DAOUSDT
DAO Maker / Tether USD
crypto Composite

My DAO is based on wallet count, not token count. I'm sure somebody will try to abuse it, but it will be obvious.

Hey everyone - I’m Padrrre, leading comms at Hinkal.
We’ve been building privacy infrastructure for on-chain finance across multiple ecosystems, and we just deployed Hinkal Pay on TRON DAO.
I wanted to share it here because I think it could actually be useful for some of the teams operating on TRON.
As you all know, TRON is one of the largest stablecoin rails - but like any public chain, transactions are fully transparent.
For individuals, that’s often fine, but for businesses, it can get risky:
balances, counterparties, and payment flows are all visible.
From what we’ve seen, there hasn’t really been a practical, widely usable way to keep payment activity private on TRON so far.
What we built is a way to execute settlements and payouts without exposing that data publicly - while still using the same wallets, same stablecoins, without changing custody.
The idea is simple: funds move into a confidential balance linked to your existing wallet, and from there you can send payments without revealing sensitive details on-chain.
Compliance is still supported (KYT screening + selective disclosure when needed), but the default isn’t full transparency anymore.
Genuinely curious, do teams on TRON actually care about transaction privacy today, or is full transparency not really an issue in practice?

Juicy. I hope this is about the Kelp DAO fiasco... I heard some of the stolen funds were moving via USDT on Tron...

Pow vs PoS doesn’t grant immutability either. In fact Bitcoin has been rolled back before (Google the 184 billion BTC bug), while Ethereum never has been (the DAO was a fork, but that was also under PoW). Arbitrum is neither PoW or PoS, it’s an optimistic rollup.
In reality nothing grants true immutability. If a consensus of the network wants a change, the chain will change. And that’s that. This includes Bitcoin. Hence why people are discussing freezing Satoshi’s BTC before quantum computers crack his private keys.
Legitimacy in crypto is a subject Vitalik actually helped define, it’s well worth reading! See here; https://vitalik.eth.limo/general/2021/03/23/legitimacy.html

The burned keys question is the central paradox of DeFi. Burned keys = true decentralization but also no bug fixes, no emergency response, no upgrades. The Kelp DAO hack last week shows what happens when bridges CAN'T be paused - $292M gone. Toly's approach works for simple protocols but scales terribly for anything complex enough to have bugs you haven't found yet.

The “$10B total hacks in DeFi” headline sounds extremely bearish at first glance
But looking deeper, the response mechanisms seem very different from a few years ago
For example:
• Volo Protocol (Sui) exploit (\~$3.5M) → team froze part of the funds, protected $28M TVL, and covered user losses themselves
• Arbitrum Security Council reportedly recovered \~$70M linked to the Kelp DAO situation and moved it to a recovery wallet
Two years ago, most exploits ended with funds gone and users left waiting
Now we’re seeing actual recovery, intervention, and accountability at the protocol level
At the same time, large players are still accumulating ETH aggressively, which suggests the market might be pricing risk differently than retail sentiment
So I’m starting to wonder:
Are we still in a “high-risk DeFi” phase…
Or is this slowly becoming a more resilient system than people think?
Curious how you guys see this

ParyonUSD is launching on April 30th. It models Liquity V2 on a L1 UTXO native tokens and smart contracts enabled PoW chain (Bitcoin Cash, since 2023 "CashTokens" upgrade). Even though it's a minority PoW chain it is secure against deep reorgs thanks to 10-block finalization (aka "weak subjectivity").
Here's how it stacks up against the checklist.
**Where does the yield actually come from?**
Borrower interest payments. People deposit BCH as collateral, borrow stablecoins against it at a minimum 110% collateral ratio, and set their own interest rate on the loan. That interest gets paid in BCH and distributed to stakers in the Stability Pool roughly every 10 days.
No governance token emissions, no recursive looping, no "real yield" that's actually rebranded incentives. Borrowers pay interest → stakers earn interest. One sentence.
**What breaks first if conditions get worse?**
It's modeled on Liquity V2: redemptions hit the lowest-interest-rate loan first, not the lowest collateral ratio. The interest rate itself becomes a market signal for redemption risk. If the peg drops below a dollar: redemptions spike → interest rates get bid up → borrowing gets more expensive → supply tightens → peg recovers. Simultaneously the higher rates mean better staking yield → more demand for the stablecoin. Dual feedback loop, supply-side and demand-side, that self-corrects.
The main honest risk: the price oracle is currently a single signer. The audit flags this explicitly. The system already supports migrating to a multi-sig committee without redeployment, but at launch it's centralized on that one point. Worth knowing.
**How clean is the exit if I change my mind?**
You get a receipt token when you stake, hand it back to withdraw your full stake plus your pro-rata share of accumulated BCH earnings. No partial withdrawal complexity. They stripped that out during the audit process to keep things clean. Withdrawals also account for any liquidations that happened while you were staked, so you get proportionally fewer tokens back if the pool spent funds liquidating bad loans. Straightforward accounting, no surprises.
**Liquidity**
It hasn't launched yet (April 30th). Expect liquidity to be thin at first. BCH's DeFi ecosystem is much smaller than Ethereum's. The mechanism is clean but the surrounding liquidity environment is early stage so don't expect thick DEX books on day one.
**Fixed vs floating**
Interest rates aren't set by a DAO vote or an algorithm with magic parameters. Each borrower picks their own rate and the market sorts it out through the redemption mechanism. Centrally planned interest rates are how you get MakerDAO-style rate shocks where the DSR jumps from 5% to 15% because eight people voted on a Thursday. Here, rates are emergent.
**Protocol quality**
Modeled after Liquity V2. Audited by Sighash Labs across three passes covering 26 CashScript contract files. Overall posture rated "strong after remediation". One critical finding (interest routing enforcement) and one high finding (redemption oracle slippage protection) were both resolved before final sign-off. Contracts are open source and the team built an automated verification tool so anyone can confirm the deployed bytecode matches the audited source. The audit also recommends a public bug bounty for additional assurance.
**Counterparty / smart contract risk**
BCH is UTXO-architecture, extended in 2023 with CashTokens that let UTXOs carry additional state beyond just satoshis. This means clean state management, straightforward on-chain analytics, and notably it avoids entire classes of MEV that plague EVM chains (no sandwich attacks, no frontrunning the stability pool). The trade-off is a less mature smart contract ecosystem and tooling compared to Solidity/EVM.
One more thing the audit surfaced: a critical bug in the third pass was actually caught by an AI audit tool, not the human reviewers. Make of that what you will, but the fact that they're layering multiple review approaches (manual line-by-line, transaction topology reasoning, and AI passes) is a good sign for a team this early.

This is a useful stress test for L2 governance assumptions. The freeze is technically legitimate under Arbitrum's current DAO structure, but it surfaces an important clarification: 'decentralized' bundles at least three distinct properties — sequencer decentralization, governance decentralization, and censorship resistance — that are often conflated in marketing. Most L2s today are strong on one or two, not all three simultaneously.

**ETH Daily - 22nd April**
* Circle [proposal](https://ethdaily.io/circle-usdc-rate-hike-aave) for Aave
* Road to [Devcon 8 grants](https://ethdaily.io/road-to-devcon-8-academic-program)
* Fluid [extends](https://ethdaily.io/fluid-aweth-redemption-protocol-on-l2) aWETH redemptions to L2
* Shutter PEN DAO [funding model](https://ethdaily.io/shutter-introduces-perpetual-endowment-network-pen)
* Besu 26.4.0 [release](https://x.com/HyperledgerBesu/status/2046984536639021555)
* 200 ETH Security badges [issued](https://x.com/thedaofund/status/2046971022897819900)
* Growthepie [app upgrade](https://x.com/growthepie_eth/status/2046969583391674879)
* Catalysis [live on](https://x.com/0xcatalysis/status/2044053623328649584) Ethereum
* Grantr [prototype](https://github.com/alexanderchopan/grantr) for EIP-8141 frames
* Dan Finlay [leaves](https://x.com/danfinlay/status/2047101119709827580) Consensys
* Base Kipseli [propAMM bug](https://x.com/TheDEFIac/status/2046973478595641435)
* Polymarket [hair dryer](https://x.com/JeremiahDJohns/status/2047040658506977628) manipulation
* Justin Sun [sues](https://x.com/justinsuntron/status/2046787043557244983) WLFI
Read more: [https://ethdaily.io/931](https://ethdaily.io/931)

Yeah, $10B is a big number. No way around that. But the part that actually matters is how these situations are being handled now vs a couple years ago.
Example: the Volo Protocol exploit on Sui (\~$3.5M). Team froze part of the funds, protected a much larger chunk of TVL, and said they’d cover the rest themselves. No rug, no months of silence, no users left holding the bag.
Then you’ve got the Arbitrum Security Council recovering \~$70M tied to the Kelp DAO situation and moving it on-chain to a recovery wallet. That kind of coordinated recovery barely existed not long ago.
So yeah — hacks are still happening. But the response layer is evolving fast: freezes, recoveries, teams actually stepping up. That’s a different environment than the “welp, it’s gone” era.
At the same time, you’ve got institutions quietly accumulating — like Bitmine stacking a huge amount of ETH in a short window. Feels like the market is pricing in hack frequency, while bigger players are looking at supply and long-term positioning.
Curious how people see this — are we still in “hacks = bearish” territory, or is the way protocols respond starting to matter more than the hacks themselves?

The goal of putting their name here was not to publicly shame them, but rather make it clear there is little direct connection to Arbitrum. I have a lot of respect for the people I recognize on that list. If you read all the posts here, I think you can see that your opinion is more widespread in the space than you think. I guess most hardcore 'code is law' people left Ethereum in 2016 after the DAO fork and the remaining ones can see certain shades of gray.
What I see a problem with is that the security council has shown the extent of its power for everyone to see. They had the power all along but now everyone knows. If any rollup with such a configuration becomes successful, then such a concentration of power is a prime target for anyone who wants (or needs) to control the flow of funds through the rollup. Normally, such a subversion does not happen over night, but bit by bit. The standard example is the swift messaging system which facilitates payments around the world between banks. The system slowly got pressured into first delivering information to various governments about all the transactions on the network until a single state found all the loopholes needed to actually confiscate payments between two parties anywhere in the world. They confiscated payments between people in Europe which did nothing wrong in their own jurisdictions but violated sanctions laws which only apply to citizens in the third country. To be more specific, someone paid for the import of Cuban cigars from Germany into Denmark. There are some other examples as well. From initial collaboration to be fully compromised it took maybe 10-15 years in the case of swift. In the case of Arbitrum and a security council with such powers, I would expect this to be pretty much instant if anyone with enough power sees a need to do it. So, how I see it, rollups with such a security council setup as Arbitrum has now cannot exceed a certain size or they will be subverted to morph into the same kind of censorable systems we already have en masse with the traditional payment systems.

It's part of the ARB DAO.
Holders of ARB vote on them. 6 are elected every year.

The DONUT DAO has burned the 3.7 Million DONUT it was holding. The only DONUT sells are community members after the announcement.
https://arbiscan.io/tx/0x79f46a10e62de93b71c71dc9af7754ca90ea75d0b0423ad268b534a47d128b23

The Kelp DAO exploit worked because the entire security model for a bridge holding $292M came down to a single DVN verifier — a 1-of-1 trust assumption. Someone had flagged this exact weakness 15 months earlier.


How should we think about what's acceptable when it comes to trust assumptions in cross-chain bridges? Should there be a minimum security bar DeFi protocols have to clear before they can use bridge assets as collateral?


What lessons can we take away from this?The Kelp DAO exploit worked because the entire security model for a bridge holding $292M came down to a single DVN verifier — a 1-of-1 trust assumption. Someone had flagged this exact weakness 15 months earlier.


How should we think about what's acceptable when it comes to trust assumptions in cross-chain bridges? Should there be a minimum security bar DeFi protocols have to clear before they can use bridge assets as collateral?


What lessons can we take away from this?

ETH forked to revert the first DAO hack, so L1 is not really any better than L2, but that was the miners choice at the time so at least somewhat democratic.

I guess there is nothing stopping anyone from building their own use case for DONUT now.
There is no more supply inflation, and over 9 Million DONUT is set to be burned from the DONUT DAO treasury.
There is nothing stopping u/rickribera93 from creating a r/EthTraderBeta sub, just as he has done with with Conehead and Cryptocurrency, or nothing stopping anyone else from building any dapp where DONUT is used as a currency/token.
With a capped supply, who knows what a dev could do, and what price valuation they could create for DONUT - just as moons hit a new ATH after their contract was renounced, the same could happen for DONUT.

Multiple times, with this post on their governance forum being the most comprehensive:
https://governance.aave.com/t/rseth-incident-report-april-20-2026/24580
Ultimately whether it comes out to scenario 1 or scenario 2 is more in Kelp DAO's hands than anyone else. That being said, the Scenarios mapped out here are a little better now that Arbitrum has recovered ~30k ETH. And imo it's also likely some VCs or other big industry players will come in to bail out out in some capacity as well.
Still I've personally moved all my positions from AAVE to Spark, at least until the situation becomes a bit more clear. The longer it is unknown who will take the losses the worse it could get. Not to mention the risk of Iran ceasefire unwinding today, which could cause AAVE to enter into a situation where it has more bad debt because it is unable to liquidate positions in a timely fashion.
In sum, I'm ultimately optimistic most of the holes will be filled and the majority of users won't see major losses, but the risk is still too high to keep positions there imo.

Kelp DAO exploit may force big banks to rethink their blockchain plans, Jefferies warns

Arbitrum freezing $71M in ETH tied to Kelp DAO is a reminder that “decentralized” doesn’t always mean unstoppable

Yes, that's somewhat reminiscent of the moral dilemma of the The DAO hack... There's simply no 100% corect answer to that.