Your Weekly Dose of "WTF is going on in crypto" is here 🫡

GM BUIDLers!

In this latest issue of HashingBits, we're diving deep into Ethereum's Core Developers meetings, covering all the major updates in the Ethereum ecosystem. But that's not all—we'll explore the latest happenings in the Arbitrum, Base & Solana ecosystems, along with advancements in the AI & Web3 space. For developers, we're highlighting new tools designed to assist smart contract developers and auditors.

EtherScope: Core Developments 👨‍💻

L1 & L2 Developments

Cetus is now integrated with Phantom wallet to power native in-wallet swaps on Sui. '
Bedrock unveiled full $BR tokenomics, allocating 20% to the community with 5.5% already airdropped and 14.5% reserved.
Sonic is now live on Infinex, reuniting DeFi veterans Andre Cronje and Kain Warwick.
Uniswap announced that Coinbase is building on Uniswap v4, leveraging its Hooks feature for onchain customization.
Stargate now supports native USDC transfers to Aptos via Circle's CCTP, enabling 1:1 capital-efficient bridging from seven connected chains.
Hyperliquid is introducing Staking Tiers, where users staking HYPE will receive reduced trading fees.
ChainGPT has integrated with Sonic, the fastest EVM Layer 1, bringing its AI NFT Generator, ChainGPT Pad, and DegenPad to the network.
The Uniswap community has approved a $120.5M budget to support Uniswap v4, Unichain, and governance initiatives over the next two years, allocating 20.32M UNI for grants and operations.
The Uniswap community has approved funding for Unichain and Uniswap v4 liquidity incentives, allocating 7.59M UNI to an Aera vault under governance oversight.
Cryptex Finance has launched the Arbitrum DeFi Index (ARFI), tracking top DeFi protocols on Arbitrum, including Aave, GMX, Uniswap, Pendle, Stargate, and Curve.
Fluid has launched its Swap UI, enabling users to swap tokens at the best on-chain prices through its aggregator, which integrates Kyber Network, 1inch, Paraswap, and others. No frontend fees are applied.
EigenLayer has integrated decentralized proving and EigenDA into ZKsync’s Elastic Network, enhancing speed, cost efficiency, and security for ZK rollups. EigenDA now serves as ZKsync’s preferred data availability layer, offering 15 MB/s throughput and a fixed pricing model.
Drift has launched Momentum, a five-week program starting in mid-April to support 5-7 growth-stage DeFi projects on Solana.
Spark has concluded the Tokenization Grand Prix, selecting BlackRock’s BUIDL, Superstate’s USTB, and Centrifuge-Anemoy’s JTRSY as winners.
Moonwell has launched its Flagship USDC Vault on Optimism Mainnet, powered by Morpho Labs and curated by Block Analitica and B.Protocol.
Story Protocol now supports Bridged USDC via Circle’s Bridged USDC Standard, improving security and reducing liquidity fragmentation.
Argent Metal has launched on Starknet, enabling fully onchain payments with 100% self-custody, zero hidden fees, and cashback rewards.
Avantis has launched onchain crude oil (WTI) trading for qualified non-US users, leveraging Base, Pyth Network, and its AMM.
Aave v3 is now live on Celo following a unanimous governance vote. Users can supply, borrow, and stake assets, with CELO, USDT, and USDC available as collateral.
Satoshi Protocol has introduced Satoshi FUN, an AI-driven governance system that rewards liquidity providers and active participants based on real-time community sentiment.
SyrupFi vaults are now live on Superform, offering up to 14% APY on USDC and USDT.
HeyAnon has integrated with GMX, enabling users to execute trades using simple prompts.
DIA has partnered with Vingt, an AI-powered asset management platform, to provide real-time on-chain price feeds for ETH and BTC.
USDS is now available on Arbitrum and can be swapped on Sushi. Through SushixSwap, users can also bridge and trade USDS across multiple chains, expanding access to the stablecoin.
Pump.fun launched PumpSwap, a native DEX on Solana enabling instant, fee-free migrations for coins completing their bonding curve.
Resupply is now live, introducing $reUSD, a decentralized stablecoin backed by yield-bearing lending vault tokens.
Denaria has launched its public testnet on Linea Sepolia, allowing users to trade long and short while earning DXP points on its perpetual DEX.
Coinbase has launched Verified Pools, a curated selection of liquidity pools requiring Coinbase Verifications credentials.
f(x) Protocol is launching wBTC markets tomorrow, offering up to 7x leverage with zero funding fees and minimized liquidation risk.
Ethena is expanding USDe, USDtb, and iUSDe issuance natively while integrating with TradFi through purpose-built formats.
Napier v2 is now live across 10+ EVMs with support from 50+ partners, introducing enhanced security, new markets, and DeFi integrations.
Chaos Labs has introduced Chaos AI, an AI-powered crypto researcher designed to provide institutional-grade financial intelligence.
Drift has launched Swift Protocol, a major liquidity upgrade that aggregates liquidity for better execution. The update enables faster fills, lower slippage, and gasless trading.

EIPs

EcoExpansions: Beyond Ethereum 🚀

Solana

How to grow your crypto startup
The DePIN szn is on
@Solana's first Meta DEX Aggregator is here

Arbitrum

Nominee Selection phase has officially begun.
Session is coming to legion
Introducing Stable

Base

This week on base nfts
The Rodeo iOS app is here
@AnichessGame is the latest addition to @base

Hackathons, Workshops, CTFs & Events

Mar 28-30 – ETH Pondy (Puducherry) hackathon
Solana Summit is here
Venn is hosting a Wallet Security Hackathon

Partners Spotlight

@FoundershipHQ x @okto is cookin’!
Aethir x solana Super Month is here
@MantaNetwork Mindshare: Community & Ecosystem Talk EP.3

Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖

Twitter

@HumnNetwork - largest platform for identity proof, goes live on @eigenlayer
@DataHaven_xyz - solving the data storage problem dropped their litepaper
@Mantle_Official fully activated @eigen_da on their mainnet
@eigen_da is now the largest alternative DA provider in the world - in terms of TVL

Articles

Debugging Hardhat Smart Contract Project with Tenderly
What We Can Learn from the $1.4 Billion Bybit Hack?
Why Some Smart Contracts Pass an Audit but Still Get Hacked

Research Papers

Decentralization: A Qualitative Survey of Node Operators
A Stateless and Secure Delivery versus Payment across two Blockchains

Watch🎥

Coordinated

@0xcoordinated

NEW EP: How Ungate is opening the doors for Verifiable AI
AI is taking over, but can we really trust it? 🤔
In this episode, @satyaki44 sits down with @0xnavkumar to break down why AI needs crypto, how @eigenlayer powers @UngateAI, & why verifiable AI is the future.
They dive

7:31 PM • Mar 18, 2025

Retweets

Likes

Read 2 replies

Web3 Security

Articles

ZOTH Post mortem report
Four Meme’s $120k Attack Analysis
How Secure Is Your Solana Smart Contracts?
Have You Considered These Security Architecture while building scalable dApps/smart contracts?

Research Papers

CoBRA: A Universal Strategyproof Confirmation Protocol for Quorum-based Proof-of-Stake Blockchains
ammBoost: State Growth Control for AMMs

Twitter

AI vs Humans - whos a better auditor?
Auditing smart contracts on Hardhat can feel like navigating a maze.
OKX temporarily paused the DEX aggregators

Biggest Hacks

1. ZOTH - $8.4M

On March 21, 2025, at 08:47:35 AM UTC, the Zoth protocol suffered an exploit due to a compromise of its deployer wallet, which led to the unauthorized upgrade of a proxy contract to a malicious implementation.

This allowed the attacker to withdraw approximately $8.4 million USD0++ tokens, which were quickly swapped for DAI and later converted into ETH.

The attack appears to have been planned weeks in advance, with all associated accounts being funded via ChangeNOW.

Initial Funding & Preparation

March 14, 2025, 12:49:47 PM UTC:

Attacker's wallet 0x3b33c5cd948be5863b72cb3d6e9c0b36e67d01e5 was funded with 0.54626537 ETH (~$1,072.12) via ChangeNOW.

March 15, 2025, 04:58:35 PM UTC:

Attacker deployed a malicious contract at 0xc89d7894341e13d5067d003af5346b257d861f56.

Execution of the Exploit

March 21, 2025, 08:47:35 AM UTC:

The attacker, having compromised the Zoth deployer wallet, upgraded the USD0PPSubVaultUpgradeable proxy contract to the malicious implementation.
The attacker executed transaction 0x33bf669d125d11c432ac9b52b9d56161101c072fd8b0ac2aa390f5760fb50ca4, withdrawing 8,851,750.373778311459263 USD0++ tokens (~$8,484,544.36) to address 0x3b33c5Cd948Be5863b72cB3D6e9C0b36E67d01E5.

Immediately after:

The attacker swapped USD0++ tokens for 8,323,591.477168 DAI (~$8,319,354.77).
At 09:06:47 AM UTC, the attacker sent the 8,323,591.477168 DAI to their second wallet 0x7b0cd0d83565adbb57585d0265b7d15d6d9f60cf.
Using CoW Swap and Uniswap V2, the attacker swapped the entire DAI balance into ETH via transaction 0xef528f68bf9ed5e8b3d502435d4773fb70d4d682c8a019e20b6818692ade5dc3.

The attacker currently holds all funds in ETH in their second wallet 0x7b0cd0d83565adbb57585d0265b7d15d6d9f60cf.

2. Four Meme

The exploit on the Four Meme token stemmed from a vulnerability in its liquidity mechanism, which allowed the attacker to bypass transfer restrictions and manipulate the liquidity pool pricing.

By leveraging an uncreated PancakeSwap Pair address, they were able to initialize liquidity at an unintended price, effectively draining funds from the pool.

This attack was possible due to a flaw in the transfer function, which allowed unlaunched, untransferable tokens to be moved freely to any address, including the predicted LP address.

As a result, the attacker front-ran the launch transaction, adding liquidity and then immediately extracting profits.

This report breaks down the funds flow, contract interactions, and laundering methods used in the attack.

Community Spotlight

QuillAudits | Web3 Security 🥷

@QuillAudits_AI

GM degens! 🐻
Just dropped a fresh audit for @JunkyUrsas - the flagship NFT collection powering Junky Bets, @berachain's hottest GambleFi hub!
We've secured both their Single Game & PVP systems, making sure these bears are ready to play hard & stay safe. 
The Junky Ecosystem

7:30 PM • Mar 19, 2025

Retweets

Likes

Read 3 replies

QuillAudits | Web3 Security 🥷

@QuillAudits_AI

Security is Freedom https://twitter.com/coinbase/status/1902449987658670400

Coinbase 🛡️

@coinbase

Economic freedom.

3:58 PM • Mar 21, 2025

Retweets

Likes

Read 1 replies

QuillAudits | Web3 Security 🥷

@QuillAudits_AI

Not just that but we're also perk partners w/ @alliancedao !
Whenever a project gets accepted into Alliance, they automatically receive security coverage grants from us 😋
Already dished out 500k+ in grants & we're just getting started 🥷 https://twitter.com/solana/status/1901782295968878792

Solana

@solana

calling all Solana builders focused on the app layer — $450k in funding — elite mentorship — pitch VCs at Demo Day apply now to @alliancedao's next accelerator cohort

12:58 PM • Mar 20, 2025

Retweets

Likes

Read 1 replies

QuillAudits | Web3 Security 🥷

@QuillAudits_AI

Ooga Booga 🐻
@JunkyUrsas's season 1 is officially LIVE! 
We've made sure these bears can play without any security worries. 
LFG bears! 🔥 https://twitter.com/JunkyUrsas/status/1902438297550356916

Junky Ursas

@JunkyUrsas

JunkyBets Season 1 with extended prize pool is LIVE! Try your luck on our app (link in the description) 👀 LET'S GO GAMBLE! 🎲

10:41 AM • Mar 20, 2025

Retweets

Likes

QuillAudits | Web3 Security 🥷

@QuillAudits_AI

GM NYC fam!🗽
Our co-founder & CSO @bigrkg will be at @Blockworks_  Digital Asset Summit 2025 in NYC during March 18-20!
If you're around the summit, do grab a coffee with our man & talk all things web3 security 🥷
Cya there!