<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/">
    <channel>
        <title>0xesco</title>
        <link>https://paragraph.com/@0xesco</link>
        <description>The Nomad hack is the greatest illusion in Web3. No mastermind 'super-hacker'. Just one smart contract flaw and 846 wallets copy-pasting a single transaction.  I tracked the exact on-chain receipts and damage numbers. Here is what a $174.7M digital riot looks like.</description>
        <lastBuildDate>Sat, 04 Jul 2026 15:08:28 GMT</lastBuildDate>
        <docs>https://validator.w3.org/feed/docs/rss2.html</docs>
        <generator>https://github.com/jpmonette/feed</generator>
        <language>en</language>
        <image>
            <title>0xesco</title>
            <url>https://storage.googleapis.com/papyrus_images/c73d8ca76e7f22cfdcef19a278f0e6269a4a64efb97516a678b229a343870433.jpg</url>
            <link>https://paragraph.com/@0xesco</link>
        </image>
        <copyright>All rights reserved</copyright>
        <item>
            <title><![CDATA[Hunting Rug Pulls Before They Happen: A Uniswap V2 Liquidity Terminal]]></title>
            <link>https://paragraph.com/@0xesco/hunting-rug-pulls-before-they-happen-a-uniswap-v2-liquidity-terminal</link>
            <guid>V61HDTuLj9i5SjZ1iJ3B</guid>
            <pubDate>Tue, 30 Jun 2026 09:52:49 GMT</pubDate>
            <description><![CDATA[Most rug-pull detectors work after the fact — someone notices the chart go to zero and writes a post-mortem. I wanted something that watches the pool in real time and tells you, in one query, whether what just happened to a pair's liquidity actually means something.]]></description>
            <content:encoded><![CDATA[<hr><h2 id="h-the-problem-with-new-pair-lists" class="text-3xl font-header !mt-8 !mb-4 first:!mt-0 first:!mb-0">The Problem with "New Pair" Lists</h2><p>Every block, dozens of new Uniswap V2 pairs get created. Most are noise — test tokens, abandoned forks, honeypots nobody ever funds. A raw feed of PairCreated events is useless on its own; you need to know which pairs actually received real liquidity, and from there, which ones had that liquidity yanked back out.</p><h2 id="h-building-the-watcher" class="text-3xl font-header !mt-8 !mb-4 first:!mt-0 first:!mb-0">Building the Watcher</h2><p>I parsed PairCreated and Transfer events together, layering CTEs so the query first identifies new pairs, then checks how much WETH actually flowed into each one within the first 24 hours. Pairs below a minimum liquidity threshold get filtered out before they ever reach the table — no point flagging a pool nobody funded.</p><br><pre data-type="codeBlock" text="WITH recent_pairs AS (
    SELECT evt_block_time, token0, token1, pair
    FROM uniswap_v2_ethereum.factory_evt_paircreated
    ORDER BY 1 DESC
    LIMIT 50
),

liquidity_adds AS (
    SELECT &quot;to&quot;,
           SUM(CAST(value AS DOUBLE) / 1e18) AS value_eth
    FROM erc20_ethereum.evt_Transfer
    WHERE evt_block_time &gt;= now() - interval '1' day
      AND contract_address = {{Target_Token}}
    GROUP BY 1
)

SELECT rp.evt_block_time, la.value_eth, rp.pair
FROM recent_pairs rp
LEFT JOIN liquidity_adds la ON rp.pair = la.&quot;to&quot;
WHERE la.value_eth &gt; {{Min_Liquidity_Added}}
ORDER BY 1 DESC;"><code><span class="hljs-keyword">WITH</span> recent_pairs <span class="hljs-keyword">AS</span> (
    <span class="hljs-keyword">SELECT</span> evt_block_time, token0, token1, pair
    <span class="hljs-keyword">FROM</span> uniswap_v2_ethereum.factory_evt_paircreated
    <span class="hljs-keyword">ORDER</span> <span class="hljs-keyword">BY</span> <span class="hljs-number">1</span> DESC
    LIMIT <span class="hljs-number">50</span>
),

liquidity_adds <span class="hljs-keyword">AS</span> (
    <span class="hljs-keyword">SELECT</span> <span class="hljs-string">"to"</span>,
           SUM(CAST(value <span class="hljs-keyword">AS</span> <span class="hljs-type">DOUBLE</span>) / <span class="hljs-number">1e18</span>) <span class="hljs-keyword">AS</span> value_eth
    <span class="hljs-keyword">FROM</span> erc20_ethereum.evt_Transfer
    <span class="hljs-keyword">WHERE</span> evt_block_time &gt;= now() - interval <span class="hljs-comment">'1' day</span>
      <span class="hljs-built_in">AND</span> contract_address = {{Target_Token}}
    <span class="hljs-keyword">GROUP</span> <span class="hljs-keyword">BY</span> <span class="hljs-number">1</span>
)

<span class="hljs-keyword">SELECT</span> rp.evt_block_time, la.value_eth, rp.pair
<span class="hljs-keyword">FROM</span> recent_pairs rp
LEFT <span class="hljs-keyword">JOIN</span> liquidity_adds la <span class="hljs-keyword">ON</span> rp.pair = la.<span class="hljs-string">"to"</span>
<span class="hljs-keyword">WHERE</span> la.value_eth &gt; {{Min_Liquidity_Added}}
<span class="hljs-keyword">ORDER</span> <span class="hljs-keyword">BY</span> <span class="hljs-number">1</span> DESC;</code></pre><figure float="none" data-type="figure" class="img-center"><img src="https://storage.googleapis.com/papyrus_images/f786c8565c7d0524cef6fd0b47a1eac769964b98380e97e9cd3c5b78f1ccdc71.png" blurdataurl="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAANCAIAAABHKvtLAAAACXBIWXMAAAsTAAALEwEAmpwYAAAD8klEQVR4nF2U72taVxjHzzZ94TVwL+OKx3kj2qgpaqrBJs2apFWYKTU02qVaOi1mnWShS0ZMRjSkV8kPM03T7OY6G6uNvgjWFHQFIxLJSGXEFRICHdKW0XUdW9mb/Qfbiw09JJPC98XhuV/Oc8/n+5wDwqFVlonfu7sRoBebKblSoaGoFhGUCsgP6hILSLFM2kpRLTJpq1KhkUlbG3VkrtmOzUhoK/B49wnLxP10cMIzXdk7nPTMHOxXXzx/ncsWtvI7W/mdXLZgt7lYJv5498nY6JTd5nI63Mc62K/+8/e/xeJuZuO7fL6UyxacDnfoa/bHytNw6JsAvQgW5pcX5m7fGLqpVGh02jMA8Px0MHX/4b27G5uZfObBowizzsfIzo7e+tf3uBy8UT7vbDKR3srvbGbyuWwhwqwTuFAm0+hPGwAAdpsLTHpmJjzTly3XdNozapWewKHPO8usrIVDq3eWorX288siKO3pNnV29BI4bKQhIMVjo1N+Ouing8zKWoRZXw5/K4JSrfasyWQFgOd0uEEuW8hlCz5voPus8cbQTS4Hz2WLr37542C/+vLlm99e/VnZOyRw2G8e7DMNAMAjcCEfIwkc8jGSj5HJRPrF89eVvcOD/eqb3//66enPFNWi0/VarK7/TzA2OmW1XFWr9EaDmY+RE57pzUz+zlKUZeKZB49i0RSBw86OXrVK34gItRn74qtwaHVh7vZSKBIOrfrpIIQSheJUR4cRAI7T8Rnw08EAvWi3uZSKNqWiTUCK7TbXMQEIJQJSjDJgmTizsrbKJpiVtWQibbddRxnksoVYNBWLppKJdCyaEkGpTtdz8aIdgHdqDVCSPu+sWqW3Wq7yee8jXyyaYpn4ZibPMnE+RvaZBkaGx9u1XSiMc+f65HI1l4OzTByRKW3/8OzZr0eIei4NXK8jGgIjw+Mjw+P95kGlQmM4f4GPkSPD4wF60eedvXVrob4IEDhs13a1a7sQlkY5HW6fd3bSM7Mwv4xoHyPicvBmSg7QwdHffdhpJHA46ZkZtH5y5YrTbnPZba5+8yCBQ8P5C3466HS4Px/+8tOhkUnPTE+3iY+REWb9YL9a2i6Xtsu5bDGXLVJUi/604dJADSCBQxBh1lEDtUqvVLTVchudQnkcSfMuaDIazMViOXX/YTKRZpl4MpG+bLkGAI9l4pW9w9J2uZD/vg6qLILSU9ruj0wf10cOAqPBbDSY27VdXA7Bx0guh6hVAa9RXA7RhAnEYrkIykRQ2kzJmym5gBRzOYSAFL91OZC5CROckJ2sDd78XHhsdOqE7CSEEhGUQihBi0ah4ltXDM0YklBACYU1w3EFQgl6jv4DQPaPJVl3i9EAAAAASUVORK5CYII=" nextheight="805" nextwidth="2048" class="image-node embed"><figcaption htmlattributes="[object Object]" class="hide-figcaption"></figcaption></figure><hr><h2 id="h-defining-rug-mathematically" class="text-3xl font-header !mt-8 !mb-4 first:!mt-0 first:!mb-0">Defining "Rug" Mathematically</h2><p>The harder part wasn't finding burns — it's deciding which burns matter.</p><p>A founder removing 5% of liquidity to rebalance isn't a rug. Someone pulling 95%+ of the pool's WETH reserve in one transaction is. I cross-referenced Burn events against the pool's Sync state right before the burn, so the percentage is calculated against the actual reserve at that moment — not against some stale snapshot.</p><pre data-type="codeBlock" text="(weth_amount * 100.0) / (weth_amount + weth_reserve) AS rug_percentage"><code>(weth_amount <span class="hljs-operator">*</span> <span class="hljs-number">100.0</span>) <span class="hljs-operator">/</span> (weth_amount <span class="hljs-operator">+</span> weth_reserve) AS rug_percentage</code></pre><p>Anything above 95% gets flagged — in practice, most confirmed drains land at 99.9%+, since partial liquidity removal rarely triggers a second look.</p><figure float="none" data-type="figure" class="img-center"><img src="https://storage.googleapis.com/papyrus_images/fb54bda37bb3bef3597496a45b19e3ca9f6b54696435a1060a17c4e7e37ae28a.png" blurdataurl="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAANCAIAAABHKvtLAAAACXBIWXMAAAsTAAALEwEAmpwYAAAD8klEQVR4nHVU70tbVxg+3ivJzQ/OPXpzuVeTYuqP1SgqUi0mVmNqk1aj5kZNsOauSqjabRZqQutcSy5Tuza3xN2AQdLAHBmaddPAnFAGmoUx/bJ+WT+oH1Y/dP9CcV9HekYolF0eLs97DrzveZ/znBcsLy8pSmztWWLtWSKVSlptHYwBcTyLYTRVms9XYdTWna+3fFRbV4NDo6mytq4GA69Umc9hXmU+V2U21dbVGE2V4MUvL+LxuCRJff19ihL75+wsn8//8Pz5zs87W9tbkhTx+31er5BcW8vnc6lUUlFiXq8gy9G3Z28TiVVFiclyVBQDweDk4eHBj1vfi2Lgm2/Txyd/hUJz4XAYLC4tSlIkGJyktKpepyOdXleUWDabzWQ2Uqmky3UFAECQoK29tbmlCQBAaVUECRobLbGVp2RpCQalVUFaL4oBSOsBAF12x7BvHADg94+AudDdO3dmRXEMIdjT0y3L0djKU1mOYuJw2BGCCMHOTmu3/TJWDyHY2toiSZGikizLVFRw44Exo6lSp1M7XdemZj7VaNV+vw9kMhvp9Pri0pcECURx7Oj46PT09enp66Pjozd/v/H7RwgSUBrS5bridl8nSMAYEEGCnp7uly//YAwI0npI63U6NcezuCQAwDf+sbQkAwBGfcOFDm7fnh71DUNa323vevzkUXxVkeUo/vc6HTiF1dbR1n4R0nqctLml6fGTR4yhnDEgDI5nhzwDHM/qdGpb5+Vh3w0VRRQkehh5cH/+3sTkTUjr3e7rW9tb6fR6KpWMr8az2W1BGMT69jodvU4HpVVxPAtpvaWhfmPzu77+a8WSRlPFkKefMSBKQ7o9wlz4c4J8dwebmc1UKrmwME+QYDww9urVn/l87rDwHZycHE9N3yLIwiULwqAgDBYlunSp7eTkGJeEtJ7SqoymiqnpWzSCBAmGfTe+iCz+J9HUzJQoBvx+X1kZsto6Fhbm50J3JSkSDoeWl5e67V00gjSCloZ6S0M9jSBjKKcRbG5pehh5gEMMnueGPAM8z2m06i67fUAYoREsvANs5HA4BGn9qE/Y3d3JZDZ+2inYdD+3NzF5E5/R5XK6XFeKErW1X9zd3enstJYxsChRMDjB8SylIXEHjIEuuHbl65VEYvX+/D2ytMQjeHK/5rLZ7d8PftvP7R0eHowHxrDThzwDbnc/WVrCGMrJ0hKrrWM/t1ddbcb9abRqnuc+m/2EMZQTJBgQRmZmQ5RWRSMIrjqv9jodVlsHpVW9PyRYluF4tmhEbBXMccjzHG7uvcXyIrlgudDc0tTYaAHR6Fder2A0VfI8x/Mczv4h/xDvJlXF/28VJlV1tflfLapI/8NSmGcAAAAASUVORK5CYII=" nextheight="805" nextwidth="2048" class="image-node embed"><figcaption htmlattributes="[object Object]" class="hide-figcaption"></figcaption></figure><hr><h2 id="h-what-it-actually-catches" class="text-3xl font-header !mt-8 !mb-4 first:!mt-0 first:!mb-0">What It Actually Catches</h2><p>Running this over a single day's window already surfaces multiple pairs crossing the 95% threshold within hours of being created — the classic shape of a liquidity pull executed by the same address that deployed the pool. The terminal doesn't tell you a token is a scam before it happens; it tells you, with a direct Etherscan link, the exact transaction where someone walked away with the liquidity, so you don't have to dig for it manually.</p>]]></content:encoded>
            <author>0xesco@newsletter.paragraph.com (0xesco)</author>
            <enclosure url="https://storage.googleapis.com/papyrus_images/c1975ff4c4f40fafe52d1e2d6caada50b8686e1b4de18b8e5e01eb9e0a7cafc3.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[The $174.7M Digital Riot: A Data Analysis of the Nomad Bridge Exploit]]></title>
            <link>https://paragraph.com/@0xesco/the-174m-digital-riot-a-data-analysis-of-the-nomad-bridge-exploit</link>
            <guid>jRTcgF1fHnaq8QGRXjL7</guid>
            <pubDate>Fri, 12 Jun 2026 08:50:23 GMT</pubDate>
            <description><![CDATA[The Nomad hack is the greatest illusion in Web3. No mastermind 'super-hacker'. Just one smart contract flaw and 846 wallets copy-pasting a single transaction.  I tracked the exact on-chain receipts and damage numbers. Here is what a $174.7M digital riot looks like.]]></description>
            <content:encoded><![CDATA[<hr><h2 id="h-the-illusion-of-the-transaction-table" class="text-3xl font-header !mt-8 !mb-4 first:!mt-0 first:!mb-0">The Illusion of the Transaction Table</h2><p>When investigating the exploit, the standard <code>ethereum.transactions</code> table proved useless. The looters weren't interacting with the bridge directly; they were routing transactions through private proxy contracts to mask their tracks. Looking at raw transaction inputs only showed noise. To find the ground truth, I had to drop down to the deepest layer: <strong>smart contract logs</strong>.</p><h2 id="h-parsing-the-ground-truth" class="text-3xl font-header !mt-8 !mb-4 first:!mt-0 first:!mb-0">Parsing the Ground Truth</h2><p>By querying <code>ethereum.logs</code>, I isolated the exact <code>Transfer</code> events emitted by the Nomad vault itself. Using the event signature (<code>topic0 = 0xddf2...</code>) and parsing the raw byte array data with <code>BYTEARRAY_SUBSTRING</code>, I bypassed the proxy layer entirely and extracted <strong>the true recipient addresses of the stolen funds.</strong></p><p><strong><em>Here is the core SQL architecture used to extract the exact transaction signatures:</em></strong></p><pre data-type="codeBlock" text="WITH nomad_logs AS (
    SELECT 
        block_time,
        tx_hash,
        contract_address AS token_address,
        -- Extracting the true recipient address by skipping the first 12 bytes of zeros
        BYTEARRAY_SUBSTRING(topic2, 13) AS recipient_address, 
        -- Converting raw hex data to numeric values to prevent Overflow
        varbinary_to_uint256(data) AS raw_amount
    FROM ethereum.logs
    WHERE contract_address = {{Nomad_Vault_Address}}
      AND topic0 = 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef -- ERC20 Transfer Signature
)
-- Further logic applied for decimal conversion and deduplication"><code>WITH nomad_logs AS (
    SELECT 
        block_time,
        tx_hash,
        contract_address AS token_address,
        <span class="hljs-operator">-</span><span class="hljs-operator">-</span> Extracting the <span class="hljs-literal">true</span> recipient <span class="hljs-keyword">address</span> by skipping the first <span class="hljs-number">12</span> <span class="hljs-keyword">bytes</span> of zeros
        BYTEARRAY_SUBSTRING(topic2, <span class="hljs-number">13</span>) AS recipient_address, 
        <span class="hljs-operator">-</span><span class="hljs-operator">-</span> Converting raw hex data to numeric values to prevent Overflow
        varbinary_to_uint256(data) AS raw_amount
    FROM ethereum.logs
    WHERE contract_address <span class="hljs-operator">=</span> {{Nomad_Vault_Address}}
      AND topic0 <span class="hljs-operator">=</span> <span class="hljs-number">0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef</span> <span class="hljs-operator">-</span><span class="hljs-operator">-</span> ERC20 Transfer Signature
)
<span class="hljs-operator">-</span><span class="hljs-operator">-</span> Further logic applied <span class="hljs-keyword">for</span> decimal conversion and deduplication</code></pre><h2 id="h-financial-synthesis-and-data-protection" class="text-3xl font-header !mt-8 !mb-4 first:!mt-0 first:!mb-0">Financial Synthesis &amp; Data Protection</h2><p>Counting tokens is only half the battle; assigning fiat value is where queries fail. Joining high-frequency log data with <code>prices.usd</code> minute-by-minute led to a Cartesian explosion and query timeouts (Full Table Scan). Furthermore, a standard <code>INNER JOIN</code> wiped out millions of dollars from the total because some obscure stolen tokens lacked exact minute-to-minute price feeds.</p><p>The architectural fix: I built an isolated CTE with aggregated <code>daily_prices</code> (<code>AVG(price)</code>) and used a strict <code>LEFT JOIN</code> combined with <code>COALESCE</code> to ensure zero financial data was dropped during the valuation process. This stabilized the query and revealed the true scale of the exploit.</p><hr><h2 id="h-the-damage" class="text-3xl font-header !mt-8 !mb-4 first:!mt-0 first:!mb-0">The Damage</h2><h3 id="h-what-did-they-steal-mostly-hard-liquidity" class="text-2xl font-header !mt-6 !mb-4 first:!mt-0 first:!mb-0">What did they steal? Mostly hard liquidity.</h3><p>By parsing raw <code>ethereum.logs</code> and matching with historical <code>prices.usd</code>, the asset distribution is clear. USDC took the biggest hit, followed by WBTC &amp; WETH. <strong>The total calculated damage sits exactly at <u>$174.7M</u>.</strong></p><p><em>Unique Hackers Number &amp; Total Funds Stolen</em></p><figure float="none" data-type="figure" class="img-center"><img src="https://storage.googleapis.com/papyrus_images/b81ede83560aacfeba21e20e39a624f268ff10b1c95add17b51d4dfadecbe3c0.png" blurdataurl="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAKCAIAAABaL8vzAAAACXBIWXMAAAsTAAALEwEAmpwYAAABWUlEQVR4nGOwNHfw9gx0dvQJ8g/X1TbV1jTW1zXX1zXX0zXT1jQy0Lcw0LfQ0zXT0zUz0LeQlFDg5xMTFJAgEokISzNoaRpZmNsb6FuYmdrqaJtoaRrr6ZrJyaoJCUqKCEuLCEuLicrAGUKCkvx8YsQjIUFJBogeQQEJZKfx8oigIT4eMXY2fgji5hIiwQJ+PjFeHhFkUTQuP9hiXh4RDXUDZ0cfD1d/ZSUtXh4RiJsIW0CMOl4eEQYGxtmzFvz6+f/Nqw+tzd0MDMyY7iDTAm4uIS1NAy+vwAl9UzvaJ/T3Tu3rnuLlEaCspMHNJUJsHOB3voqylrdXUEJ8WnxsWl5uWVJCRlBABCSgiIoDbi4hSEzi8QQzEzczEzfEPkYGTkYGTmKiGmSBnKyqlJSSuLiciLA0ZuJBtVgcxhaH2EQQCQpIMLg7u3t6+Hu4+5mZ2kASOxWRuLgcABoaZTd2QFKbAAAAAElFTkSuQmCC" nextheight="512" nextwidth="1624" class="image-node embed"><figcaption htmlattributes="[object Object]" class="hide-figcaption"></figcaption></figure><figure float="none" data-type="figure" class="img-center"><img src="https://storage.googleapis.com/papyrus_images/adc72d132dca4ccdc8876e846c5ae71cdfb67159cb90fa55e32aa27e99948696.png" blurdataurl="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAKCAIAAABaL8vzAAAACXBIWXMAAAsTAAALEwEAmpwYAAABfElEQVR4nGPw8gjMzS6JjkjOySpKT88zMba2sXR2tPd0dvSytXG1NHNwsHO3sXS2s3GzsXS2snQUEpQU4BcnEomKSDOYm9n5eAc72Lm7ufq6ufqYm9nZ2riqquiIi8uJikgLCUpCGHCSj0+Ml0eUSCQkKMkAdxEvj6gAvziEy8sjysUhhIzYWPnZWPlZmfnYWPkhIsRawMcnhqwaU7MA2D6I8z3c/D3c/MXFZcFuEoNIEbAAjyIBfnEGBjZ3d//z565Nmjjz7Jkrh/af/PPj//Gj59es3vz1y29DfQtmJh48JhCwgJdHlI2VX0VZKzQkNier6MC+4+vWbN22de/pkxdbW3rS0/MkJRXxhxU0DvB7k4tDiIGBwc3VNzUlp6tr0uSJs8tK6p0cPRkYmAjGBMgCiDPxx5uQoCQDAycDAxuEy8DAxsDASTACoBpVlLXk5dQkJRVFRaTRUg4ygvuGm1sEazLDikCxmByfnJGel5qS4+nhD0kqVESSkooARM138MXtjywAAAAASUVORK5CYII=" nextheight="512" nextwidth="1624" class="image-node embed"><figcaption htmlattributes="[object Object]" class="hide-figcaption"></figcaption></figure><p><em>Asset Distribution Graph &amp; Leaderboard Table</em></p><figure float="none" data-type="figure" class="img-center"><img src="https://storage.googleapis.com/papyrus_images/1b835498bfaa507a5b587412a6cafce867ed5828434cb50ac9e9409a0f036f20.png" blurdataurl="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAJCAIAAADcu7ldAAAACXBIWXMAAAsTAAALEwEAmpwYAAACK0lEQVR4nJ2TPW/aQBjH/UIgDdhn39lIzaGwEFEhmgxNgIAdaJYGG4ZmZ2MAhmagkZotJp+h+QLhTUSVFcGC+CpAEYqQeZEzeslQBUcEZeiQv37b3f1/eh7pCL9/JxAI+P07GG9jvO3zYQh5AFgAWIR4nucAYDkOvAMAWEFABIQ8xwGWZdbwaNpVp9PRl2m1WgcHXzY3XfbN9wh4nuM4wPOcDcN4dF23LMswjPl8vlgsTk6+bmw4IIT/qVs9t3kVIARtxwqWZRqN+mw26/f7f5dJpZIul3N9gjd1dqNdum59XdE6DONpNhuLxWI4HI6XSSafBRhjQUA2q9J1B0LQ6xVXR6Io+Hz4ZUUIQRtBQACwbwSpVMrt/oAx9npF73NEhnF7PFsAMAAwNE1GIofdbvf+/r7dbvd6vevritO5ASEvigIhCIhhPARBUBRJ0xRJEjRNNZvNdYEkJQiCcDhoh4OmKJIkicvLX41GvVq9rVZvb25+5/N50zSn0+lkMrEs6+7ujqZJCPnnFbndW8FgsFAoFIvF8/MfpVLp9PRbvV43TXM0Gj08PAwGg1wuVy6XNe2qUqlomnZ29l3X/zw9Pc3n88fHR8MwLi5+jkaj8Xg8HA5N06zVajRNvQgw/hgOhxQlrShpVVVUVYlGI3t7YVmWksljWZZisWgo9CmdVlRVzWYzmUw2FouFw6F4/EiSpHj8KBI53N0NJBJxWZaOj2VZlvb3P9s/SRDQPymA2ioYO8/uAAAAAElFTkSuQmCC" nextheight="960" nextwidth="3296" class="image-node embed"><figcaption htmlattributes="[object Object]" class="hide-figcaption"></figcaption></figure><figure float="none" data-type="figure" class="img-center"><img src="https://storage.googleapis.com/papyrus_images/da773f3a14d5e5f7c9a67a64bc94e0b811991400869a3242e4ca527ea59b082f.png" blurdataurl="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAJCAIAAADcu7ldAAAACXBIWXMAAAsTAAALEwEAmpwYAAABTUlEQVR4nJ2SoW/CQBTGz/RUzwxBk57oiZ4YavhhFv4FUrNgehiqhtiqFsxQVFHVU1SQ1JCaJQiSCpKqnhqqqSCrGoqqBbWQZgthCOjLT72XL+99Xx5w3UkQzLrdR8PoMGa2WveKUsdYvQpCtGbz7qSpKPVG4xYIkWy3X74/5dzj3HOc8WDwZFn9y2HMHI3eimLn+1PGzOORbb+A4fCVc891J74/DYKZ44wxViGUEJIvBEIJY9VxxobRORZCKBGigTheFcUuzz+zLM2yNIqWlOoIybXazYUgJBOiheHcsvrHQoRkSnUQhvP9/rtcIEQiREKIVsEB5x5j5hkHQTATIsnzzXr9EUXLOF5VcECpvli8M2aed1Amk2VpHK+qRUSpHobzdvvhzAKMVUp1SvW/7yxn11L+5Ul0h4hs+7nX62Gsgt+CUKrAfy0Ah+t/ANaYuGbVUKWMAAAAAElFTkSuQmCC" nextheight="960" nextwidth="3296" class="image-node embed"><figcaption htmlattributes="[object Object]" class="hide-figcaption"></figcaption></figure><hr><h2 id="h-conclusion" class="text-3xl font-header !mt-8 !mb-4 first:!mt-0 first:!mb-0">Conclusion</h2><p>The Nomad exploit proves your biggest DeFi threat isn't a hooded hacker. Sometimes, it's a single line of bad code leaving the vault door open for the entire internet.</p>]]></content:encoded>
            <author>0xesco@newsletter.paragraph.com (0xesco)</author>
            <enclosure url="https://storage.googleapis.com/papyrus_images/f323a2964417af472814242cc18866bf12f8ddd59edc2efe83e146a7b2b8a7ad.jpg" length="0" type="image/jpg"/>
        </item>
    </channel>
</rss>