Get the latest ideas from Unchained.
Plus the best new takeaways about artificial intelligence from other top podcasts — read in minutes, not hours.
or
By continuing, you agree to podbrain's Terms and Privacy Policy.
Kane Warwick hosts this episode with co-host Taylor Monaghan (security expert), Luca Netz (CEO of Pudgy Penguins), and special guest Kelsey Nabin, research fellow at RMIT and author of Decentralized Digital Security Code Community Crisis.
The conversation covers three major developments: a $71 million legal battle over recovered Arbitrum funds from the Kelp DAO hack, AI agent security vulnerabilities demonstrated by Bankerbot's Morse code exploit, and Coinbase's 14% workforce reduction attributed to AI efficiency gains.
The discussion explores the tension between decentralized security responses and legal consequences, examining how blockchain's vigilante security culture intersects with traditional legal systems and the emerging risks of AI agents with financial access.
Lawyers Battle Over $71M in Recovered Arbitrum Hack Funds
Scummy lawyers representing victims with judgments against North Korea and Iran are claiming the $71 million in funds that Arbitrum's Security Council immobilized from the Kelp DAO hack
"These are the same guys who sued Pool Together back in 2021" - Taylor, describing lawyers who collect victims with default judgments against regimes like North Korea
North Korea denied involvement, calling accusations "lies perpetuated by the reptile organ journalists" in response to TRM's attribution analysis
"Even if North Korea stole this money, that doesn't make it their money. They stole that shit from us, from the Aave users" - Taylor on the fundamental ownership question
The court questioned Aave's standing, asking "who the hell are you guys?" since Aave doesn't have literal custody of user assets on their protocol
DeFi United emerged as a movement to coordinate industry response and prevent disparate parties from suing each other over the recovered funds
AI Agent Exploited Through Morse Code Prompt Injection
Bankerbot, an AI agent with wallet control on Base, was exploited when a user sent Morse code to Grok, which decoded the message and bypassed Bankerbot's security protections
"It's like re-entrancy from one of the other authorized smart contracts in the system" - Kane comparing AI agent exploits to smart contract vulnerabilities
"The agent gets nerd sniped. It's like, oh, I can translate Morse code and it just does it without thinking about what it's translating" - Kane on how agents get distracted
"As soon as you give an agent control of money and let it connect to the world, someone will find a way to route around" security checks - Kane
"Once an agent is on your machine, it has your shit. Like, it just does" - Kane on the fundamental security challenge of AI agents
Coinbase Cuts 14% of Workforce Citing AI Efficiency
"Over the past year, I've watched engineers use AI to ship in days what it used to take a team weeks. Non-technical teams are now shipping production code" - Brian Armstrong
Coinbase is flattening organizational structure to maximum five layers below the CEO and eliminating peer managers in favor of pod-based teams
"The highest cost that you have in any org is the coordination layer" - Kane on why AI enables dramatic organizational restructuring
Kane's team uses agents for asynchronous code auditing: "You have this team of agents go out, look at every single angle, every single thing" over 8 hours
"Your job becomes look at what the market is doing, read X, see what competitors are doing, but then the execution side, it's wild to think that people should be involved" - Kane
Blockchain Security's Vigilante Social Layer
Decentralized Digital Security documents "this ad hoc, quasi-vigilante social layer of security that's come about in parallel to the economic security of crypto economic protocols"
"White hat hacker: you're fine, do whatever you want and make heaps of money until you do harm to others. You can't break in and steal my stuff while everyone stands by" - Kane
"Instead of getting into the weeds on theoreticals, just take the situation you have today and ask: can we do something about this?" - Taylor's security philosophy
"If DPRK is in your machine right now, how much damage can they do? If the answer is any damage, then good luck because they're probably in there" - Taylor
Recent AI security incidents include poisoned training data in Solana code, $4.6 million in smart contract exploits by Anthropic agents, and DPRK using AI for spear phishing
From Unchained. Get a note like this from every new episode.