mechanism

According to CoinDesk, bipartisan lawmakers Steven Horsford, Max Miller, Suzan DelBene, and Mike Carey jointly reintroduced the "Digital Asset Protection, Accountability, Regulatory, Innovation, Taxation, and Revenue Act" (also known as the "Equality Act") this Wednesday. The new version of the bill mainly covers the following points: first, it stipulates that regulated payment stablecoins do not generate gains or losses if the cost basis is not less than 99% of the redemption value; second, it establishes a safe harbor for broker-dealer transactions or taxpayer account transactions; third, it clarifies that "wash sale" rules apply to digital assets; fourth, it requires the IRS to assess the current tax burden of small cryptocurrency transactions and to study the feasibility of establishing a tax exemption for transactions under $200 and the potential risks of abuse.The cryptocurrency industry has long advocated for tax exemptions on small transactions to promote the use of cryptocurrencies in everyday payment scenarios. Lawmaker Horsford stated that tax policy is the foundation of the cryptocurrency regulatory framework, and that current tax laws have not clearly addressed many core issues related to digital assets.

Lighter officially stated on X that it has completed the escape mechanism verification conducted by the third party L2BEAT, which means that even if the sequencer at the L2 level fails, users can withdraw funds from Lighter's L2 back to Ethereum in a permissionless manner. It is the first L2 Perp DEX in the industry to achieve this functionality.

Aave has officially proposed a principal retention charitable donation layer, allowing users to continuously donate the generated income to charity while retaining control and liquidity of the principal.The proposal is currently undergoing a temp-check vote in the Aave governance forum. Its core aim is to address three major pain points of traditional charitable models: donors must permanently give up the principal, the funding flow of charitable organizations is unstable, and there is a lack of transparency in the use of funds.According to the proposal, users can deposit assets into yield-generating infrastructures like Aave, direct the earned income to donations, and withdraw the principal at any time.

According to Bloomberg, Iran has begun to launch a Bitcoin-based shipping insurance arrangement for the Strait of Hormuz to address the current high-risk navigation environment in the strait.Recently, Iran has introduced a maritime insurance platform called "Hormuz Safe," which provides digital insurance services for vessels passing through the Strait of Hormuz and allows payments in cryptocurrencies, including Bitcoin.Against the backdrop of escalating U.S.-Iran conflicts and risks in the Strait of Hormuz, the costs of war insurance for ships have surged significantly. Bloomberg previously reported that the insurance costs for some vessels crossing the Strait of Hormuz have now risen to about 5% of the vessel's value.

ZKsync's official announcement stated that following several ZK token governance proposals, the governance service provider ScopeLift has now launched the "ZK Fee Flow System" proposal on the forum. This system is a set of smart contract mechanisms that allow ZKsync Governance to route and allocate protocol revenue and fees through its controllable on-chain mechanisms. ZKsync indicated that the relevant forum post has detailed the contract architecture, operational mechanisms, security measures, and deployment addresses of the system.

After the Kelp security incident, Tether's asset interoperability protocol USDT0 announced details of its protocol security architecture, stating that the current system uses a proprietary DVN (Decentralized Verification Network) and has message veto power, while requiring 3 independent validators to reach a 3/3 consensus based on different codebases before cross-chain messages can be settled.The current validating nodes include USDT0's proprietary DVN, LayerZero, and Canary, with plans to expand to 4/4 and 5/5 verification mechanisms in the future. USDT0 also stated that all multi-signature transactions must undergo multiple reviews by internal teams, external security teams, and auditing institutions before submission for signing. Relevant contracts have been audited by organizations such as Guardian and OpenZeppelin and have launched a $6 million bug bounty program on Immunefi.

Polymarket announced the latest progress on feature updates, including the launch of measures to mitigate latency spam to ensure order placement and cancellation operations, fixing the "insufficient balance/authorization" error, and another core issue affecting limit buy orders is expected to be resolved in the coming days.In addition, Polymarket stated that it has identified and banned multiple clusters of ghost-fill accounts, all of which were created before the deposit wallet system went live. Any account exhibiting ghost-fill behavior will be identified and banned, and the deposit wallet system will also prevent non-compliant accounts from continuing to create new accounts in bulk. More updates will be released in the coming week to address previously outstanding issues.

LayerZero Labs posted on the X platform that the internal RPC used by LayerZero Labs was attacked by the Lazarus Group in the past three weeks, resulting in the compromise of the true source of its DVN (Decentralized Verification Network), while external RPC providers faced DDOS attacks. This incident affected 0.14% of applications and approximately 0.36% of asset value.LayerZero Labs stated that asset security is currently intact, and since April 19, over $9 billion in funds have been completed across chains through the protocol. In response to security risks, LayerZero Labs has stopped providing services for its DVN in a 1/1 configuration, and all default configurations for channels will be migrated to at least a 3/3 or 5/5 multi-DVN mode.Additionally, in response to an incident three years ago where multi-signature holders mistakenly used hardware wallets for personal transactions, LayerZero Labs has removed that signer and changed wallets, while also developing a OneSig custom multi-signature system. LayerZero Labs recommends that developers lock configurations to avoid relying on default settings and plans to launch an asset management platform Console to enhance security monitoring.

According to market news, LayerZero Labs co-founder and CEO Bryan Pellegrino had a heated debate with security researchers today in the ETHSecurity Community Telegram group. The core controversy includes: since LayerZero Labs can immediately upgrade a default library contract without a time limit to forge messages (similar to the case where rsETH was hacked), the LZ OFT, valued at over $3 billion, is recently at risk of being stolen; researcher Banteg pointed out that mainstream projects like Ethena and EtherFi were still using this default library contract weeks ago, and currently, there is still $178 million worth exposed to risk, with these funds coming from projects that are still using the default library.On-chain data shows that LayerZero Labs multi-signature signers participated in non-multi-signature activities such as meme coin trading, DEX exchanges, and cross-chain bridging, which means that the multi-signature keys in the formal environment were connected to websites, increasing phishing risks. Regarding the multi-signature signers of LayerZero using production environment keys for trading activities, Bryan confirmed that the related transactions were completed by members of the multi-signature team, but denied that it was "meme coin trading," explaining it as "testing PEPE on the LZ OFT token standard," and stated that the involved member has been removed. Bryan also suggested that project parties "directly fix configurations" instead of using default configurations to reduce risks. Banteg subsequently tagged a long list of LayerZero users still using the default library contract, pointing out that these projects should migrate to fixed configurations as soon as possible.

According to official news, B.AI launched a significant recharge benefits upgrade event on May 3, temporarily opening a 1:1 equivalent recharge rebate mechanism. Users can enjoy an equivalent amount of credits upon recharge, achieving an ultra-low cost of 50% for accessing cutting-edge models like GPT-5.5, Claude Opus 4.7, and "Sun Ge's Brain," as well as Web3 trading skill packages.This event completely breaks the first recharge limit, with each recharge automatically receiving an equivalent bonus. Each user can accumulate up to $100 in free credits; the platform releases a $10,000 points subsidy pool daily, available in limited quantities across the network, resetting daily on a first-come, first-served basis.Starting today, visit the official website to unlock top-tier computing power at the lowest cost and fully unleash the infinite potential of AI Agents and the on-chain ecosystem.

Paradigm general partner Dan Robinson proposed the "Proof of Address Control Timestamp" (PACTs) mechanism, aimed at providing a protection path for Bitcoin addresses against potential threats from quantum computing.This solution allows holders to generate address control proofs through BIP-322 and create on-chain commitments using a random salt value, completing time anchoring with OpenTimestamps to establish ownership proof without disclosing wallet information. If quantum-vulnerable addresses are frozen in the future through a soft fork, users can submit STARK zero-knowledge proofs to unlock their assets when spending. This mechanism also provides a potential recovery path for wallets derived from BIP-32, but its implementation still relies on Bitcoin introducing STARK verification capabilities and gaining community consensus.

Researcher Dan Robinson from Paradigm proposed a new scheme called PACT (Verifiable Address Controlled Timestamp), aimed at protecting long-dormant bitcoins, including Satoshi's early addresses, from future quantum computing attacks.This mechanism allows users to prove their control over an address through a timestamp without the need to transfer assets or expose on-chain behavior. Once future quantum attacks occur, assets can be recovered in a quantum-resistant version of the Bitcoin network based on that proof. Compared to mandatory migration schemes (like BIP-361), PACT avoids the privacy exposure issues caused by actively transferring assets, providing long-term holders with a more flexible preemptive protection path.

Curve Finance officially announced that it is introducing a bad debt recovery mechanism based on on-chain market mechanisms, allowing CRV-affected users in certain lending markets with bad debts to choose different recovery strategies: directly selling their claims to exit, continuing to hold and wait for potential recovery, or providing liquidity to earn fees and incentives. The core of this mechanism is to establish a trading pool between crvUSD and the tokens of the affected claims, allowing bad debt claims to be priced in the market and creating liquidity, thereby providing users with an immediate exit channel instead of relying solely on the final liquidation results.It is reported that after the cryptocurrency market crash in October last year, some lending markets under Curve Finance experienced bad debt issues, with various liquidity pools being impacted by severe price fluctuations and liquidity contraction, leading to some deposit users facing withdrawal restrictions and asset losses.Curve stated that the recovery mechanism will not eliminate losses or guarantee recovery, but will gradually reflect risks and recovery expectations through a market-oriented approach. Additionally, if the governance layer distributes rewards through the veCRV incentive mechanism, it will help enhance liquidity depth, improve exit conditions, and strengthen market pricing efficiency.

Andre Cronje stated in an interview with Cointelegraph that many DeFi protocols today are "no longer truly DeFi" and are more like "profit-driven companies operated by teams," as they generally rely on upgradable contracts, multi-signatures, off-chain infrastructure, and manual operational control.Cronje pointed out that the current industry is still overly focused on smart contract audits while neglecting operational risks that are closer to traditional finance (TradFi). He believes that recent attack incidents are not due to code vulnerabilities but stem from off-chain infrastructure, permission management, and social engineering attacks.The discussion arises from the recent frequent security incidents in DeFi. In April, protocols such as Flying Tulip, Drift Protocol, and Kelp encountered security events, with Drift and Kelp suffering losses of approximately $280 million and $293 million, respectively.In response, Flying Tulip has introduced a "Withdrawal Circuit Breaker," which can delay or queue withdrawal requests when unusually large withdrawals occur, allowing the team about 6 hours to respond. Cronje emphasized that this mechanism does not permanently freeze withdrawals but serves as a layer of protection within the security system.However, Michael Egorov holds a cautious attitude towards this. He stated that the circuit breaker itself could also become a new point of centralized risk. If control permissions fall into the hands of an attacker, the mechanism originally intended to protect the protocol could instead be used to freeze assets or directly transfer funds.Egorov believes that the long-term direction of DeFi should be to minimize human intervention and centralized permissions as much as possible, rather than adding more layers of manual control. "The security of DeFi comes from decentralization, not more human management."

OKX founder Star commented on OKX Boost while retweeting a post from RootData, stating that it is not just an incentive but also an early discovery and price discovery mechanism for new projects.In the tweet, RootData, in collaboration with OKX, released the first quarter report for OKX Boost, which shows that during the event, 23 projects distributed over $11 million in incentives, with an average of about 20,000 active participants per event and an average transparency score of over 70%. The listing rate for OKX spot or futures reached 45%.

Pump.fun has completed the destruction of all previously repurchased PUMP tokens, involving an amount of approximately $370 million, accounting for about 36% of the circulating supply. Meanwhile, Pump.fun announced the launch of a programmatic buyback and burn mechanism, which will use 50% of net income over the next year to repurchase $PUMP on the open market and immediately burn 100%. This mechanism is executed through an irreversible smart contract, covering the revenue sources of Pump.fun's three major product lines: the joint curve, PumpSwap, and Terminal. The execution process includes four steps: fee aggregation, intermediate wallet integration, and buyback and burn, which can be tracked in real-time via fees.pump.fun.The remaining 50% of the income will be used to support business operations and ecological development, including team expansion, strategic investments, and marketing. Pump.fun stated that this move aims to address the community's concerns about the long-term value of the token and the transparency of the buyback mechanism, with the goal of continuously reducing the circulating supply.

According to a report by Jinshi citing Xinhua News Agency, Iranian Foreign Minister Amir-Abdollahian called on regional countries to establish a collective security mechanism "not subject to U.S. interference." During a meeting with Oman's Sultan Haitham in the capital Muscat, Amir-Abdollahian stated that Iran's experience shows that the U.S. military presence in regional countries only leads to turmoil and division in the region. He urged regional countries to jointly build an independent collective security mechanism without U.S. interference.

According to Cointelegraph, the decentralized finance platform Flying Tulip, founded by Andre Cronje, has launched a withdrawal circuit breaker mechanism that can delay or queue withdrawals during abnormal capital outflows to limit potential losses and buy time for the team to investigate.The operation of this mechanism varies across different products: in the Perpetual PUT product, withdrawals may be rolled back, and users will need to try again later; in ftUSD, withdrawals will enter a queue and can be claimed after a delay. Flying Tulip stated that this mechanism employs a "fail-open" design, meaning that transactions can continue to be executed even if the safety mechanism fails.