I strongly recommend that thing.
Try to keep Lazarus away from them.
If you do it,
there are so many options that,
like,
it actually doesn't take that much effort
to keep them off of you.
And it de-risks not just the regulation in the government,
because by the way,
when Lazarus uses you,
like,
every Fed knows your freaking name
and you don't want that, right?
But it also de-risk the fact that you don't have hackers,
like, who understand your architecture
and know what you're doing
and follow you on 20,
Twitter and read your words and find your weak spots.
Tay, as like a green beret of like C-L-T-9-11.
Like, are these guys good coders?
Like, are you in there?
And you're like, Dan, these fucking dudes are savages for, or they just have a lot of time.
And there's just a lot of holes in this whole fucking thing.
Obviously, it sounds like Clare Zero thing was pretty impressive.
But give me your, like, green beret, like assessment on what's going on here.
I mean, I haven't done full, like, work up on the Layer Zero.
of like the exact
technicals, but I will say that like
I'm relatively
technical and I know a lot about the
DVN now that I didn't before.
Like I've done a huge amount of
clod searching to really get into
how this thing works, right?
I would say that even if I had the same
access they did, I would not have
figured out how to do this hack, let alone be able to execute
it, even with like, Claude's assistance.
It's a pretty good one.
one because just conceptually, architecturally, like, understanding the flow deeply enough to be
able to conceptually, like, come up with a hack and know that this will get the money out.
That's, like, sort of step one.
Step two is that actually executing.
And, like, from what I know, because they had, like, they had redundant infrastructure, they
had things that were being checked and balanced.
You can argue that they were perhaps, like, too reliant on a single RPC or a single again.
or whatever, but the reality was like they did have different things in order to get them
to like fail over to the ones that they controlled. They did a deed off on the other infrastructure.
Like it was a all I'll say like this was a pretty good hack.
Generally though, they don't do like it's not that impressive, but that's not because they
can't be impressive. It's because they don't have to. It's not required. They can just like go like
snip around and poke around in the
sleep and grab the keys. That's why I said, by the way, that's why I said earlier that I was
proud of this ecosystem for having two Lazarus hacks back to back where the keys weren't stolen.
It's not because I'm like, I'm proud guys for like a decade. That's what we've been doing.
They've been stealing our keys. And these two, they had to do some work. And I'm proud of us
for evolving at least that far. We still have more work to do. But like, we got to celebrate the
wins, right? Yeah, they needed two battalions instead of one to pull it over.
Yeah. Yeah. Guys, baby cells. All right. Thank you very much for joining us, Odysseus.
Thanks everyone for watching the episode. Remember what happens on chain never stays on chain
and we'll be back next week. Until then, do your own research before aping in.