Claude Found a 4-Year Zcash Bug. Now It Won't Audit DeFi: Uneasy Money - Unchained

Summary7 min read

Podcast Summary – Unchained: "Claude Found a 4-Year Zcash Bug. Now It Won’t Audit DeFi: Uneasy Money"

Host: Laura Shin (episode features K. Morrick as main moderator)
Date: June 12, 2026
Guests: Taylor Monahan (security expert), Luca Netz (CEO Punchy Penguins), Joe DeLong (security researcher)

Episode Overview

This episode dives into current existential and practical concerns at the intersection of crypto and AI. The main focus is on the recent developments in advanced language models (notably “Fable 5” and “Mythos”), their implications for DeFi security and smart contract audits, and the emerging economic and security risks of AI model access and subsidization. The panel also explores dystopian trends in crypto markets (“Pump Fun Bounty Circus”) and a high-profile hack (Humanity Protocol). Tone is informal, at times irreverent, and deeply insider-focused.

Key Discussion Points & Insights

1. AI Models, Security, and the Failure of Safeguards

Fable, Mythos, and Model Lockdowns

The latest AI language models (Fable 5, Mythos) were hyped as paradigm-shifting but were rolled out with extreme restrictions, especially regarding cybersecurity and DeFi/smart contract analysis.
Naming conventions in AI are mocked: "You cannot release a thing that has never existed before and call it 5... Where's Fable 1 through 4?" (K. Morrick, 01:32)
Security Test: Panels tried probing Fable’s capabilities—"it just outright refuses to do a smart contract audit." (K. Morrick referencing Joe DeLong, 03:27)
Attempts to "jailbreak" Fable using other language models were discussed: “There is a whole jailbreaking system using other agents… able to get it to provide info on bombs and stuff.” (K. Morrick, 03:58)

Model Safeguards: Are They Pointless?

Older models (Opus, Haiku) could sometimes be tricked into code analysis or “white hat” investigations with convincing context.
“With Fable, the second it’s anything in the security realm, it just immediately downgrades.” (Joe DeLong, 06:39)
Panelists note that “intent-based” safeguards (“I’m a whitehat!”) are easy to bypass, so Fable’s blanket refusal may be a defensive overreaction.
The paradox: White hats and researchers are blocked, but black hats may “jailbreak” the model anyway.

Joe DeLong [09:08]: “With the other safeguards, it's like: I'm going to answer this question so long as I'm confident that you, the human, are using it for good. But with this one… I wouldn't even call them safeguards. It’s just 'I’m outta here.'”

Timestamps:

[01:17 – 07:47] AI announcement reactions & initial experiences
[09:03] Assessing intent-based safeguards vs. absolute restrictions

2. Economic Realities: AI Model Subsidization and Its Unsustainability

The Great Subsidy Revelation

AI subscriptions (e.g., Claude, Opus) are massively underpriced relative to underlying API costs.
K. Morrick recounts burning ~$20,000 (API value) for just $200 in subscription fees, running massive workloads: “It is so subsidized you cannot even believe it.” (K. Morrick, 29:38)
Users have no sense of actual usage costs: Many burn huge numbers of tokens with no awareness (“profligate with tokens”), while others hit artificial limits.

K. Morrick [31:00]: “So I have my Infinix account and I have my family office account, both... API metered. I set up my own personal account and tested Opus 4.8. In the course of four hours, I used something like 200 million tokens. Didn’t hit any limits... It would’ve been $5,000 on the API for $200.”

The Impending Cost Reckoning

Fable to be API-only after June 22—no more retail subsidization. Most users currently paying $200/month will balk at paying the real, much higher, price.

Joe DeLong [38:43]: “…If you make me think every single time I'm using it... It changes how I use it. Now I’m going to be second-guessing myself all the time. That's actually the worst place to be in.”

Enterprise Usage

Luca Netz describes Igor’s internal “Lomeli Bot” as a central “organizational brain.” They monitor usage and have spending caps ($50k/month), but few controls on what staff run.

Timestamps:

[29:38] Subsidy experiment story
[34:31] Luca Netz on enterprise AI ops
[36:58] Claude/Fable’s upcoming policy changes & user adaptation

3. The Dystopian Edge of Crypto: Pump Fun Bounty Circus

Bounty Marketplace Madness

Pump Fun launches a platform for “bounties” (get paid to do something IRL), resulting in surreal and ethically fraught challenges (e.g., tattooing a crypto ticker on your forehead).
Error in bounty spelling led to $15k meme coin payoff for the bounty hunter—much more than original reward.
The platform quickly tips into dark territory: bounties for suicide and self-harm appear.

K. Morrick [45:45]: “A lot of people, love to throw out ‘dystopia.’... This — I was like, actually, yes, this is dystopia... This is pretty crazy.”

No Redeeming Value?

Panel struggles, even humorously, to “steel man” (justify) the core concept. “They’re not trying to hide from it. They’re not saying ‘oh, one bad actor ruined it for everyone.’ They’re like, no, these are intended consequences.” (K. Morrick, 51:16)
Luca Netz describes it as “immature male entertainment... they are uncancelable, un-destroyable.” (52:34)

Luca Netz [54:30]: “Maybe it’s shining a light on the darkest of human nature... this weird, evil, conniving need for monetary gain, especially if you are on the poorest side of the spectrum, right, and the most uneducated...”

Timestamps:

[45:26] Dystopian bounties segment begins
[52:13] Attempts to morally “steel man” the concept

4. Major DeFi Hack: Humanity Protocol Private Key Compromise

Incident Breakdown

A single compromised device leaked private keys controlling several treasury and contract admin wallets.
The attacker upgraded the protocol’s bridge contracts to steal funds, updated the H token contract to drain wallets, and raided treasury accounts.

Joe DeLong [57:00]: “Once again, it was a bunch of private keys on a single… device. They were able to... grab all the money out of the bridge... took all the H tokens from everyone’s wallets and then dumped them.”

Multisig Confusion

Humanity's use of a “3-of-6” multisig was functionally moot—if all keys are on one device, it’s just security theater.
Panel speculates that many protocols use multisigs for optics, relying on third-party audit checklists rather than first principles.

K. Morrick [58:16]: "Why even have a 3 of 6 multisig... is that like obfuscation? 'We did best practices and just got unlucky' sort of thing?”

Final Thoughts and Conspiracies

The hack was highly thorough (“bank heist” analogy). The panel notes Twitter conspiracies, but the on-chain evidence points to a convincing external hack.

Timestamps:

[56:19] Humanity protocol breach segment begins
[60:44] Comprehensive attack explanation & conspiracy commentary

Notable Quotes & Moments

On Model Safeguards:
“It’s not like, ‘oh, this is for charity and a bad actor ruined it for everyone.’ They're like, 'No, these are intended consequences.'” — K. Morrick [51:16]
On Pump Fun’s Appeal:
“At some point you might even have to give credit where credit is due. These guys are un-cancelable and un-destroyable. They just... And it's entertainment company at this point.” — Luca Netz [52:34]
AI Economic Shock:
“You cannot even believe how subsidized [Claude subscriptions] are. It's a hundred X subsidized. It's crazy.” — K. Morrick [29:38]
Enterprise AI Management
“We have some sort of like maximum threshold and then we get notifications... this brain acts as like our Jarvis for the organization.” — Luca Netz [34:31]
DeFi Security Dismay:
“You forgot, they also infinite minted once they stole all the people tokens... It's like if this were a bank heist... stole all the cash and gold and cleaned out the safety deposit boxes...” — K. Morrick [59:58]

Structural & Thematic Takeaways

AI and Crypto Security are converging themes—but unreconcilable tensions exist between security, access, and capability. The same actors racing to “align” AI are falling into familiar hubris and risk patterns known from crypto’s past.
The industry is addicted to unsustainable business models, whether AI tokens or DeFi protocols—and the bill is coming due.
An undercurrent of dark humor runs throughout, but the panel expresses real concern at the depravity and “dystopian” turn in both AI and crypto’s latest developments.

For Listeners Who Haven’t Heard the Episode

This was a heady, fast-moving, and critically self-aware discussion about the real world ethical, financial, and technical minefields in crypto and AI as of mid-2026. If you’re interested in how model releases impact actual “builders,” why the economic foundations of generative AI may collapse, and how crypto experiments repeatedly spiral into dark or chaotic territory, this conversation is a bracing listen.

You’ll get deep technical anecdotes, darkly comic analysis, and a front-row seat to debates playing out in the overlapping, rapidly evolving world of AI and crypto innovation.

Table of Timestamps for Core Segments

| Topic | Start | Key Speakers | |------------------------------------------|----------------|---------------------| | AI Model Restrictions & Jailbreaking | 01:17 | Morrick, DeLong | | Opus/Fable Technical Comparison | 16:37 | Morrick, DeLong | | Subsidization & Economic Disarray | 29:38 | Morrick, Netz, DeLong| | Pump Fun Bounty Dystopia | 45:26 | Morrick, Netz, DeLong| | Humanity Protocol Security Breach | 56:19 | Morrick, DeLong |

End of Summary

Loading summary

Transcript142 lines

[00:00]
K. Morrick
So if you think about that, it's in the course of a couple of days because I ran this, like overnight multiple times, right? $5,000 on the API for $200. And that was only my weekly limits for that week. I had three more weeks of that. So it's very possible that I could have burned through like $20,000 worth of API credits on this account for $200. And at that point I was like, this is insanity. Like, this is. I knew it was subsidized, but, like, it's subsidized to a level. It's a hundred x subsidize. It's crazy. Hey, everyone, I'm K. Morrick, and welcome to Uneasy Money. Because what happens on chain never stays on chain. Before we begin, here is a word from the sponsor sponsors that make this show possible.
[00:57]
Sponsor Announcer
Multichain Advisors is an emerging technology growth firm that has helped create 50+ billion dollars in enterprise value for 80+ clients over the past four years. They're the partner to help navigate markets, build real traction today@multichainadv.com.
[01:18]
K. Morrick
all right, hey, everyone. I'm here with my co host, Taylor Monahan, security expert, and Luca Netz, CEO of Punchy Penguins. So our first segment this week is something that I think we've all been waiting for. And then we all got robbed. So that was exciting. They were like, mythos is coming. It's going to kill everyone. It's the best thing ever and also incredibly dangerous. And then they were like, actually, just kidding. We're releasing a different model, Fable 5. And I think the first thing for me that, like, no one in my team, because I pointed this out and my team was like, oh, yeah, we've all become, like, so used to the insane naming conventions of AI you cannot release a thing that has never existed before and call it 5. This is a crime of. You can't be like, oh, Fable 5. Where's Fable 1 through 4? Like, it's just Fable, bro. Like, what the hell are you guys doing? They just make up these nonsensical names. It's almost as bad as open AI that went like, 03 and then four and then back to three again and then like, crazy. Anyway, so we finally got Mythos, a Mythos class agent Mythos class model, which was super cucked, apparently, in a bunch of ways. And they. They, I guess, have had project Glasswing running now for like six weeks, and people have been slowly rolling out whatever. So the new model hit and of course, everyone immediately was like, let's see if we can hack some defi shit. And it refused to. So Joe DeLong, definitely a guy that would probably be happy to hack some defi stuff if you could get away with it, was like, yeah, it just outright refuses to do a smart contract audit. And, and so I think, like, there's two things here. One, there are all of the safeguards they've had now, like six weeks, eight weeks or whatever, to put a bunch of safeguards to stop it from doing cyber security stuff. Biology, weird chemistry shit. No life extension from Fable. Unfortunately, we're not going to be biohacking ourselves, but there is, obviously. And I saw this this morning when I, when I woke up. The more you like constrain something, the more like excited everyone's going to be to jailbreak it. So it looks like there is. I saw one tweet from someone who has like a whole jailbreaking system using other agents like jailbroken opus 4.8 to try and jailbreak Fable and has been able to like get it to like provide info on like bombs and stuff. So it feels a little futile to try and lock these things down. And people always seem to be able to work around it. But here we are. That, that's, that's the situation that, that we're in. Have you guys used Fable yet?
[04:39]
Joe DeLong
I tried
[04:41]
K. Morrick
to accent stuff or were you.
[04:44]
Joe DeLong
No, just do so. 99% of the things that I use AI for these days is like incident response, finding stuff, doing like reports on stuff, connecting stuff. Like if we have like a huge amount of profiles or githubs or whatever, like just. It'll go to town. It'll. You can feed it repos, you can feed it profiles, you can feed it like two different data sets and they'll. It'll figure out all these other things that used to be super tedious. And it's all. It's security related. Right. Because like ultimately these are usually like threat actors or trying to find my threat actors or report on the threat actors, et cetera. It's not that it like won't. Yeah, it just immediately downgrades the second. And like we've always dodged the safeguards that are in Opus, which are more feisty than all the others. Like you can ask like haifu something and it'll. It'll try, it'll try explain it.
[05:47]
K. Morrick
But. Yeah, well, it won't stop itself. Right. How do you make napalm? Haiku's like, ah, here's three recipes. And none of them work though.
[05:54]
Joe DeLong
Exactly, exactly. But Opus definitely had more safeguards. And so like when we were investigating, like, the Thor chain stuff, if you. You did not properly get the model in the right mindset, from the get go, you were constantly fighting with it to, like, continue the investigation, continue poking at these, like, the edcsa, like the cryptography stuff. If it sort of like, figured that you were hacking or trying to hack, it would, you know, throw a little tantrum. But with Fable, it literally, like, the second it's anything in the security realm, it just immediately downgrades, like, instantly downgrades
[06:39]
K. Morrick
itself to Opus, right? Yeah, yeah.
[06:41]
Joe DeLong
Which we've already been using for weeks at this point, so that kind of sucks. And it's not even like, again, it's not like, again, we're always debating Opus. We're always like, no, no, it's okay, Opus. We're white hats for investigators. They are. Someone already hacked this. It's not us.
[07:00]
K. Morrick
Here's the on chain transaction where all the money's gone, right? Like, trust me, bro.
[07:04]
Joe DeLong
Yeah, but Fable, it's like, it's so hardcore. And then the other thing that we, A lot of us noticed is, you know, there are certain researchers that just have never really used, like, Claude much at all. Like, they're. They're happy with, like, Kodak. Those, like, would they. They might be able to get, like, one prompt in before it realized that it was security related. But for the rest of us, like, it's just, it. It fails so hard so fast. So even if I ask it, like, to analyze a contract or an address or whatever, it already is suspecting that I'm.
[07:47]
K. Morrick
It's already.
[07:48]
Joe DeLong
It's already suspicious because it knows me, right? It has, like, I have to, like, really fresh context it. And so that kind of sucks. I've heard, like, similar stories with, like, biologists and stuff where if they have, you know, if. If Claude is aware that they're a biologist, it's like, we're not giving you shit, bro. Like, you can try to, like, dodge around with your words, but, like. I know what you mean,
[08:11]
K. Morrick
but have you tried Parcel Tom? That's the question. Like, literally, like, so I was reading through this jailbreak tweet, and it's crazy the way that they get around these restrictions. They, like, throw. They throw like, multiple different prompts from different agents with, like, different levels of kind of clarity around what they're asking. Try to, like, decompose the problem, like, ask it, like, things, and then, like, recompose the answer and stuff. So, like, basically trying to, like, slice up the. The model into, like, much more discreet things where it's like, oh, I can tell you about lie. Lie is fine. It's like, yeah, I don't even worry about it. I'm not making napalm over here. Just. Just soap. Yeah.
[09:00]
Luca Netz
Anyway, so.
[09:01]
Joe DeLong
So it kind of do you.
[09:04]
K. Morrick
You haven't been able to get it to hack anything because again, it's not
[09:08]
Joe DeLong
the same as like. So I think like with the others, with the other safeguards, it's trying to. It's like determining your intent. So it's like, I'm going to answer this question so long as I'm confident that you, the human are using it for good or whatever.
[09:24]
K. Morrick
Right.
[09:25]
Joe DeLong
Therefore, even if you're actually trying to hack something, like, you can convince it, you can like reframe it and be like, I'm a white hat or I work for this protocol or this is my code base or whatever. But with this one, it's the safe. I wouldn't even call them safeguards. Like, I don't think that they're safeguards.
[09:42]
K. Morrick
They're like. Or something. Like it's a certain thing and it just goes, I'm out of here. Yeah.
[09:49]
Joe DeLong
And, and it's because they know that like the sort of like motivation, intent based safeguards are not like, they're so easy to jailbreak and they're not willing to risk it.
[09:58]
K. Morrick
Yeah, exactly. It's not. It's not worth it.
[10:00]
Joe DeLong
So.
[10:00]
K. Morrick
Interesting. So, I mean, obviously from a like, smart contract security thing, this is kind of good, but like, also not amazing. Like, and, and, and my reasoning is that like, we were all sort of expecting, okay, we would get Mythos, right? We'd be able to point Mythos at our and, you know, ensure that it was secure right before someone else got to it. There's a little bit of like, security through obscurity. There's a lot of contracts out there. Your contracts though, you probably don't have that many. Maybe you got a few hundred. Depends on how cool you are. But like, you could throw Mythos at your stuff much faster than Black Hat was likely to get to it. Right. But now we're in this weird thing where like, you can't throw Mythos at your stuff because it will eject, but you can't really be confident that some black hat hasn't been able to jailbreak the model and get it to start looking at stuff. And so it feels like we're kind of back in the exact same place that we were a month ago when Mythos was announced. And it was like, you don't get access to it to protect yourself, but probably some bad guys have access to it to wreck you, which just feels a bit dumb. I don't know.
[11:26]
Joe DeLong
Yeah, it kind of sucks. I'm. I think my biggest worry is that there are actually. So Glasswing is pretty limited. Like, I think Coinbase just got access and they're the only people that I know that like, actually have access to. However, like, in web2land, there's actually like quite a few really big companies. It worries me a little bit to know that, you know, we're talking about like thousands, tens of thousands of like, logins exist. And especially with, you know, engineers and stuff for their coding, they're just like, own the machine.
[12:12]
K. Morrick
Just like, own someone's machine, right? Like, once you have access to their machine. Like, we have friends in North Korea who are quite good at this sort of thing, right? Particularly when they're targeting a noob that isn't expecting someone to be trying to break into their house. And they, like, have the door open and like, there's a doggy door and they've got three keys under some rocks outside. Like, North Korea loves that shit. They'll. They'll get in. So, like, and I'm sure, I'm sure they've.
[12:40]
Joe DeLong
Yeah, they've been exfil trading. So historically it was like, get the logins, get the API keys, your, Your end files, your GitHub, SSH keys. But they've actually been deliberately exfiltrating any API AI things like keys, tokens. They've been doing that for like over six months. So that's my worry.
[13:06]
K. Morrick
For most people, their API keys are the most valuable things on their machine, right? Like, yeah.
[13:12]
Joe DeLong
And so historically it's like, well, what are you going to do with some. Like, what are you going to. Realistically, what are they going to do with someone's like, claud Key, like burn credits. Okay? Like, you know what I mean? Like, because everyone has access to the same models. However, that's no longer the case. So, you know, it's just a matter of time before. Yeah, it's just a matter of time before some threat actors do get access to the models. I've heard that they are monitoring, like Fable, both the prompts and the outputs, like, very closely. Even for businesses which historically, like, the business plans have a different threshold for privacy. And like, I'm fine with it, to be honest. Like, because at some point it's just a matter of time. And I think that for me it's like, you can try. We always say this, you can try to do this slow rollout, you can try to like ramp it up, but at some point you're going to hit this inflection point where there's too many people with access to it. And therefore it's more likely that the threat actors get access to it than the, the people that need to defend it. And at that point you really have to sort of rip the band aid off. But I don't know if they know this, right, because they're so, their, their posture on like safety and stuff is just so. It just leaves them such a bad taste in my mouth. Like they're just not prepared. And it's very crypto esque, to be honest. They're like, we, I mean we're just gonna hug everyone and be safe and
[14:41]
K. Morrick
it's gonna be just like alignment, right bro? Like, I mean, I think, you know, why is it like that? I think that there, there's a couple of reasons why the posture is similar to crypto, right? First of all, you know, you have super smart autistic people who run the things, right, who have like a fairly weird lens on the world in a bunch of different dimensions, right? So you, you start with that, right, that like they just think about things in like just non obvious way, right? So, so that's your baseline that you're working with, right? Then you have a fuckload of money just being like poured on top of everyone everywhere, right? Which is super distracting. And then you have like a million things happening at once and it's so hard to concentrate. And then on top of that, because that's probably where you get to with crypto, right? Like space is moving so fast. Tons of money and a bunch of autists that are not very, very practical people, right? Then with, with AI, if you're in an AI lab, you're also in this world where like you have unlimited inference and these like genies inside of your machine. We didn't have to deal with that in crypto like back in 2018, right? Like we didn't. Our computers weren't talking to us and like doing things for us, right? Like that's like another level of insanity. And so it, it's not surprising to me that their posture on a bunch of things like completely nonsensical and well thought out because they're optimizing for different things, right? In a competitive environment that's quite adversarial, but in different ways. Like of course the labs are fucking retarded. Like how could, what else would you expect? Like, of course, right? So, but let's talk about Fable for a sec. Have you used Fable at all, Luca?
[16:36]
Luca Netz
No, not yet.
[16:38]
K. Morrick
Okay. All right, so I think you. In my groups, in all my groups that like, are like very aggressively using AI, it's quite interesting because there's like some people, there's like a few guys that like every time a new model comes out, they're like, AGI, this thing is like the most smartest thing I've ever seen, whatever. And most of the time it's not AGI so far and they're just idiots. But this, this time was really interesting because I think that there were like a group of people who have fairly hard problems. And this is the, like, the only way to really tell the difference between two models is like, understand the problems that the previous models were struggling with, which requires like a level of understanding and like in depth knowledge of like how the models reason and think and where the gaps are. And I saw a bunch of people giving problems to Fable that Previously even like 5.5 or Opus 4.8 were struggling with and it was crushing them. And when I, the first thing that I gave Fable was this planning, this planning problem, right? Where I had two months worth of documentation that had basically like, over the course of that two months been replaced or like assumptions were, were kind of invalidated. And so there were like multiple layers of like things like we have to do this thing, but there's a bunch of different issues. And we were going to try and do it this way. And these are just like a pile of docs, right? And you give it to Opus 4. 8 and it looks at it and it just latches on to weird things and like, can't think its way through. It really has a hard time going, moving up and down the stack in terms of like the, the level of detail, right? Like from like fine grained implementation level stuff to like strategy. And you know, a human can move up and down that stack really easily. But Opus was like really struggling and, and so I kind of, I tried a couple of different times. Like Codex 5.5 also doesn't get it. And it's, it's a particularly hard problem for agents when there's like red herrings in a pile of docs, like it'll just get distracted and like go down this path. And I'm like, no, like, bro, like, look, like we clearly decided we're not going to do that, but it can't. It has a hard time like attributing, you know, you look at a document like that's clearly out of date. You just have, like, an instant intuition, like, that's, you know, been kind of deprecated or whatever.
[19:31]
Joe DeLong
Or, like, it's not. In this context, your goal is this. In this context, you thought it might be this or that looks like.
[19:42]
K. Morrick
But then we. But then we realize it wasn't.
[19:45]
Joe DeLong
And humans are very quick to be like, actually, I'm gonna choose to ignore that because, like, and it, like, you. You naturally, like, adjust your sort of, like, path or whatever because you're like, it was out of date. Or it was like, that's actually not the focus. Or that's tangential. Whatever. Same thing for the AI, like, and the threat research and stuff. It'll take long. People are like, oh, yeah, my agent was, like, running all night and doing things. And I'm like, how the hell. Because I wake up in the morning and it's like, going down a rabb, like, analyzing some random. Like, the biggest conspiracy theorists on earth.
[20:23]
K. Morrick
That's funny.
[20:24]
Joe DeLong
And so, like, yeah, I don't let it run all night. He's like, it's gonna come back. I'm gonna be like, what?
[20:29]
Luca Netz
You.
[20:29]
Joe DeLong
You burn so many tokens? On, like, the most.
[20:34]
K. Morrick
We will get to. I think the next topic, we will get to talk about tokens and burning tokens. I think that's. That's another thing that the Fable release has kind of ripped the band aid off. So I think. I think we should talk about that next. But. But yeah, so. So, you know Fable, though, I gave it this problem, and it was so good. Like, just so good. It looked at all of the documents. It, like, went through them, realized the ones that were, like, assumptions or, like, you know, theories that had been invalidated. Looked at, like, the age of the docs when they were committed and just reasoned about it in, like, the way that I would if I was willing to read a hundred documents. And I'm not really willing to read one now. So, like, that's never going to happen, right? But it, like, read all 100 docs, and it was like, which were all produced by agents, by the way. Like, no one wrote. So it read all 100 docs, and it was like, okay, here's the feature set. So there's, like, a legacy code base. There's a bunch of features which have all been decomposed, right? And then there's all of these, like, hypothesized new features for the new version, right? Like, we're going to add all these things, and this is really hard for agents because it's like. But we have this feature and it's like, no, no, we're going to replace this, right? Like, one. One really interesting one was in the old version, the way that the system is set up, it invokes the clis directly, right? And this is because, like, when it was originally built, there weren't really good SDKs. And now there's, like, the PI SDK, which is amazing. And it's like, OPUS was like, yeah, but this is written in Go. That SDK is in typescript. Like, this doesn't make any sense. What are we going to do? And. And Fable is like, well, we've got three different options. We can, like, wrap the thing or whatever. But I don't think it makes sense. We should just refactor and, like. And I was just, like, reading what it was writing. It was like, reading what? Like, a. A good senior engineer who had, like, really good context would say, like. And it felt almost human. Like, it was really kind of a bit scary because Opus, like, you read Opus and you're like. You can just tell it's an agent, right? Like, whereas this thing is like, another level. I was like, holy shit.
[22:57]
Joe DeLong
Oh, God. Yeah. So one thing we actually do is that we actually. We'll have Opus do sort of like the hard work, like, the work work. But then I actually prefer how, like, haiku and sonic sound, like, when you read them. Like, read the. Like.
[23:15]
K. Morrick
Well, they're all trying to.
[23:17]
Joe DeLong
Yeah, it's much less autistic. So we have this flow where basically it's like you do all the work, you get all this stuff, and then when you're, like, sort of compiling the final thing that you're going to share with other people or read for yourself or whatever, you shove that all through basically, like a haiku or something, because they just sound more human. It's. You know, I'm kind of excited.
[23:38]
K. Morrick
Humans strip a bunch of detail that, like, Opus won't. Opus is like. All the detail is important. Every detail is important here. And it's like, it's really not, bro.
[23:47]
Joe DeLong
I mean, it's just like the sentence structure and, like, the. Or, I don't know, it's just much better. I actually think that the names are actually quite funny because, yeah, like, sonnet, Haiko are like, like, very linguistic, you know, like nice, happy, like, talkers. And then now we're getting into, like, mythos and stuff. It's much like they're actually, like. It kind of fits their personality in ways that I didn't actually realize when it was like, only sonnet Out, Right. Yeah. So that I'm. That excites me actually a lot to hear that. The other thing that I've been hearing a lot about that I haven't actually, like, investigated because, again, it won't do anything with security stuff, but, like, the loops or whatever they're calling them.
[24:29]
K. Morrick
Yeah.
[24:30]
Joe DeLong
Where it just, like, goes to town or whatever, but like, actually, like, in a really reasonable way, obviously. Incredibly dangerous in a security context, but also incredibly exciting.
[24:45]
K. Morrick
Yeah. So. So let's. Let's go to our next segment because I think the launch of Fable was interesting in a couple of ways, and it's of. Kind. Kind of highlighted some structural issues in the AI industrial complex. So there was a tweet from Tom Shaughnessy who said this is the most obvious way that AI blows up, right? So basically the thesis behind this is that all of the max plans, all of the, like, monthly plans that people are paying for, individual personal accounts that people are paying for, are massively subsidized, right? And then you have, like, direct API access, Right. For large companies, you still have seats for, for that, but each individual seat is charged based on their direct API usage. Right? So now there's been. And this is. This is kind of interesting, right, because there's been a discussion around, like, subsidization and this can't work, and they're losing money on, like, these subscriptions, whatever. And it's. It's kind of. It's kind of interesting because, like, that seemed very much to be the case. Right. You know, but at the same time, like, you had subscriptions, like, at one point, I remember Perplexity had like, a thousand dollars a month subscription, right? Which is fucking insane. Like, what personal account is paying $12,000 a year for imprints, right? And so there were, like, signs that, like, this was a bit weird and subsidized, but then they kept adding, like, higher plans that went from 20 to 100, 200. And so my. My view on this the entire time is like, it can't be that subsidized. Like, how subsidized could it be? Right? It turns out, and I'm probably gonna get. I'm gonna get killed for saying this, right? But it is so subsidized. Like, subsidized to the point that you cannot even believe it. And the reason why I didn't notice this earlier, it was one of my team that pointed this out to me. He has, obviously, a personal account that he does his personal stuff on, and he's got a bunch of, like, side projects and stuff. He was building, like, his own, like, AI training scheme or whatever. He's. He's super crack guy. And he kept saying, it's super weird because we have, like, an API tracker that tracks usage. And he was our highest usage person, right? There was a period of time where he was using Cursor and then he switched to directly Claude. And at one point, he used, I think, $12,000 worth of inference in a month, right? But the output for that $12,000 was insane. So we were like, it's fine, right? Like, he. He built an entire, like, extension. Like, he built. He built the entire, like, Infinix browser extension wallet, basically, using. Using Claude, right? And so we're like, h, whatever, if this guy spends 12 grand, it doesn't matter like this, you know, the output is like, 20 engineers. And so we sort of just ignored it. And then in my groups that I was in, you would hear people all the time complaining, going, I keep hitting limits. And I'm like, man, that sucks for you that you're hitting limits all the time, right? What I didn't realize was that the people who were hitting limits were being so profligate with tokens that it was disgusting. It never occurred to me, right? Like, and some of them, it never occurred to me that they would just be, like, burning tokens for no reason with, like, no sense of the cost of it, right? It should have, but it didn't. I was just like, oh, like, you're on the $20 plan. You keep hitting limits. Like, sucks to be. Basically, that was my. My take. So my guys, like, listen, like, I know how much I use on my personal projects. Like, I know how much code I'm producing here, and I know how much code I'm producing in Infinix. And, like, I'm watching the, you know, AI usage meter on my Infinix page because we have a page where everyone can track their usage, right? So that they have, like, some sense of cost, right? He's like, I'm watching it go up on one side and then the other one. I paid 200 bucks and it doesn't go up at all. And I never hit my limits. And I was just like, this doesn't make it. So I was like, all right, let me do an experiment. So I have my Infinix account and I have my family office account, both of which are business API metered. And I was like, I'm just going to set up my own personal account and test this on Opus 4.8, right? So I set up a $200 max subscription. And I, and I know enough that I can, like, come up with a task that's going to burn a fuckload of Twitter, right? So I build this workflow, and in the course of four hours, I used something like 200 million tokens. Didn't hit any limits. Didn't hit any limits. Basically, the task that I gave it was use workflows, and I want you to decompose this entire code base into its component parts, which was like hundreds of agents. I think it was like five or six hundred agents, right, on this account. So five or six hundred agents decomposing a code base, going through using, like, so many tokens. Like, like just the. It would, it would have been somewhere on the order of, I would say, $5,000 worth of tokens. It was API metered, and I know how much tokens cost on the API metering because that's where I live, right? So if you think about that, it's in the course of a couple of days, because I ran this, like, overnight multiple times, right? $5,000 on the API for $200. And that was only my weekly limits for that week. I had three more weeks of that. So it's very possible that I could have burned through like $20,000 worth of API credits on this account for $200. And at that point I was like, this is insanity. Like, this is. I knew it was subsidized, but, like, it's subsidized to a level. It's a hundred X subsidized. It's crazy now, like, okay, maybe that makes sense on some level because they're billing, you know, these, these accounts and, and tracking them as, like, AR and API credits. They can't. And so, like, there's some multiple. And they can raise more or whatever, but it is so unsustainable that my mind is blown. And I'm. I'm still sitting here going like, I don't use Claude that much. I mainly use Codex. So it's not that big of a deal. But I'm like, if I were paying. Paying API rates and spending, you know, $10,000 a month or $20,000 a month on the API, and some kid with a $200 subscription is getting the same thing. Like, that's just not, like, reasonable. Like, I, I just, I don't accept that. So.
[32:26]
Joe DeLong
Yeah, and it's. So, I mean, this has always been the model with these sorts of things, right? Like, there's. There's so many pieces of software and even not software that are subsidized. But I think usually the gap between power user and average user is much lower. Like, the gap, like, the distance between the two is much lower. And I think also you have many more instances of, like, a certain portion of your users are paying $20 a month, $100 a month, whatever, and literally never logging in and never use it.
[33:04]
K. Morrick
Exactly. Yeah.
[33:05]
Joe DeLong
And so it actually. And that's why it's called subsidizing. Right, because the users that never log in. Right. Who have excess capital are willing to pay to use it every once in a while or whatever, are literally subsidizing though the power users. And so it all sort of works out in the end. I think with AI, it's just. It's just the market is just slightly different, and the. The intense usage is just completely insane. Right? Like, the power users are just completely insane. And I do think the fact that there's so many different options, like, I'm constantly changing my plans, my personal plans. Like, if I'm using quad a lot, I'll, like, level it up and then all, like, right now, I think. I don't know, you're spending way more on all this than I am. But I'm constantly, like, leveling it up, leveling it down, because I'm, you know, based on what I'm using, which I also think is a problem, because it actually does look, you can. You can adjust your plans, like, nearly instantly. They don't have that lock in.
[34:10]
K. Morrick
Yeah. You can just feel like, this week I need to use more, and then. And then drop it down. Yeah. So, Luca, how do you guys think about this inside? Like, igloo? Like, do you track how much inference people are spending? Like, do you track what models they're using? Like, how do you guys do this?
[34:31]
Luca Netz
Not as rarest as probably I'd like it to be, but I think we're spending, like, $50,000 a month. We have some sort of like. Like, maximum threshold, and then we get notifications that kind of go off. Actually, our. Our president Lorenzo, who was once our cto, had built like, a. Has built. He calls it o'. Melibot. It's like a brain for the entire organization. And he actually wanted to build it out more. He thought that somebody would come out with it, and so we can kind of stop, but we've yet to kind of seen it. And so this brain acts as, like, one central hub that knows everything within the organization and then kind of feeds us daily reports. And so it also has certain parameters built into the bot. Like, if you go over a certain amount of tokens. Like it can shut things off and shut things on accordingly. But it kind of acts as like our Jarvis. For our organization, it's probably the most prominent use of AI that we have within the company. And then we're also building an AI creative engine just to kind of like at this point we have thousands of assets that we've made over the years.
[35:43]
K. Morrick
You know, how do we feed it
[35:44]
Luca Netz
into this thing and then just be able to spit out content at a fraction of the price. So between Lomeli Bot and this AI engine that we're building, those are probably the two most prominent places. I know we have a full time security guy at Pudgy, his name is Bo. He's been with us for eight months. I know he uses it to kind of constantly challenge him to break things. And then the rest of the technical team has that kind of $50,000 a
[36:10]
K. Morrick
month kind of barometer.
[36:12]
Luca Netz
But I'm not tracking like their, you know, what, what program they're using, you know, etc. I know abstract is a lot different. I know Tommy's like becoming like an AI connoisseur and so.
[36:24]
K. Morrick
Yeah, yeah, interesting. So I think one of the most interesting things about this is that Fable is. Oh, and you know, this has been the, the like subsidy apocalypse has been on the cards for a little while, right? Because they, they've already said, and this is one of the reasons why I think orgs are going to, you know, it's not like you can just go and buy a bunch of max subscriptions for your team because you can't use particularly with Claude.
[36:59]
Joe DeLong
Right.
[36:59]
K. Morrick
You can't use it with external things. So like almost all of my team uses I terminal, so there's a bunch of restrictions on like, you know, where you can use it. And if you're not willing to use just vanilla Claude, then you can't really take advantage of that. So it is kind of more geared up for one person, you know, for like personal use. Right. But now they're saying on the 22nd, no more fable. And the interesting thing about that is it's like, okay, so Fable will only be available on the API, which will be the first frontier model that is not being subsidized. Does that mean Fable costs go down, go up? Like it'll be, it'll be very interesting to see how they, how they handle this. Because if there's a bunch of people who like there, there's no way it's sustainable. Like the, to put it another way, the, the $200 a month, right? The millions of people who are paying $200 a month, if you don't give them access to the Frontier model, they will immediately go, well, I need access to it. But they are, they've been kind of subsidized for so long that when they use Fable for 20 minutes and it's $200, they're going to be like, what the is this? So it's, it's hard to know how this plays out because it's not like you're going to switch these people who are on a 200 max plan to spending $10,000 a month in API credit. Like that was not real revenue that you were foregoing, right? Like, so then the question is, okay, where do they go?
[38:44]
Joe DeLong
And the usage is gonna, so the usage changes for like, let's call them retail users like me right now, because I'm still unemployed technically, right? Like, like I am willing to spend X dollars a month on these things, right? And even if I don't use it
[39:00]
K. Morrick
100% don't say it, they'll track it
[39:03]
Joe DeLong
and they'll okay, whatever, I'm willing to spend that much. And even if I don't use it, right, I'm not sitting there like being like, let me maximize my usage. Although to be fair, I'm, I'm, I'm usually maxed out. But like, that's, that's how I think about it. And then I use it constantly for all sorts of different things. And this is like your average, like user, retail user profile, right? If you make me think every single time I'm using it, if you make me think about the cost and you're showing me the tokens, you're showing me basically the cost, it changes how I use it right now I'm going to be second guessing myself all the time. Do I really need to do this? That is actually the worst place to be in. Because you actually want me to be sort of doing, let's say useless things. Like, like willing to do little useless things because eventually that's how I get to do productive things. But if I'm constantly thinking about it,
[40:02]
K. Morrick
then I'll just grab a pen, paper, figure this out myself.
[40:06]
Joe DeLong
Yeah, right, exactly. And so I think it's going to be tough. You're never going to convert me. I'm trying to think of like a use case where like I would be willing to spend, spend like any amount for like a specific task, right? And I genuinely don't know if I could think of one right now because again, I'M not like, I'm not being paid for this stuff, right?
[40:35]
K. Morrick
Yes. So you're, you're much more price sensitive than say like one of my front end engines, right? That like, I'm like, hey, just be aware. And they're like, sure buddy. Trying to get a job done here.
[40:45]
Joe DeLong
Because as, as it stands, it's like I have, I'm willing to spend all this money on all my subscriptions, which I have a lot of, right. Not just AI things. Like these are just things that make my life better and that exists separately than like the work that I do, right. Or the fun that I have. Whatever it is, the second that you link them, then it's like, wait, then I start realizing like I'm not doing anything that's like I'm producing things that are valuable to me and my colleagues and other people around the world. But like not literally valuable, right? No one's paying.
[41:21]
K. Morrick
No one's paying for them. Exactly.
[41:23]
Luca Netz
Yeah.
[41:23]
K. Morrick
So, so it's a net loss, right? Like if you're producing stuff that you know is not actually being used, right. I mean the interesting thing about that is like, you know, if you think about the, the alternative humans, right? You hire a human, they have a fixed cost and you're like, I should try and get as much as I can out of them. Right? But they're not on tap. Not like switch them off and on, right. And even if, if you try to, if you try to like go like in ultimate on a day rate or whatever, you're gonna spend five times more than, than if you, if you, you know, have someone, an employee. So it's, it's an interesting, it is an interesting thing where like, but you know, you look at the, the kind of older models, right? Like 5.3 is still available on Codex and it is so cheap.
[42:13]
Joe DeLong
Yeah.
[42:14]
K. Morrick
And it's like really good still for like 90% of things, right? So what will be interesting I think to see is like how people adapt and, and you know, one thing being on the API, you know, road API path for the last year is we have come up with a bunch of ways to make sure that our token usage is more efficient, right? You know, making things more multiplayer, like having shared resources, having shared workflows, like things that everyone's not kind of reinventing all of the workflows. And so that I think puts you in a much better place if all of a sudden the only way to get access to table is through the API, right? And you've, you've been using it this like Wastefully, profligately for the last year with like, no sense of the cost of it. Now all of a sudden you're like, presented with the actual cost of what you're doing to your point, right? Like, you really have to start going, does this, is this actually making me this weird website that I'm building? Like, am I going to make any money from it? It turns it into a. A very different question.
[43:25]
Joe DeLong
But yeah, yeah, the businesses are also going to do this, right? Like, at some point, Luca, you're going to have to ask yourself, like, wait, hold up. We're good on the 50k, right? Like, we're like, we're confident that that 50k has like, more valuable output and in whatever way. And it's not direct output necessarily. Right? Because it's also like, for example, like employee retention companies that don't give their, their employees, like, access to the latest and greatest. Yeah, like, that's this way.
[44:01]
K. Morrick
I even work somewhere that didn't give me access to Fable. Now I.
[44:05]
Joe DeLong
Okay, I literally tweeted this half as a joke, but I was like, is Coinbase still hiring when I heard that they go like last week.
[44:13]
K. Morrick
Yeah, I know. Like, yeah, like, literally, like, I wouldn't do.
[44:18]
Joe DeLong
Never. I would never work for Coinbase in a million years. I hate them so much, like, for so many reasons. Oh, like, they, they have, they have real mythos, bro. Like, ah, that maybe, maybe I can make some sacrifices.
[44:37]
K. Morrick
All right, let's go to breaks and we'll come back and talk about some non AI stuff, some fun craziness.
[44:46]
Sponsor Announcer
Multi Chain Advisors is an emerging technology growth firm that has helped create over $50 billion in enterprise value for more than 80 clients like Pith, Moonpay Commerce and Wormhole. They've worked with some of the largest and most impactful companies in the space. They're the partner you want when you're navigating markets and trying to break out from the noise. They help navigate TGEs, go to Market BD and partnerships, capital markets, advisory PR, media placements, KOL activations and more. Driving execution from launch to scale. Their results are measurable. To learn more and start building real traction today, Visit visit multichain adv.com
[45:27]
K. Morrick
all right, next segment is on the Pump Fun Bounty Circus. So, yeah, it's. I thought a lot of people, a lot of people love to throw out like dystopia. Like, oh, this is so dystopian. I'm like, well, first of all, like, we are headed towards an actual dystopian. So, like, let's not lose sight of this, but this. I was like, actually, yes, this is dystopia. Like, I'm sorry. Like, even for me, I'm pretty open to people doing whatever weird they want to do and letting markets do their thing. But, like, this is pretty crazy. So they Pump Fun announced this bounty thing. I also saw that apparently, um, there.
[46:15]
Luca Netz
There was a.
[46:16]
K. Morrick
A guy who's building this bounty marketplace who was like, I talked to
[46:23]
Luca Netz
the
[46:23]
K. Morrick
Pump Fun guys and we were talking about, like, I don't know, getting acquired or investing or something like that. And he was like, then all of a sudden, they launch this. So I don't know how accurate that is, but, like, feels pretty on brand, honestly. Bump pun at this point. So. So they launched a bounty marketplace, and as you can imagine, is the meme coin trenches that we're talking about. There were some fucking crazy bounties. So one. One bounty was tattoo bounty work with a cash tag on your forehead. But the guy who wrote the bounty misspelled bounty work. And so, like, this is like, hilariously like, Poly Market, Like, Poly Market. Polymarket's like, ah, here's a thing. And if this resolves on the 31st of December, 2028, and then they're like, oh, oops, sorry, we meant 2027. You all lost money. Like, this is literally the same thing. So, so they. They. They wrote a thing saying, here's what you have to do. The guy did it. And they're like, no, no, no, you spelled it wrong. And he's like, no, I didn't like, the. The. The instructions say spell it this way. So I spelled it that way. And they're like, yeah, we didn't mean spell it that way. That's typo. That's on you. And so they were not going to pay him out. And so then, because, again, it's Pump fun, they launched a. They launched a meme coin called Booty Work, which is the misspelling. And apparently they put all the fees towards this guy and he made, like, 15 grand, which is, like, I think, seven times more than he would have made from the actual tattoo. Yeah, so it all worked out. It all worked out. It's all fine.
[48:26]
Joe DeLong
It all worked out. Yeah, it was $2,000. $2,000.
[48:31]
K. Morrick
But this is what. So someone pointed this out. They're like, like, you know, $2,000. We live, unfortunately, in a world where, like, markets are not homogeneous and prices are not homogeneous, and $2,000 might not be much for a meme coin trencher, although probably a bit more these days. People get killed.
[48:51]
Luca Netz
People get killed for this.
[48:53]
Joe DeLong
Yeah, I know.
[48:54]
K. Morrick
So. So, yeah, like cross border, anonymous payments maybe. Maybe not as good as we thought, but yeah, so. So there was also, I think a user that posted a 10,000 SOL bounty for someone to commit suicide, which also, like, just really, like the whole thing is not amazing.
[49:23]
Joe DeLong
So we're just going deeper into the trenches.
[49:26]
K. Morrick
Yeah.
[49:26]
Joe DeLong
Because there was always. Has it been.
[49:29]
K. Morrick
The Internet is a dark place. Like, let's be real, right? The Internet is a dark place. There's some parts of the Internet that like, should not be raised out of the trenches and.
[49:41]
Joe DeLong
Yeah, but it used to be more indirect, Right. You had to like, you had to like launch the meme coin and then you had to like, do the crazy. You had to set yourself on fire or.
[49:52]
K. Morrick
Yeah.
[49:53]
Joe DeLong
Tattoo or whatever. And then that would pump the token, which then resulted in that. Right now they're like cutting out the middleman.
[50:00]
K. Morrick
Just cut out. Yeah.
[50:01]
Luca Netz
Just do the thing and get paid.
[50:03]
Joe DeLong
But it's like every controversial thing that's happened in the last, whatever two years is now going to just be directly incentivized. So I think. I'm not sure if there was. Trying to remember, was there a suicide on Pump Fun before? I feel like there was. That's why they turned it off.
[50:19]
K. Morrick
Yeah, yeah.
[50:19]
Joe DeLong
The video or an overdose or some really bad. Something really bad.
[50:23]
K. Morrick
Yeah, there was some bad, bad happened on the video thing.
[50:26]
Joe DeLong
So, like, you know, like the tattoo is just step one. Right. We're gonna have. Yeah. We're now like, light yourself on Fire for $3,000, get a big pile of fentanyl and die for. What is it? 10. Like, come on.
[50:43]
K. Morrick
Bad. Not amazing. Like. Yeah, but, you know, any.
[50:50]
Joe DeLong
Sorry, what is the. What is the. What's the idealistic.
[50:57]
K. Morrick
There's no idealistic thing here. Like, there really isn't. Like, genuinely, like, this is not like. And it's the thing about Pump and. And Pump Fun and that whole community is they are. They come from a dark corner of the Internet. Like, there isn't any redeeming.
[51:16]
Joe DeLong
Yeah.
[51:16]
K. Morrick
Aspects of it like that. It's where they come from. Right. And so you got the situation where, you know, people are like, oh, you know, prediction markets are dangerous because you'll have assassination markets. Like, will someone get assassinated? And then someone. You know, we'll feel the need to do it in order to. Like, there have been all of these, like, these unintended consequences of market, you know, whatever. Right. Pom Pon's like, unintended. No, no, no intended, bro. Like These are intended consequences. We're going to not make this a thing which has any redeeming qualities. And like some bad stuff will happen at the periphery. Going to bring the periphery into the center and make it all about, you know, exploiting people's need for money and getting them to do crazy shit. Like. Which is you can do things. You can just do things, it turns out. But yeah, it's. It's. Doesn't feel amazing.
[52:18]
Joe DeLong
Luca, what's your take? Should we ban this on crypto? Like, what. Where are we going from here, bro? Help me.
[52:27]
Luca Netz
Can't be banned at this point. I mean, look, like at some point you gotta.
[52:35]
K. Morrick
At some point you might even have
[52:36]
Luca Netz
to give credit where credit is due. These guys are un. Un. Un. Cancelable and destroyable. They just, you know, and. And it's entertainment company at this point. I mean, it's. They're leaning into immature male entertainment, right? As an immature young boy that. Or was one, you know, 10 years ago, I understand the appeal. You know, it doesn't align with my moral compass. Like, no, like a lot of the things that I think have transpired there don't. But do they keep making money and sticky and it's working and you know, they've done. I mean, imagine saying, you know, to the point like, dude, you said it going to be an airdrop and they don't care.
[53:19]
K. Morrick
But like,
[53:22]
Luca Netz
I wouldn't even think are like possible that you could get away with. They just get away with. So, you know, the thing is, if
[53:28]
K. Morrick
you can get away with it, get
[53:30]
Luca Netz
away with it, right? I mean, if it's. If it. If it's working, I mean, I don't know.
[53:36]
K. Morrick
I mean, it.
[53:37]
Luca Netz
Again, it doesn't fit into my moral compass. But we spoke about this for many weeks now. Like, moral compass is, you know, they. He can take this. He can. His steel, their steel man, could be like, dude, you know, people are tattooing these things on their heads and doing these things and we're giving them income otherwise. The income that they otherwise wouldn't have had, right? Like, there is a way to reframe it in a way that is like super beneficial. And that I'm sure could be the intent. And then it's like Jackass meets like, meets like. No. Like, know, the problem is the community, the nucleus of it is almost. You can almost say to steel man, it. That they are not at fault. The feature is actually a great feature, right? The degeneracy community. I mean, let's call a spade a spade, right? Like, that is Definitely the thought process. And to be frank, even speaking it out loud, there.
[54:30]
K. Morrick
There might be truth to that.
[54:31]
Luca Netz
And at some point, like, maybe it's shining on a light on the darkest of human nature, right? Which is like this. This weird, evil, conniving need for monetary gain, especially if you are on like the poorest side of the spectrum, right, and the most uneducated side of the spectrum. And so is. Is it as much malevolence on the founders? Probably not as much as it is, you know, the integrity of the people using the platform. Because frankly, like, y.
[55:03]
K. Morrick
Making a bounty, right? That's in a good feature, right?
[55:06]
Luca Netz
It's a good product feature that I'm sure, like, a lot of us could conjure up. And you know, could you do better thing?
[55:13]
K. Morrick
Like, you. You do have some responsible. Like. And yeah, I mean, to your point, right, like, they're not trying to hide from it. They're not trying to say, like, oh, you know, this is for people to put up bounties to go and do charity and like, one bad actor ruined it for everyone sort of thing. They're like, no, no, this is for people who. I mean, like, to your point, you could flip it around and say, did the guy who tattooed the thing and got paid 2 grand slash 15 grand or whatever, whatever he made, which is like, who knows, 20 years of salary, 10 years of salary or something like that, you know, in. In the market that he lives in. Like, maybe he's the exploiter. It's like, you idiot, I just had to tattoo stuff. You can get the tattoo removed, right? Like, it's just like, you're allowing me to exploit these dumb, like, Internet dudes, right? I don't know, but there's something just feels off about it. Like, doesn't feel amazing.
[56:14]
Luca Netz
Look, I'm aligned with you, but granted, the steel man, here we are.
[56:20]
K. Morrick
Here we are. So, speaking of making a lot of money for doing dumb things, humanity protocol, and this is another private key compromise.
[56:40]
Luca Netz
So.
[56:40]
K. Morrick
So we're saying.
[56:43]
Joe DeLong
Yeah, actually, I slept through this one, so I don't have the. I don't have attribution or details for you, but I do know that it was a single device compromised. So there was malware on a single device. And then a bunch of private keys apparently were all on that single device, and then they were all compromised. And then with those private keys, they were able to. I think there were three primary things that they did. The first was they upgraded the bridge. They have like a bridge thing. They upgraded the implementation of the bridge, and then we're able to like grab all the money out of the bridge. The second thing they did was they had the token itself, the H token itself. They updated the implementation of the H token and then took all the money from all of the H token holders. I guess they took all the H tokens, all of them from everyone's wallets and then dumped them. And then the third thing they did is that there were some treasury team, whatever, wallet that had assets in them that were like. Some of them were like, I think future allocations. Some were like just like treasury holdings, whatever. They took all that money as well. So. As. It just sucks because once again, it was a bunch of private keys on a single.
[58:16]
K. Morrick
It stood out to me. And I know we've seen this before, but like why even have a like 3 of 6 multi? Like what? Like why do you have 6 liners, 3 of the. Like it's just so like assuming. Assuming. Like why, like, how's that going to help you? Is that like obfuscation? Is it like, oh yeah, we did best practices and we just got unlucky sort of thing like versus just having like a single EOA and being like, yo.
[58:50]
Joe DeLong
Like it just seems, it does seem to be like it has to be for Joe. Right?
[58:58]
K. Morrick
It has to be. Right.
[58:58]
Joe DeLong
Like, because the dude has to like sit there in normal operations. He has to sit there, switches the amount of ask over.
[59:09]
K. Morrick
Yeah.
[59:10]
Joe DeLong
So it's not for, it's not for ease. I wonder if like the certik, like the auto. You know how there's all these. There's actually a bunch of them, right. That sort of like auto go through protocols and tokens and like look and see. And then they like auto flag it as like it's behind a multisig. It has a time lock. Right. There's like all these different things. I'm wondering if that's. If that played a role. Right. They were like, oh, we need a multisig. So they made a multisig. And then because that's all they're being judged on, they didn't actually, like, it wasn't like a first principles multi sig. Like whatever. Yeah. It also isn't that uncommon.
[59:59]
K. Morrick
No, it's not. It just. It feels like there was a confluence of things that were particularly egregious about this one. Like unlocks coming up, investor tokens about to unlock token price pumps. Then the whole thing gets hacked in like really like a very comprehensive way. Right. Like, like it wasn't just like, oh, we, you know, this contract got dra. It was like the contract got drained. They infinite minted more tokens. They stole the treasury. They didn't like, it's like if this were a bank heist, it's like they like, you know, stole all the cash and gold and cleaned out the like safety deposit boxes and like stole all the wallets of the people that were in the bank at the time. And it's like, gosh, like leave something I forgot.
[60:45]
Joe DeLong
Yeah, they, I forgot. They also infinite minute once they stole all the, all the people tokens, then they're also. There's a huge amount of conspiracy theories on Twitter, which when I actually, when I first looked at it on chain, I was like, I am so confused because the typically, if you're looking at a theft on chain and you see an address that's like, you know, a couple days old that have like, just flows out of like Binance, htx, Mexi, whatever, like all those, all those exchanges, typically you're like, that's the fact, right? Even though that's not. These are assets that were sold in another chain and that are being laundered like very quickly through these sex accounts. Or it's the, it's the, it's the exchange accounts themselves that got hacked. Right? Like the. A lot of times people have exchange accounts that have money in them and the hacker will withdraw. In this case, I was like, wow, this is a weird timeline because it looks like you guys were hacked like three days ago. And then apparently that was the teens activity. And I don't know what that.
[62:04]
K. Morrick
Team movements, bro. Like, I don't know. I don't know why, why he would think that was suspicious. Well, I don't, I don't know.
[62:13]
Joe DeLong
I haven't followed these guys, but apparently if you want some like, deep conspiracies, like they're out there, they exist. But I can assure you that the later hacker activity is like it. It definitely for sure seems like a hacker that is not an insider. They did some pretty. A pretty comprehensive job, let's say.
[62:36]
K. Morrick
All right, that's it for this episode. Thank you for joining us on how do you remember what happened on Chain? Never stays on Chain. We'll be back next week. Until then, do your own research. Before aing in, nothing you hear on Uneasy Money is financial advice. We're just three builders talking about what's happening on Chain. And we want you to always do your own research before aping in. You can find all our disclosures@unchain crypto.com Uneasy money.
[63:08]
Joe DeLong
Sa.