Howdy!

My year of free Blackbird coffee is drawing to a close, so I went to three different coffee shops today. Sadly, Blackbird is built on Base, so that’s all I’ll say about it in this newsletter.

Today, we’ve got Bybit hack implications for Solana, reducing latency, and DTCC ETF filings:

Squads conducting ‘comprehensive review’ after Safe exploit

Yesterday, Bybit CEO Ben Zhou posted on X that the platform’s $1.4 billion hack had been caused by “malicious code originating from Safe{Wallet}’s infrastructure.” Solana CEOs had many words, including “nightmare season,” “holy hell,” and “holy shit.”

Preliminary reports indicate Safe’s frontend was exploited to trick Bybit into signing a malicious transaction, and Safe’s actual smart contracts appeared to perform as intended. Still, the foul language likely stemmed from the fact that wallets being exploitable gives hackers access to a whole lot of assets — Safe’s smart accounts secure over $100 billion in digital assets. 

In other words, hackers could go further than Bybit.

Squads, a multisig wallet used by a number of prominent Solana teams including Helium, Kamino, Pyth, Helius, Drift, Jupiter and Ellipsis, is “conducting a comprehensive review of our infrastructure to mitigate the possibility of such an attack,” CEO Stepan Simkin told me. 

Simkin emphasized that “high value accounts” need purpose-built wallet solutions because sophisticated hackers can “potentially compromise any frontend.”

The Bybit hackers — whom the FBI has now accused of being linked to North Korea — injected malicious code into Safe’s JavaScript files to alter Bybit’s multisig transactions and send the funds to the attacker’s address, according to a report from blockchain security firm Slowmist. While the crypto industry puts a lot of effort into auditing smart contracts, it focuses less than it should on “conventional infrastructure” — like leaked Amazon Web Services credentials, which was the culprit in this case, Simkin said. 

“JavaScript side hacks are the easiest to execute due to lack of audits,” Cube Exchange CEO Bartosz Lipinski said. “Solana is not immune to that.”

Lipinski said Cube chose multi-party computation over multi-signature for wallet security in part because it prevents “blind signing “ — which Bybit apparently did.

Simkin said Squads is working on a “decentralized frontend” that would allow users to interact with the protocol without having to rely much on its infrastructure.

— Jack

P.S. Fill out our short audience survey and help us build a better Lightspeed. Thank you!

Built for Builders. Designed for Action.

If you’re scaling infrastructure, redefining DeFi, or breaking ground on new primitives, Permissionless is where you test, refine, and launch.

🚀 Speaker applications are open.
💰 Hackathon devs get in free.

Brooklyn. Summer. Builders. You in?

📅 June 22–26 | Brooklyn, NY

We are once again seeing evidence that Solana block times are getting shorter:

An engineer at Solana developer shop Anza posted this chart showing the length of time it has historically taken for Solana to create a new block on the blockchain.

The finding is the same as previous ones: Solana’s block times are getting faster — and are even dipping below the network’s theoretical block time of 400 ms. 

— Jack

Check off another TradFi milestone for Solana. Two Solana futures ETFs (SOLT, SOLZ) from Volatility Shares have recently appeared on the Depository Trust and Clearing Corporation (DTCC), putting them a step closer to trading. Sure, futures-based ETFs aren’t a direct bet on SOL, but they signal growing institutional demand and a path toward a spot solana ETF. With Coinbase Derivatives gearing up to launch CFTC-regulated solana futures themselves this month, one can't help but feel that the golden market structure is quietly falling into place.

Takeaway: This doesn’t mean you can buy a solana ETF tomorrow, but it’s a big step in that direction. Futures-based ETFs are usually the warm-up act before the main event: a spot solana ETF, which would let regular investors buy SOL like a stock. The key piece — CFTC-regulated solana futures — just went live, and that’s what cleared the way for ETH and BTC ETFs before. If history repeats, the ETF floodgates could open sooner than expected, and a full blown solana ETF could be next.

— Jeff

A message from Bartosz Lipinski, CEO of Cube: