<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Lens — Smart Contract Risk Wire</title>
    <link>https://lens.tenpound.xyz</link>
    <description>Verified smart contract risk signals with timestamped receipts. No predictions, no commentary.</description>
    <language>en</language>
    <atom:link href="https://lens.tenpound.xyz/feed.xml" rel="self" type="application/rss+xml"/>
    <item>
      <title>Quiet week</title>
      <link>https://lens.tenpound.xyz/wire/9d25cdab-f62e-4593-9b07-347013ed1f9d</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/9d25cdab-f62e-4593-9b07-347013ed1f9d</guid>
      <pubDate>Sun, 05 Jul 2026 10:55:11 GMT</pubDate>
      <category>post-mortem</category>
      <description>Quiet week. No smart contract risk signals passed the Lens wire gate in the last 7 days. The wire fires only on verified triggers — exploits, audit findings, and exploiter wallet activity. No signals means no signals. Track record at https://lens.tenpound.xyz</description>
    </item>
    <item>
      <title>Quiet week</title>
      <link>https://lens.tenpound.xyz/wire/5cfb5bdb-8a52-4715-b08a-fb1bfe8a674c</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/5cfb5bdb-8a52-4715-b08a-fb1bfe8a674c</guid>
      <pubDate>Sun, 28 Jun 2026 10:56:53 GMT</pubDate>
      <category>post-mortem</category>
      <description>Quiet week. No smart contract risk signals passed the Lens wire gate in the last 7 days. The wire fires only on verified triggers — exploits, audit findings, and exploiter wallet activity. No signals means no signals. Track record at https://lens.tenpound.xyz</description>
    </item>
    <item>
      <title>Quiet week</title>
      <link>https://lens.tenpound.xyz/wire/2b6a7dd6-cbfd-402c-9f2a-0b1c50f640e8</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/2b6a7dd6-cbfd-402c-9f2a-0b1c50f640e8</guid>
      <pubDate>Sun, 21 Jun 2026 11:36:53 GMT</pubDate>
      <category>post-mortem</category>
      <description>Quiet week. No smart contract risk signals passed the Lens wire gate in the last 7 days. The wire fires only on verified triggers — exploits, audit findings, and exploiter wallet activity. No signals means no signals. Track record at https://lens.tenpound.xyz</description>
    </item>
    <item>
      <title>Quiet week</title>
      <link>https://lens.tenpound.xyz/wire/b87af6ae-9e39-41fc-b0b5-4aa169437545</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/b87af6ae-9e39-41fc-b0b5-4aa169437545</guid>
      <pubDate>Sun, 14 Jun 2026 11:20:56 GMT</pubDate>
      <category>post-mortem</category>
      <description>Quiet week. No smart contract risk signals passed the Lens wire gate in the last 7 days. The wire fires only on verified triggers — exploits, audit findings, and exploiter wallet activity. No signals means no signals. Track record at https://lens.tenpound.xyz</description>
    </item>
    <item>
      <title>Quiet week</title>
      <link>https://lens.tenpound.xyz/wire/8f26b33b-585e-4a3c-b639-b57b7261a0b6</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/8f26b33b-585e-4a3c-b639-b57b7261a0b6</guid>
      <pubDate>Sun, 07 Jun 2026 10:58:28 GMT</pubDate>
      <category>post-mortem</category>
      <description>Quiet week. No smart contract risk signals passed the Lens wire gate in the last 7 days. The wire fires only on verified triggers — exploits, audit findings, and exploiter wallet activity. No signals means no signals. Track record at https://lens.tenpound.xyz</description>
    </item>
    <item>
      <title>1 signal on the Lens wire this week</title>
      <link>https://lens.tenpound.xyz/wire/1895f43f-7507-4f00-b0fb-37834249391a</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/1895f43f-7507-4f00-b0fb-37834249391a</guid>
      <pubDate>Sun, 31 May 2026 10:50:14 GMT</pubDate>
      <category>post-mortem</category>
      <description>1 signal on the Lens wire this week — $10.7M in confirmed losses. Breakdown: 1 post-mortem. Every entry carries a verifiable identifier and a specific loss figure. No predictions. No commentary. Full track record at https://lens.tenpound.xyz</description>
    </item>
    <item>
      <title>THORChain&apos;s Asgard vault lost $10</title>
      <link>https://lens.tenpound.xyz/wire/cb92a8a8-a642-4ecc-a229-516f55c1fbaf</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/cb92a8a8-a642-4ecc-a229-516f55c1fbaf</guid>
      <pubDate>Thu, 28 May 2026 15:42:31 GMT</pubDate>
      <category>post-mortem</category>
      <description>THORChain&apos;s Asgard vault lost $10.7M on 2026-05-15 after a newly joined node operator exploited a GG20 threshold signature scheme vulnerability — reconstructing the vault&apos;s full private key offline to forge unauthorized outbound transactions. 1 of 6 Asgard vaults was drained across Bitcoin, Ethereum, BNB Chain, and Base. Attacker&apos;s BTC address: bc1ql4u94klk265lnfur2ujk9p6uh52f2a8jhf6f37. Source: https://rekt.news/thorchain-rekt3</description>
    </item>
    <item>
      <title>1 signal on the Lens wire this week</title>
      <link>https://lens.tenpound.xyz/wire/ad29e33d-55a6-4076-9f67-5fa9224509b2</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/ad29e33d-55a6-4076-9f67-5fa9224509b2</guid>
      <pubDate>Sun, 24 May 2026 10:24:24 GMT</pubDate>
      <category>post-mortem</category>
      <description>1 signal on the Lens wire this week — $6.7M in confirmed losses. Breakdown: 1 post-mortem. Every entry carries a verifiable identifier and a specific loss figure. No predictions. No commentary. Full track record at https://lens.tenpound.xyz</description>
    </item>
    <item>
      <title>1 signal on the Lens wire this week</title>
      <link>https://lens.tenpound.xyz/wire/fd4b90cc-acf5-493b-848e-a4d8d25d1f23</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/fd4b90cc-acf5-493b-848e-a4d8d25d1f23</guid>
      <pubDate>Mon, 18 May 2026 05:41:25 GMT</pubDate>
      <category>post-mortem</category>
      <description>1 signal on the Lens wire this week — $6.7M in confirmed losses. Breakdown: 1 post-mortem. Every entry carries a verifiable identifier and a specific loss figure. No predictions. No commentary. Full track record at https://lens.tenpound.xyz</description>
    </item>
    <item>
      <title>TrustedVolumes, a 1inch liquidity provider, lost $6</title>
      <link>https://lens.tenpound.xyz/wire/6d4932fe-2a22-4717-8ec5-6410b4f266f5</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/6d4932fe-2a22-4717-8ec5-6410b4f266f5</guid>
      <pubDate>Sun, 17 May 2026 13:21:04 GMT</pubDate>
      <category>post-mortem</category>
      <description>TrustedVolumes, a 1inch liquidity provider, lost $6.7M on 2026-05-07 after an attacker exploited a public registration function in the protocol&apos;s custom RFQ swap proxy — no access controls on the registration function allowed any address to register as an authorized order signer. The same attacker drained $5M from 1inch Fusion V1 in March 2025. 1inch contracts were unaffected. Source: https://rekt.news/trustedvolumes-rekt</description>
    </item>
    <item>
      <title>Solv Protocol&apos;s BRO vault lost $2</title>
      <link>https://lens.tenpound.xyz/wire/1563fa3f-26ce-43aa-a8f9-4f024d1dfbc0</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/1563fa3f-26ce-43aa-a8f9-4f024d1dfbc0</guid>
      <pubDate>Sun, 10 May 2026 13:11:12 GMT</pubDate>
      <category>post-mortem</category>
      <description>Solv Protocol&apos;s BRO vault lost $2.7M after an attacker exploited a missing nonReentrant modifier on two callback functions in the BitcoinReserveOffering contract — converting 135 BRO into 567 million BRO via repeated reentrant minting, then swapping for 38 SolvBTC. The contract shipped without an audit; Solv&apos;s HackenProof bug bounty excluded the vulnerable EVM contract entirely. Solv has pledged full reimbursement. Source: https://rekt.news/solv-rekt</description>
    </item>
    <item>
      <title>Kelp DAO&apos;s LayerZero DVN verification layer was compromised in April 2026, allowing attackers to forge cross-chain messages and mint 116,500 unbacked rsETH tokens</title>
      <link>https://lens.tenpound.xyz/wire/f1e21038-7f66-4e57-a8ef-5594677a6643</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/f1e21038-7f66-4e57-a8ef-5594677a6643</guid>
      <pubDate>Sun, 10 May 2026 13:11:07 GMT</pubDate>
      <category>post-mortem</category>
      <description>Kelp DAO&apos;s LayerZero DVN verification layer was compromised in April 2026, allowing attackers to forge cross-chain messages and mint 116,500 unbacked rsETH tokens. The fake rsETH was deposited as collateral on Aave V3 to borrow ~$236M in WETH. Aave&apos;s TVL dropped $6.6B; protocol losses range from $123M to $230M depending on rsETH exposure allocation. Source: https://rekt.news/aave-rekt</description>
    </item>
    <item>
      <title>A single Aave interface user lost $50M on a CoWSwap-routed AAVE swap after Aave Labs replaced its ParaSwap integration in December 2025 without carrying over the 30% slippage cap</title>
      <link>https://lens.tenpound.xyz/wire/e54d944d-8fe5-4e3a-ba48-39ef038c564a</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/e54d944d-8fe5-4e3a-ba48-39ef038c564a</guid>
      <pubDate>Sun, 10 May 2026 13:11:03 GMT</pubDate>
      <category>post-mortem</category>
      <description>A single Aave interface user lost $50M on a CoWSwap-routed AAVE swap after Aave Labs replaced its ParaSwap integration in December 2025 without carrying over the 30% slippage cap. The solver routed a $50M trade through a $73K liquidity pool. A block builder captured $34.3M; MEV bots took ~$12.5M. Aave collected $110,368 in fees and pledged to return them pending verification. Source: https://rekt.news/price-impact-kills</description>
    </item>
    <item>
      <title>Venus Protocol&apos;s vTHE market on BNB Chain suffered $3</title>
      <link>https://lens.tenpound.xyz/wire/46f8da1a-4a95-4855-b854-440aba7eaaf4</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/46f8da1a-4a95-4855-b854-440aba7eaaf4</guid>
      <pubDate>Sun, 10 May 2026 13:10:58 GMT</pubDate>
      <category>post-mortem</category>
      <description>Venus Protocol&apos;s vTHE market on BNB Chain suffered $3.7M in losses — $2.15M unrecoverable bad debt — after an attacker executed a donation attack, transferring THE tokens directly to the vTHE contract to inflate the exchange rate and bypass the supply cap. The vulnerability was flagged by auditors in 2023 and left unremediated. An identical attack hit Venus&apos;s zkSync deployment in February 2025. Source: https://rekt.news/venus-protocol-rekt4</description>
    </item>
    <item>
      <title>Resolv Labs lost $25 million on March 23, 2026 after a compromised private key granted an attacker unrestricted minting access to USR, the protocol&apos;s dollar-pegged stablecoin</title>
      <link>https://lens.tenpound.xyz/wire/fcd0337a-9472-4fdf-af24-e7bc28ed1a1f</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/fcd0337a-9472-4fdf-af24-e7bc28ed1a1f</guid>
      <pubDate>Sun, 10 May 2026 06:13:36 GMT</pubDate>
      <category>post-mortem</category>
      <description>Resolv Labs lost $25 million on March 23, 2026 after a compromised private key granted an attacker unrestricted minting access to USR, the protocol&apos;s dollar-pegged stablecoin. With no oracle check or mint cap, the attacker deposited 100,000 USDC and received 50 million USR in return — 500 times the expected amount. USR crashed 97.5% within 17 minutes on Curve. Post-mortem: https://rekt.news/resolv-labs-rekt</description>
    </item>
    <item>
      <title>Drift Protocol lost $285 million</title>
      <link>https://lens.tenpound.xyz/wire/b88791ee-3cda-4709-807e-5a61dde9fd8b</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/b88791ee-3cda-4709-807e-5a61dde9fd8b</guid>
      <pubDate>Sun, 10 May 2026 06:13:30 GMT</pubDate>
      <category>post-mortem</category>
      <description>Drift Protocol lost $285 million — over 50% of TVL — on April 1, 2026 after a six-month DPRK social engineering operation. Actors posing as a quantitative trading firm deposited $1 million, built trust through conferences and product discussions, then manipulated Security Council members into signing transactions transferring admin control to an attacker-controlled Solana address. Attribution: UNC4736 (TraderTraitor), medium confidence. Post-mortem: https://rekt.news/drift-protocol-rekt</description>
    </item>
    <item>
      <title>Hyperbridge lost $2</title>
      <link>https://lens.tenpound.xyz/wire/04d018a4-c55e-46bf-b14c-ba7c51572ab4</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/04d018a4-c55e-46bf-b14c-ba7c51572ab4</guid>
      <pubDate>Sun, 10 May 2026 06:13:22 GMT</pubDate>
      <category>post-mortem</category>
      <description>Hyperbridge lost $2.5 million on April 13, 2026 after an attacker exploited missing proof-to-request binding in the Merkle Mountain Range verification logic of the EthereumHost contract. A two-phase attack extracted roughly 245 ETH first, then minted approximately 1 billion bridged DOT tokens and dumped them into DEX liquidity. Initial loss estimates of $237,000 excluded the first phase entirely. Post-mortem: https://rekt.news/hyperbridge-rekt</description>
    </item>
    <item>
      <title>Rhea Finance lost $18</title>
      <link>https://lens.tenpound.xyz/wire/8a8cca24-c979-4637-b520-dd0ca011f8dc</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/8a8cca24-c979-4637-b520-dd0ca011f8dc</guid>
      <pubDate>Sun, 10 May 2026 06:12:49 GMT</pubDate>
      <category>post-mortem</category>
      <description>Rhea Finance lost $18.4 million on NEAR Protocol on April 16, 2026 after an attacker deployed fake token contracts and created liquidity pools that distorted the oracle price feed. The attacker used a manipulated swap path to open large undercollateralised margin positions. Tether froze $3.29 million USDT linked to the attacker address. Post-mortem: https://rekt.news/rhea-finance-rekt</description>
    </item>
    <item>
      <title>KelpDAO lost 116,500 rsETH</title>
      <link>https://lens.tenpound.xyz/wire/865a16dd-6e8d-433d-b858-400fd40de2ac</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/865a16dd-6e8d-433d-b858-400fd40de2ac</guid>
      <pubDate>Sun, 10 May 2026 06:11:30 GMT</pubDate>
      <category>post-mortem</category>
      <description>KelpDAO lost 116,500 rsETH — approximately $292 million — on April 18, 2026 after Lazarus Group (DPRK TraderTraitor) compromised two RPC nodes powering LayerZero&apos;s 1-of-1 verifier bridge. Malicious node software accepted a forged cross-chain message and drained the funds across 20 chains. An emergency pause 46 minutes later blocked a follow-up attempt targeting an additional $200 million. Post-mortem: https://rekt.news/kelpdao-rekt</description>
    </item>
    <item>
      <title>Volo Protocol&apos;s vault admin private key was compromised on April 21, 2026</title>
      <link>https://lens.tenpound.xyz/wire/4359cbee-1cfa-410f-98c5-d7f44f708649</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/4359cbee-1cfa-410f-98c5-d7f44f708649</guid>
      <pubDate>Sat, 09 May 2026 16:41:32 GMT</pubDate>
      <category>post-mortem</category>
      <description>Volo Protocol&apos;s vault admin private key was compromised on April 21, 2026. The attacker drained $3.5 million across three isolated Sui vaults — WBTC, XAUm, and USDC — routing $1.55 million off-chain via Circle&apos;s CCTP in six transactions. Attacker: 0xd763599972ea5a8cfe53d182371ee010dc52ace7e39ccff7d8803ba7100fa46a on Sui. Volo intercepted 19.6 WBTC at bridge exit; net loss after recovery: ~$60K. Source: https://rekt.news/volo-rekt</description>
    </item>
    <item>
      <title>Wasabi Protocol&apos;s deployer key was compromised on April 28, 2026</title>
      <link>https://lens.tenpound.xyz/wire/cf2eca7f-d0a2-4819-a966-a4026d5c337a</link>
      <guid isPermaLink="true">https://lens.tenpound.xyz/wire/cf2eca7f-d0a2-4819-a966-a4026d5c337a</guid>
      <pubDate>Sat, 09 May 2026 16:27:27 GMT</pubDate>
      <category>post-mortem</category>
      <description>Wasabi Protocol&apos;s deployer key was compromised on April 28, 2026. The attacker granted ADMIN_ROLE to a helper contract, then pushed UUPS upgrades on the perpetual vaults and LongPool across Ethereum, Base, Berachain, and Blast. $5.9 million drained — WETH, USDC, PEPE — funded through Tornado Cash. No timelock, no multisig stood between one private key and total protocol control. Source: https://rekt.news/wasabi-protocol-rekt</description>
    </item>
  </channel>
</rss>
