GM, frens! ☕️

Someone had to invent the wheel once. A simple idea, obvious in hindsight, but at the time it probably looked strange, unnecessary, maybe even pointless. Most inventions start that way - awkward, misunderstood, and a little ahead of the moment they’re meant for.

Our space isn’t that different. Every now and then something appears that looks odd at first, until people start using it and suddenly it feels obvious. That’s usually how invention works: confusing today, normal tomorrow 👀 

Here’s what we’re looking at this week:

• 📱 Google warns: iOS exploit chains are showing up in crypto scams

• ✉️ “Send” should stop meaning “show everything”

• 🎲 Polymarket’s backlash moment: can you price anything?

• 👻 AAVE governance conflict update

• 🔥 EIP 7805 and FOCIL: Ethereum closing the censorship gap

Below is how our $WALLET bag is doing right now:

If you enjoy watching new ideas roll forward 🫡 our Discord is always open.

Google warns: iOS exploit chains are showing up in crypto scams

Most crypto scams are lazy. A fake site or a fake popup, a rushed moment and you hand over your seed phrase because you’re half-awake and the page looks “real enough” 🤔 

This one is way worse because it’s trying to skip the persuasion step 👇️ 

Google’s threat researchers say they tracked an iOS exploit kit being used to steal crypto wallet seed phrases via fake websites, meaning you could land on the wrong page and the attack chain does the rest, without you even clicking anything 🤯 

• The kit is referred to as Coruna, and the detail that should make anyone with an iPhone sit up is how wide the targeting window was: iPhones running iOS 13.0 up to 17.2.1.

• This thing wasn’t built to do one trick. It’s an exploit kit with multiple exploit chains and a pile of individual exploits, and the workflow looks like a modern “delivery platform” rather than a one off hack 📱 

The researchers describe a setup where the attackers used fake websites that served JavaScript designed to fingerprint the device and then deliver the right exploit chain for that iPhone. Once the device is compromised, the kit is hunting for financial information, including seed phrases and related keywords 🫣 

That’s a different category from the usual scammer playbook. It’s not just social engineering. It’s social engineering plus a technical trapdoor.

• Google says it first found parts of the framework in February 2025, and it later tracked the same tooling moving through very different hands: from a spyware vendor’s customer, to suspected Russian operations targeting Ukrainian users, and then to a financially motivated group in China 🤔 

• Once an exploit kit is in the “make money” ecosystem, it stops being precious. It gets reused, repackaged, and pointed at whatever pays.

• Google explains that this is an example of sophisticated capabilities proliferating, with an active market for second hand zero day exploits being a plausible explanation for how it traveled.

There’s also a disturbing side info about where Coruna came from.

• CyberScoop reports iVerify saying it has some evidence the toolkit was originally a leaked US government framework, while also stressing that the bigger lesson is that these tools inevitably end up in the wild and get used by bad actors 🤯 

• Google and iVerify also connect the kit to Operation Triangulation, a campaign Kaspersky wrote about earlier 👇️ 

And the uncomfortable truth is that this kind of kit is designed to punish the exact behavior crypto trains into people: chasing links, chasing airdrops, chasing “one quick thing” on mobile.

“Send” should stop meaning “show everything”

Crypto has a weird default setting: every time you send funds, you’re also kind of handing over your whole wallet’s history over. Not just that one transfer, but the trail behind it. Balances. Counterparties. The stuff you never agreed to mention out loud 🤐 

Normal wallets made “public by default” feel normal, because everyone got used to it. But it’s still a goofy tradeoff.

Paying someone should not automatically reveal your entire financial life, and getting paid should not turn into an open invite for strangers to follow where it goes next 🤷‍♂️ 

So Ambire is leaning into private transfers as a wallet level feature, with tech that connects into privacy tooling like Railgun and Privacy Pools, wired through the Kohaku SDK. You keep using your everyday wallet, but you get an option where the recipient gets paid without also getting a map of your account 🫰 

The interesting part is how “privacy” stops being a spooky word the moment you describe normal situations 🙃 

Paying a contractor without exposing your runway. Receiving a salary without your employer seeing what you spend it on next. Donating without inviting harassment. Running a small business without competitors watching cash flow onchain.

Public ledgers can stay public, but users deserve a private mode that feels as standard as “send.” If that sounds obvious, that’s the point. It should be.

Soon 👀 

Polymarket’s backlash moment: can you price anything?

Prediction markets. Most of the time they can feel like a nerdy sport. You see contracts about elections, macro, launches, court cases and you can argue those are just public processes with public signals. Even when it gets heated, it still sits inside the normal world where the outcome is something you can discuss without feeling gross.

But sometimes it can be different. Because there’s a difference between “what will happen” and “will something horrifying happen?” and that tiny detail matters.

The moment you take an event where real people could die and you turn it into a tradable yes or no, you’ve turned a chunk of the internet into a room where somebody can hold a position and benefit from the worst timeline.

That’s the moral part people react to first, and they react to it fast.

Where do we draw the line?

This stuff makes you remember that Simpsons meme, the one about people betting on monkeys knifing each other. It’s stupid on purpose, but it works because it captures the feeling. At a certain point “markets for everything” stops sounding like information and starts sounding like entertainment built on suffering. You don’t need to be anti crypto to feel that.

Also the second you list markets tied to war, attacks, assassinations, or anything adjacent to violence, you invite insider trading accusations even if nobody can prove anything. It’s not only about whether someone can influence the outcome.

It’s about whether someone might have heard something early, whether they might be connected to people who know, whether the market becomes a magnet for “how did they know?” threads 🤦‍♂️ 

It also obviously becomes a reputational liability for the platform itself. A prediction market can say it’s just measuring sentiment, but betting is betting 🐷 

In the end, Polymarket pulled the most upsetting “nuclear detonation” market after the backlash got big enough. The contract didn’t survive contact with the wider internet, and that’s the part that matters. It’s an acknowledgement that even in a turbo degen space like ours, the one that loves to pretend it can financialize anything, some questions still trigger a hard stop 🫠 

That does not solve the bigger problem though, because the bigger problem is the category, not one market.

Prediction markets are getting bigger, more mainstream, more culturally present. Every time they brush up against death, violence or catastrophe, the exact same argument is going to restart.

One side will say it’s information, the other side will say it’s sick, and everyone else will ask the only practical question that matters: who decides what is allowed?

If the answer is “the people decide” then the people just decided this one was too far.

If the answer is “the platform decides” then platforms are going to keep learning, the hard way, that some trades come with a cost you can’t hedge.

AAVE governance conflict update

The Aave Chan Initiative (ACI), led by Marc Zeller, is winding down its work with Aave over the next four months. This is the latest consequence of an internal, drawn out power struggle inside Aave governance.

• ACI wasn’t some random committee. It was one of the governance and business development forces orbiting Aave for years, which made it part operator, part negotiator, part governance mechanic.

• When that sort of group says “we’re winding down” it usually means one of two things: either the work is finished, or the working relationship isn’t worth the friction anymore.

This time, it’s clearly the second 🤔 

Aave is huge, and that changes governance

When a protocol hits Aave’s scale, governance stops being a “community process” in the cute way people mean during bull markets. It becomes resource allocation. It becomes influence. Internal politics ⚙️ 

The current conflict is revolving around Aave Labs and the governance structures the DAO leans on, including who the DAO “actually enjoys” meaning which actors end up functioning as the DAO’s real operational layer 🏃 

That matters because Aave isn’t only code. It’s a brand, a product suite, a treasury, a set of distribution channels and a lot of expectations about what “Aave” is supposed to be next.

There are a few recurring fault lines in what’s described:

• One of the sharper points raised is that the largest budget recipient can hold undisclosed voting power and vote on proposals tied to its own interests. You don’t have to accuse anyone of anything for that to be uncomfortable. If governance is meant to be legitimacy, the appearance of circular influence is enough to make everything harder 🤷‍♂️ 

• There was an attempt to move Aave related intellectual property, including social accounts and the website, into the DAO. That proposal failed. Even if you don’t care about the specifics, the theme is obvious: who owns the keys to the Aave identity, and who gets to decide what “Aave” is, legally and operationally 🤳 

• There was also a proposal to direct revenue from Aave branded products, including the website, to the DAO. That sounds tidy on paper, but the details matter, and the details are where governance fights live 🤓 

• A proposal included language “ratifying” Aave V4 as the core technical foundation for future development. That becomes a big deal if any party feels like they’re being asked to endorse a roadmap under pressure, or accept governance language that turns into a mandate later.

None of this is unique to Aave. It’s just more visible at Aave’s scale because every decision comes with real big money and serious long term consequences.

ACI’s wind down follows BGDLabs exiting earlier in the year, described as another major piece leaving the ecosystem. Traders also note an AAVE price drop around that period, which isn’t proof of anything by itself, but it does show how quickly markets translate internal governance stress into “maybe something’s wrong” 💰️ 

The uncomfortable truth is that DeFi “maturing” doesn’t only mean better UX, it also means the politics mature, because the stakes mature 🧠 

Early stage DeFi governance is often optimistic and sloppy, because everyone’s building and nobody has time to fight. Later stage governance becomes more formal and more tense, because now there’s something to capture, something to defend, and something to lose.

Aave is deep into the later stage category. If you’re running a DeFi giant with volumes that equal GDPs of some countries out there, you don’t get to rely on smooth vibes to keep everyone aligned.

EIP 7805 and FOCIL: Ethereum closing the censorship gap

Block production on Ethereum changed a lot with proposer builder separation.

A lot of validators take pre built blocks from specialized builders because it’s efficient and pays better.

There’s a downside: if builders decide certain transactions are not worth the hassle, they can keep skipping them. Most of the time your tx gets in eventually. The whole point is what happens when “eventually” becomes “whenever the gatekeepers feel like it” 👿 

So Ethereum is moving toward a protocol level way to force inclusion 👇️ 

What’s being added

EIP 7805 is the proposal, and the mechanism people talk about is FOCIL, short for Fork Choice enforced Inclusion Lists.

The simple version: for each slot, a randomly selected committee of validators produces a short inclusion list of transactions that should be included. The next block is expected to include that list. If it does not, the chain’s fork choice logic makes it harder for that block to become canonical because attesters are supposed to withhold support.

So instead of “builders decide what counts,” it becomes “builders can optimize, but they cannot keep ignoring specific transactions if the protocol is telling them to include them.”

This is Ethereum spending complexity budget on neutrality.

Censorship resistance sounds like politics, but the practical version is basic: can a valid transaction get stuck because the most profitable block builders do not want it?

FOCIL is Ethereum admitting that modern block building introduced a new trust assumption, and trying to remove it. Not by asking builders to behave, but by making “skip these forever” a strategy that stops working.

This is still a protocol change, so it means implementation work, client coordination, testing, and making sure the inclusion list mechanism cannot be abused to clog the network.

But directionally it’s clear: Ethereum is trying to turn censorship resistance from a slogan into something the protocol actually enforces.

Other worthy reads

“Agentic commerce will use cards first, then stablecoins” by Simon Taylor:

“The Multiverse Market” by Delphi Digital

“Geopolitics takes the wheel as U.S.-Israel strike on Iran rattles risk assets” - a market update by Wintermute:

MEMES

That's all for now, frens.

We'll meet in a week! And remember, the market conditions are temporary, but our commitment to building a better Web3 is here to stay. Thanks for joining us, and we look forward to seeing you back next week. Cheers!

Yours, The 🔥 Team

Brought to you by Ambire: The Only Web3 Wallet That You’ll Need!