🎙 Cardano Community · X Space Complete Recap (7-hour edition)

Even if your private key leaks, you can prove you're the rightful owner — from your seed phrase.
A full breakdown of Cardano's 7-hour X Space

In a nutshell ── This page reorganizes roughly 7 hours and 13 minutes of casual chat and technical talk, featuring Charles Hoskinson and others, into a readable form based on a full AI transcript. It spans everything from new technology for "proving you're the rightful owner (from your seed) even if a key leaks," to future quantum computer defenses, Charles's "vision" philosophy, and even the raw behind-the-scenes of the AI industry. The serious technical and strategic discussion runs mainly from 2:00 to 4:00, with mostly casual chat before and after ── and we've organized it to reflect that real flow.

🗓 July 2026 ⏱ 7 hours 13 minutes 👥 Many speakers (Charles / Phil / Bruno / Alex and more) 🎧 Full AI transcript

The big picture first

🗺The full map of 7 hours

It's a long haul, so here's what was discussed and when, in chronological order. The color coding is a rough guide to how "dense" each part is.

Technical & strategic core Half-serious (industry & investing) Casual chat & culture
0:00–1:00

Opening, small talk, AI industry gossipMostly chat

From watching soccer (the World Cup), meme coin markets, and community squabbles, the second half swings straight into "Anthropic vs OpenAI" and "Fable/Opus/Grok" AI coding talk.

1:00–2:00

AI tool talk → Charles arrivesIndustry talk

Deep nerdy discussion of various coding "harnesses" and subscription management tricks. Around 1:53 Charles Hoskinson appears and begins talking about the handover of the Hoskinson Clinic and this year's priority projects.

2:00–3:00

🔑 Technical core: ZK, the SecondFi incident, post-quantumMost important

The ZK recovery app built on Groth16/Gnark/WASM, the SecondFi incident, Glacier Drop, Midnight's selective-disclosure ID, and a drop-in appearance by Algorand's CTO for post-quantum cryptography collaboration. The highlight of the whole Space.

3:00–4:00

🎯 Governance & vision → RealFiMost important

Charles's sweeping marketing-as-vision philosophy (Jobs / Musk). After that Charles leaves, followed by details on RealFi, real support for SecondFi victims, and ZK × post-quantum migration.

4:00–5:00

Unicorn debate → film & culture talkInvesting → chat

A hardcore financial debate on "can you build a unicorn through revenue cycling between companies" (with the observation that it's essentially accounting manipulation). From there it drifts into chat about clone movies, UFC, and history (the Reconquista).

5:00–6:00

History & sci-fi talk → Midnight partnership consultingHalf and half

Interspersed with chat about Roman history and Lex Fridman, there's practical consulting on Midnight partnership lead Ian Cain's move to Cosmos, the SpaceX IPO, unicorn strategy, and ambassador activities.

6:00–7:00

Practical consulting → late-night anticsMostly chat

Consulting on where to send Treasury proposals and ideas for using governance in university clubs. After that: Elon vs Sam, seed phrase management and multichain reuse, World Cup predictions, and more.

7:00–7:13

Wrap-upChat

Meme coin trading calls, a breakdown of the anime "Code Geass," and inside jokes to close things out on a friendly note.

💡 How to read this: If you want the "substance of Cardano's technology and strategy," the Clinic through Governance sections (roughly 1:53–4:00 in the recording) are the core. The AI industry behind-the-scenes (Anthropic/OpenAI/Grok) is collected in its own section. The vast remainder of casual chat is touched on lightly in Other moments.

Just the conclusions from the tech & strategy parts

In three lines (the core)

① The core tech is “proven out”

You can now verify Groth16 proofs on Cardano, and generate ZK proofs right in the browser. As Charles puts it: "The technical and developer-experience problems are behind us. What's left is the challenge of distribution." (In reality it's at a proof-of-concept stage on pre-prod; upstream integration into Gnark is not yet done.)

② The industry moves into an "integration" phase

Algorand CTO Bruno dropped in and discussed collaboration on post-quantum cryptography (Falcon, lattice-based crypto). The trend is to move past tribalism and build cross-chain standards.

③ The winning move is "vision"

"Me too" (we've got high TPS too) won't win. Like Steve Jobs or Elon Musk, the goal is to draw people in with a story about how the world will change, and produce three to five unicorns.

Who was talking

Main speakers

A star-studded session centered on Cardano, with key people from other ecosystems dropping in too.

C
Charles Hoskinson
Founder, Cardano / IOG
P
Phil
ZK / WASM implementation lead
B
Bruno Martins
CTO, Algorand Foundation (ex-IOG)
A
Alex
Cardano Foundation side
E
Esko
Long-time community member (since 2021)
M
Micro / Riley / Luca
The engineers
H
Hosts & community
Moderating, asking questions, victim support
M
Micro / Lucas / Riley
Regulars. Talk tech, history, and trading

* Since no automatic speaker separation (diarization) was performed, attributions of who said what include inferences from context.

Topic · Charles's latest news (recording ~1:53)

🏥Hoskinson Clinic handed over to Monument (a Mayo-affiliated group, per Charles)

The first thing Charles talked about when he showed up wasn't crypto at all, but a personal piece of news: the transfer of his own clinic.

What the clinic did

Charles ran it together with his father and brother in Gillette, Wyoming. As a medical practice it was a huge success, treating around 22,000 people, saving many lives, and transforming the town. "We had better MRI than the Mayo Clinic (one of America's most prestigious medical institutions) — that's how much money we poured into it."

Why let it go

There was no financial path to keep running it at the scale he wanted, and it had effectively become a loss-making, charity-like operation. The whole family was burning out on 100-hour weeks, and after weighing "can we break even in 18 months?" he concluded it wasn't possible. He turned down the hospital groups and PE (private equity, i.e. investment funds) that approached him about a buyout, saying: "I don't want it turned into an operation that puts profit first and pushes 30 patients a day off onto nurses."

Where it went, and what's next

In the end it was handed over to Monument (Charles described it as "part of the Mayo Clinic network"; the actual ownership/operating relationship is unconfirmed). The negotiation was a tough, no-holds-barred fight (in Charles's words, a "bare-knuckle brawl" — hard-nosed, no-mercy dealmaking), led by Chris, Charles's chief of staff, who sat down with the counterparty CEO over a weekend and hammered out the deal. Charles himself is stepping back from management, and says he can now focus on research into next-generation medicine — stem cells, hyperbaric oxygen, anti-aging, and the like.

"It's the one job in my career where I could tie 'the money I spent' to 'the lives I saved.'" — Charles Hoskinson (on the Hoskinson Clinic)
🔎 So how did it end up? — Charles closed his own clinic and handed it over to Monument (which Charles called "part of the Mayo Clinic network"). The clinic lives on under new management (patient care continues), and Charles himself has stepped away from running it to focus on next-generation medical research — that's the ending.

Charles then went on to declare this year's focus — the "big four" — which we'll look at in detail in the next section.

Topic · Charles's priorities (recording ~1:55, and throughout)

🎯Charles's "Big Four"

The four ventures Charles named as this year's priorities are Midnight / Midnight City / RealFi / Pogun. On top of that, a meta-goal: "get Cardano's governance where it needs to be." IOG is transitioning toward a venture-studio model, and he said "we want to ship two or three ventures a year" and "we don't need many wins — three to five and Cardano grows organically."

🌙 Midnight

A privacy-focused partner chain. A separate company with its own blockchain and its own budget (funded apart from Cardano's Treasury). At its core is an identity feature based on selective disclosure (Charles calls it the "Midnight Passport") — a mechanism to prove after the fact, without revealing your identity, that "only you could have signed" (a future answer to the "proof of ownership" problem raised in the SecondFi incident, with applications like anonymous voting). * Note: the SecondFi recovery app itself is built on Cardano/Gnark, not Midnight. About 49,000 people on Discord. The proving system is its own (not Gnark-based).

🌆 Midnight City

Positioned as Midnight's "fast follow (the thing that comes next)."

🧊 A level-headed takeThat said, in this session it was little more than a name-drop, with no concrete explanation of what it actually is. You can't tell "what Midnight City is" from this Space — best to wait for an official announcement.

🏦 RealFi

A passive yield product that requires no active management. The yield comes from microfinance outside the crypto sphere, differentiated by being "resilient in bear markets" and "banking the unbanked." Charles called it an "absolute joy," and said he was writing up the go-to-market strategy document that very day. → See the RealFi feature for details.

₿ Pogun (it sounds like "Pogun/Poga" in the audio, but it's correctly "Pogun")

A project to put dormant bitcoin "to work." Worldwide there's roughly $1.6 trillion in BTC just sitting there, "held and nothing more" — the aim is to let people lend it out for interest or otherwise put it to work, without handing it to a centralized custodian (Bitcoin DeFi). Led by IOG, with Omer H. as lead.

  • Why Cardano? Because Cardano's EUTXO is a "cousin" of Bitcoin's model (UTXO) and fits it well.
  • Connect Midnight to add privacy as well.
  • Three stages in 2026: Q2 a credit (lending/borrowing) market → Q3 a yield app → Q4 a "trust-minimized" Bitcoin bridge using BitVM.
🧊 A level-headed takePogun applied to the Cardano treasury for about 12.3 million ADA (~$3M) in funding (promising to put 20% of revenue toward repayment). But securing funds has been rocky — there have been treasury votes where it was rejected — so "unicorn candidate" is very much an expectation at this point (check the latest outcome yourself).
🧊 A level-headed takeBoth the "Big Four" and the "three-to-five unicorns" are, for now, goals and expectations set out by the founder. Being named does not mean shipped or guaranteed to succeed. RealFi and Pogun are in the fundraising/launch phase, and Midnight City wasn't even explained in this Space. The healthy approach is to take these as roadmap declarations and verify actual progress against each project's primary sources.

Topic 1 · The centerpiece of this Space [Feature]

🔐A browser-based ZK "wallet ownership proof" app

The first practical ZK (zero-knowledge proof) app on Cardano. Without ever revealing your private key, you can prove "this wallet is mine" straight from your seed phrase (24 words). As Phil put it: "As far as I know, this is the first meaningful practical use of ZK on Cardano. I'm quite proud of it."

💥 Is this "the app born from the SecondFi incident"? — Half YES, but with an important caveat

The trigger was the incident: compromised funds needed to be returned to their rightful owner right away, and the direct reason it became a "we have to ship this this week" job was the SecondFi incident.

But the "essence" is a general-purpose idea that predates the incident: as Charles said, "This has nothing to do with the Glacier Drop. It's a more abstract question — can we reconstruct a wallet's derivation path inside a contract from the 24 words — and it's a 'provability' mechanism that works for any CNT and any asset."

So the applications "exploded" into being: bridges, reusable DeFi, custodial dead man's switches = inheritance (if assets go unused or the owner dies, they get consolidated into a contract and withdrawn with a different credential), ownership proofs for arbitrary assets, and even safe migration to quantum-resistant addresses. The incident was the "labor pains," but what was born is something far bigger than the incident — a "foundational technology usable for all sorts of purposes." In short, it's a real case of "turning misfortune into a blessing."

What the app does

  • Goal: even if your private key has leaked, prove ownership from your seed phrase (master private key) and recover the funds.
  • How it works: it generates a zero-knowledge proof that "I hold the master private key, and it derives to the credential in question." Neither the public key nor any signature is revealed.
  • Status: already live on pre-prod (testnet). You can run the whole flow on your own PC — lock funds, generate a proof, and claim them.
  • Ripple effects: once you can do Groth16 verification on-chain, applications open up all at once — bridge designs, reusable DeFi patterns, and more. "This isn't a small thing; it opens up an enormous set of use cases" (Charles).

🧩 Why is "Groth16 verification on-chain" such a big deal? (for general holders)

A ZK proof is a technique for proving only that something is "correct" without revealing its contents. "Verifiable on-chain" means that the blockchain (the smart contract) itself can check that the proof is correct. The heavy computation is done off-chain, and only a small "proof of correctness" is put on-chain. Two concrete benefits:

  • 🌉 Bridges (linking to other chains) become safe: Cardano can confirm that "this really happened on the Bitcoin side" with a single small proof. Because you don't have to trust an intermediary, you can connect chains more safely than with traditional bridges, which were a breeding ground for hacks.
  • 🧱 Reusable DeFi "components": do the complex computation off-chain and produce a proof — for credit checks, privacy, credential verification, and so on — while the chain only does the light verification. The same mechanism can be reused across many apps.

In a nutshell — "heavy work off-chain, only the 'proof' of correctness on-chain." That's how you can build apps that were impossible before — cheaply, quickly, and safely. This is why Charles said "it isn't a small thing."

Why only the rightful owner can recover "even if the key leaks" (FAQ)

"If the private key leaked, wouldn't the seed phrase leak too?" — a question many people have. The answer is No. That's because the relationship is one-way. Intuition points the "arrow" in the wrong direction.

🌳 Keys aren't a "single key" but a "tree"

Seed phrase (24 words)   ← root = master private key
      │  one-way transform (hashing)
      ▼
  Account key
      │
      ▼
 Signing key for each address   ← leaf = the key that signs transactions
      │
      ▼
  Public key / Address

You can go root → leaf. But you can't go leaf → root (one-way). So even if you know one leaf key, you can't work backward to the root (the seed).

🔎 What leaks is a "leaf" key

What reaches an attacker through a signature or a leak is a leaf key at the very bottom of the tree. The seed phrase itself never appears on-chain even once (it's in neither the signature nor the public key). So —

🔴 What the attacker has
only the leaf key → they can steal that address, but can't trace back to the seed
🟢 What the rightful owner has
the seed (the root) → can generate every key = can prove they're the real owner

🍳 Analogy: a recipe book and a single dish

The seed phrase = a secret recipe book. A leaf key = one dish made from it. Eating one dish doesn't let you reverse-engineer the entire recipe book. So this app proves "I know the 'root seed' that can derive this key" without ever showing the seed — an attacker who only holds a leaf key can't produce this proof, so only the rightful owner can recover the funds.

⚠️ Important caveatConversely, if the seed phrase (24 words) itself leaks, an attacker can produce the very same proof, so this mechanism can't protect you. In other words, it's not that "you're always safe even if a private key leaks" — it rescues the case where a leaf-level signing key leaked but you still hold the seed.
⚠️ Fine print: a weakness of hardened / soft derivation (what Bruno touched on)

Key derivation comes in hardened derivation and soft derivation. Soft derivation has a known weakness: if you have both a given extended public key and one of its child private keys, you can walk back just one level to the parent private key (this is what Bruno was referring to with "the hardened/soft thing" during the Space). Even so, you still can't reach the seed itself. The exact security depends on each wallet implementation's derivation scheme.

Performance specs (for K21)

60 sec
Proof generation time in the browser
4 sec
Proof time in the desktop app
~2GB
Proving key needed per proof
16
Web Workers used for browser delivery

🔑 What is a "proving key"? What is the 2GB the size of?

It is NOT an encrypted copy of your private key (seed). The proving key is a "set of official parts" describing how to prove the computation of this circuit — it's public data generated once from the circuit. Everyone who uses the same circuit uses the same ~2GB proving key (it isn't different per person).

  • Why a full 2GB? Because the circuit is large. K21 = a big circuit made of roughly 2.1 million "constraints," so its parts list is huge too.
  • That's why building the proof is heavy: it computes using these enormous parts, so it eats both time and memory (→ 4 sec on desktop / 60 sec in the browser).
  • Your secret (the seed) is a separate thing: it's used as the input (witness) when building the proof, only inside your own machine, and never leaves. The proving key contains no secret.

The "amazing part" this time = they pulled off this heavy processing in the browser. Fitting 2GB into a browser was the hard part, and the next section — the Gnark × WASM problem — is where they solved it.

What does K21 mean? (compared with K20)

K is a metric for the size of the circuit, meaning 2ᴷ "constraints" (a constraint = a fine condition that pins down the correctness of the computation). Each increment of K roughly doubles the circuit. So K21 is about twice the size of K20. Rather than "comparing against something," the relationship is: you could "lower" it to K20, but they deliberately keep it at K21.

ItemK20 (if lowered)K21 (adopted this time)
Circuit size2²⁰ ≈ about 1.05M constraints2²¹ ≈ about 2.1M constraints (~2×)
The "claim" being provenknows a credential-/coin-level key (narrower scope)knows the master private key itself (a stronger claim)
Security assumptionslightly looser (Thomas Velkopf recommended it as "safe")stricter = conservative (on the safe side)
Proof weightlighter and fasterheavier (adopted anyway)

💡 Broken down — even though lowering to K20 would make it lighter, to prove a "stronger, safer-side claim (knows the master key)," they deliberately chose the heavier K21. Even at twice the proving weight, they prioritized a security margin (Charles: "I just ran it at K21 on purpose").

🧊 K21 or K22?In this 7-hour Space's transcript, Charles says "A is 21" (i.e. K21). Elsewhere, however (e.g. on YouTube), he is reported to describe it as "K22, ~3.6 million parameters." Do the math: 2²¹ ≈ 2.1M, 2²² ≈ 4.2M. "~3.6M" exceeds 2.1M, so it won't fit in a K21 domain — it implies K22. The circuit size may differ depending on when it was described; check the latest first-hand info from Charles for the exact figure.

Tech stack

Circuit & proving logic

The logic, constraints, and the circuit itself that make up the proof are written in the Go language. The framework is Consensys's Gnark (a play on "Snark"). This is compiled to WASM to run in the browser.

  • The prototype of the core circuit was written in Go by Charles
  • Phil made the proof time practical
  • The scheme is Groth16 (small proof size, well-suited to on-chain verification)

Delivery architecture (Cloudflare)

Each user needs roughly a 2GB proving key. But many browsers can't hold 2GB in memory. So:

  • Desktop version: download the installer and it's 4 sec locally
  • Browser version: stream the 2GB in chunks from Cloudflare R2
  • Feed those into about 16 Web Workers for parallel processing

🌙 Note for people building on Midnight

What matters here is the wall common to all client-side proof generation: a large proving key × the browser's 4GB memory limit. Midnight also generates proofs on the browser side, so the question of "how to fit this heavy key into the browser / how to parallelize it" hits home directly.

"Not Gnark-based" — what does that mean? — Building a ZK proof requires a "toolset (library)." Gnark is one of them (made by Consensys, in Go), and this recovery app is built with it. So Charles's patch is a "part for Gnark," too. Midnight, on the other hand, uses a different toolset (its own language, Compact, plus its own proving system).

🚗 By analogy: both are "cars," but one is a gasoline car (Gnark) and the other a diesel car (Midnight). The "how do we haul heavy cargo" problem is the same, but an engine part for a gasoline car can't be bolted straight onto a diesel car. In other words — the idea (how to get around the 4GB limit) is useful ✅ / but the patch itself can't be reused as-is ❌. On Midnight it would need to be rebuilt.

❓ So what exactly is the "4GB wall"? Can't you build a proof on a phone?

"Client-side proof generation" = "your own device (PC, phone) itself" builds the proof (the benefit being that you never hand your secret to a server). But —

  • A browser (WASM) can use only about 4GB of memory. Load a ~2GB proving key plus the working space for computation and it overflows. That's the "4GB wall."
  • A desktop app has no wall, so it's a breeze (4 sec). The hard part is running it in the browser.
  • What about phones? They generally have less memory than PCs, making them the most demanding case. The trick this time — "split the 2GB and feed it into 16 parallel workers" — is browser-oriented, so a high-end phone might be possible, while a weak device is tough in practice (the Space mainly mentions "60 sec in browser / 4 sec on desktop"; whether phones alone can do it wasn't stated).

Midnight faces the same wall (because it too is designed to build proofs on the browser side). But its proving "toolset" is different (Halo2-family), so this Gnark-oriented patch won't just work as-is. To be precise, each stack needs its own approach to getting over the wall. (Midnight's specific browser-proving implementation wasn't detailed in this Space; this is a general framing.)

Source note (Charles / Phil's explanation, verbatim)

"A(=K) is 21 now, and it can be 20 if we reduce the security statement from specifically master private key to credential-to-coin-level key, which Thomas Velkopf recommended as a safe security assumption. But I just kept it at K21." — Lowering K by one makes it lighter, but to preserve the stronger claim (knowing the master private key) they deliberately adopted K21; that's the nuance, straight from the source.

Topic 1-B · One of this Space's standout technical highlights

🧩Has the Gnark × WASM "4GB wall" problem been solved?

Bottom line: for this recovery app it's “solved” — it runs at a practical speed, demonstrated on pre-prod.

Thanks to the prove-stream vendor patch that Charles applied to Gnark itself, K21's in-browser proving now runs in a realistic amount of time. This recovery app is itself a live example of that.

That said: merging it into Gnark upstream is still ahead.

Host: "Could you commit it to the upstream library and see whether it gets accepted?" → Charles: "I'll give it a go." For now it sits as an in-house vendored patch.

First, the gist: building this ZK proof requires a huge amount of memory. But the memory usable in a browser (WASM) is capped at about 4GB. The prover(= the software that produces the proof. The counterpart to the "verifier.") wants more than that, so as-is it won't run in a browser — this is the "4GB wall." The story is how it was overcome with "a clever way of splitting things up."

Memory the prover wants
about 32GB
Browser (WASM) limit
4GB

📏 It wants about 32GB, but the browser can only use 4GB — not enough. So "as-is" it wouldn't run.

🛋 An analogy: a big piece of furniture and a narrow door

The enormous proving key (the data used for proving) = a big piece of furniture, the 4GB browser = a narrow door. You can't get the furniture through in one piece. So instead — you take the furniture apart and carry it in bit by bit with 16 people (= 16 Web Workers). That's the picture of Charles's "split it into a stream and feed it in" patch.

What exactly was the problem

  1. A design that assumes 32GB vs. the 4GB WASM limit. The original prover was designed to write the proof into 32GB of memory. But WebAssembly (wasm32) limits linear memory to about 4GB. K21's proving key plus the MSM/FFT working area don't fit in 4GB.
  2. Attempting sharding. To fit the 4GB constraint, a sharding setup using Web Workers was built. But "I noticed there were a few problems."
  3. Patching Gnark itself. So Charles patched Gnark (pronounced "geosnark" in the Space) directly, arriving at a form of "fix it this way and it's solved." "It took a little while to find the way to solve it — it was probably around 1:30 in the morning on Saturday."
  4. The punchline that surfaced later. It turned out that on Gnark's GitHub there was a "mega-thread" where people had been struggling with this WASM problem for years. Charles's patch was a high-quality solution that already achieved what that big effort had been aiming for — and he'd done it without knowing, just solving it within his limited time.
"In narc's (Gnark's) repo there's a huge mega-thread of people who've struggled to get this running in WASM. Your patch already pulls off what all that enormous effort was essentially trying to do — it's a very high-quality solution."
"I had no idea. I just had to solve it. Time was limited." — an exchange between the host and Charles Hoskinson
Technical-background note (added from general knowledge outside the Space)

When you build Go for the WASM target (GOARCH=wasm) you get wasm32, and linear memory is bound to the 32-bit address space — i.e. a maximum of 4GiB. For Groth16 at a scale of 2²¹, on top of the proving key you need large temporary buffers for MSM (multi-scalar multiplication) and FFT, and allocating them naively exceeds 4GB. This is a widely known bottleneck — not limited to Gnark — when "generating proofs for large circuits in the browser."

Charles's prove-stream family of patches can be read as the idea of splitting this huge computation stream-wise to fit within the 4GB envelope (plus Web Worker parallelization). For the exact implementation diffs, numbers, and whether the PR is accepted, check the forthcoming upstream proposal to Gnark and each project's official information.

💡 Why "this" matters for a quantum-resistant migration

The essence of this app is that it "proves ownership from the seed phrase rather than from signatures or public keys." When the time comes to migrate to quantum-resistant addresses (lattice-based cryptography, etc.), this can be used as-is — because if quantum computers advance far enough they could derive a private key from a public key or signature, but a seed phrase never appears as a public key or signature, so it doesn't depend on the attack path from currently-exposed key material. That's why it can be applied as a way to "migrate to quantum-resistant addresses" down the line, as Phil explained. (This does not mean a seed is absolutely safe against quantum computers.)

Topic 2 · Why this technology was needed

🏭The "SecondFi" incident, the presence or absence of KYC, and "the people who are hard to rescue (the unhappy path)"

This ZK app was born to return, to their rightful owners, funds whose keys leaked in the SecondFi wallet incident. But the story branches into a "happy path" and an "unhappy path."

⚠️ First: two separate matters that are easy to conflate

① The SecondFi incident (this section's subject) — a recent hack of the SecondFi wallet. Keys leaked, a white hat recovered the funds, and the ZK recovery app returns them to the rightful owners.

② Attain's "redemption sweep" (the "Background" below) — this is about the original ADA sale, a separate, much older matter from SecondFi. When the seller Attain went out of business and personal data leaked, the funds in the redemption accounts were moved to new addresses (this is where the "couch analogy" belongs). Whether or not KYC was done (see below) is also the key that separates ① from ②.

Background: the "redemption sweep" of the original ADA sale (Attain) (= separate from SecondFi)

  • The trigger: the seller (Attain) went out of business. Personal data may have leaked / been taken by an employee, raising the concern that at-rest secrets capable of restoring redemption accounts could be used by an attacker.
  • The situation: because it was managed with multisig (multiple people had access), commercially it was at the stage where "redemption is not yet complete." The final-stage transfer from the seller to the user's sole-control wallet remained.
  • The response: the funds were moved to "a different warehouse (a new redemption destination)," and users were asked to update where they collect from.
  • The grace period: a mechanism was also set up so that if you don't come to collect within a set period (10 years), the transaction becomes void and you are refunded.

🛋 Charles's "couch analogy"

You've left a couch (your assets) sitting on the loading dock, and then the dock's lock breaks so anyone can get in. Before someone pulls up in a truck and steals it, the response was to "move it from warehouse A to warehouse B and have people change where they come to collect it." Moving it is a hassle, but it beats getting robbed — that's the thinking. "It's 10 years. A normal business gives you 30 days. Even so, 'you can't beat the internet.'"

The happy path and the unhappy path

🟢 Happy path

Cases where you still hold the seed phrase and a white hat has been able to recover the funds. You can claim passively and non-custodially with the ZK recovery app. "It's a smart contract. Hooray."

🔴 Unhappy path

Cases where the seed was lost / taken by a black hat. You can't prove ownership, yet the funds are under Emurgo's or a white hat's control — "this is a big problem."

"Why didn't the problem arise in Charles's own Attain redemption" (the KYC difference)

In the Attain crowd-sale in Japan, KYC was mandatory for everyone. There were passports, bank-account details, and real identities, and about 9,400 of them were audited and matched by MWE / BDO. So even if someone showed up claiming "I'm so-and-so," you could run the procedure of cross-checking against the KYC profile to confirm identity → re-KYC → transfer.

But the wallet holders this time never went through KYC. So there's no way to prove "whether that's really this person's wallet." On top of that, the parties involved hadn't originally consented to this arrangement, so it's a hard problem legally and in terms of governance to begin with. "Who is the decider?" and "what is the governance structure for the unhappy path?" remain unresolved.

The scale is comparatively small, "on the order of a few million dollars," but handling it carefully using third parties is expected to take 5–10 years. "In effect, it's a new aid of voucher (redemption program)."

🪪 Which is why "selective-disclosure ID" (what Charles calls Midnight Passport)

With Midnight's selective-disclosure ID, you can keep "whose account this is" hidden now and prove it later. If you've signed with your wallet, you can say "this is Phil's / Esko's wallet, only they can sign it," and it has the property that you can't later wriggle out by saying "it wasn't me" (non-repudiation). Even if a key leaks later, you can prove after the fact that "it really was mine" — as Charles put it, "this is one of the many applications of 'Midnight Passport.'"

🧭 Crucial: don't conflate these two separate solutions

This incident features "two technologies" of different natures. They're easy to mix up, so let's lay them out in a table.

① ZK recovery app
On Cardano · built with Gnark · usable right now
② Selective-disclosure ID
On Midnight · mainly a future preventive measure
Where it runsCardano (Gnark / Groth16)Midnight (a separate stack / Halo2 family)
Who it savesPeople who "still have" their seed (even if the key leaked)People who registered a proof of ownership in advance
In this incidentRunning as the actual rescue toolThe idea of "so this doesn't happen again"

So what about the "true unhappy path" (people who also lost / had their seed stolen)? — Unfortunately, with either ① or ②, it's hard to rescue them retroactively. That's exactly why Charles says it "will take 5–10 years and become a new voucher (redemption program) using KYC and third parties." Item ②, "Midnight Passport," is positioned as groundwork to avoid this pain "in the future" — the accurate way to understand it is as something separate from ① this time (Cardano's ZK app).

Topic 3 · Common Misconceptions

❄️The Glacier Drop is a "passive process"

Destinations can't be changed

The Glacier Drop is an automatic, passive distribution run by a smart contract. It sends to your registered destination over the course of a year. Requests like "I got divorced, please change my destination" can't be honored — if intervention were allowed, the Foundation would end up handling every case individually.

NIGHT was "free"

It's an airdrop that nobody paid for. Because it isn't a commercial transaction like an ICO, the framing is that it's fundamentally different in nature from the expectation of a "promised delivery." The only "screening" at distribution time is a one-time check against sanctions lists (OFAC = the terrorism- and crime-related targets designated by the U.S. Treasury) — the blockchain analytics firm Chainalysis scans the whole set once and excludes only sanctioned addresses. Everyone else could receive on the same terms (a "sweep" here means "one pass of screening," not a movement of funds).

Code is Law

It runs exactly as written in the contract. "You built a passive, automatic process, so you can't complain that it worked as specified. Lose your wallet and you lose your claim — the unavoidable reality of decentralization."

📌 Fact-check note (verified against official sources)The Glacier Drop is the first phase of the NIGHT distribution. The allocation "pool" was half of the total supply (up to 24 billion NIGHT), but only about 3.5 billion NIGHT was actually claimed (across 170,000+ addresses) (about 4.5 billion in total together with the following Scavenger Mine). Eligible were holders across 8 chains (ADA / BTC / ETH / AVAX / BAT / BNB / SOL / XRP); the snapshot was on June 11, 2025 ($100-equivalent minimum), and the claim deadline was October 20, 2025. Claimed tokens unlock in four 25% installments over 360 days (a randomized start per destination, through December 4, 2026) — a "passive, uniform" mechanism, exactly as described above.

Topic 4 · Cross-Chain Collaboration

⚛️Post-quantum crypto × Algorand — Bruno drops in

Algorand Foundation CTO Bruno Martins (formerly at IOG, until around 2021–22) dropped in. Centered on lattice cryptography, he spoke passionately about joint development that spans ecosystems. There was even a joke: "We send our good IOG engineers to Algorand — John Woods was one of them."

🔰 A 3-minute intro to post-quantum crypto & lattices (for newcomers)

Why is this coming up now? — If quantum computers become powerful enough in the future, the cryptography we use today could be broken, and secret keys could be computed from publicly available information. So the idea is that we need to start preparing now to migrate to cryptography that even quantum can't break (= post-quantum cryptography).

What is "lattice cryptography"? — A lattice is a "mesh" of regularly arranged points, like graph paper. Within it, problems such as "which lattice point is closest to a given spot?" are extremely hard to solve even for a quantum computer — and lattice cryptography uses this "hardness" as its foundation for security. Another strength is that it can do more mathematically than elliptic curves (signatures, encryption, computing on data while it stays secret, and so on). Falcon is one such lattice-based signature scheme (one of the NIST standards).

Why do this together with Algorand? — If every chain builds its own version separately, someone is bound to make a mistake (bugs in cryptography or ZK are fatal). So the thinking is that it's safer and more efficient for everyone to build one high-quality "standard library" together. It's collaboration that transcends tribalism.

🧊 A level-headed takeThis is not something that pays off right away — it's "preparation" aimed at the future (around 2030). Technical terms like lattices, Falcon, VRF, and FHE fly around below, but for the average holder the meaning boils down to one thing: "they're laying the groundwork now so your assets can be protected even in the quantum era."

Falcon (lattice-based signatures)

Algorand has used Falcon in State Proofs since 2022. Going forward, native accounts will also be authorized with Falcon signatures.

  • Because it's an account model, it uses Falcon-1024
  • On the UTXO side, the half-size Falcon-512 might be more efficient, Bruno suggested

Why lattices

Hash-based schemes (e.g. SPHINCS) are poor in algebraic structure, so things like threshold signatures require enormous machinery. Lattices are algebraically richer than elliptic curves, and can handle everything from homomorphic encryption to MPC to threshold signatures — "all-purpose."

Crypto agility

It's unclear which scheme will survive in the future — something can be quantum-resistant yet classically fragile. So they build in crypto agility (the ability to swap out the cryptography) as a property. It's the same idea as hybrid signatures in TLS.

The "stack" they want to build together

  • Post-quantum VRF: Silvio Micali is the originator of VRF + cryptographic sortition. A post-quantum version of it, built jointly. Chris may publish a paper early next year.
  • Lattice-based folding: Building on a paper by Dan Boneh and Microsoft Research (Srinath), IOG is on the verge of achieving ultra-fast folding, GPU-optimized with tensor CCS + CUDA.
  • Proof embedding (outer proofs): A proposal to embed the outer proof with Falcon. Dan Boneh sees room for lattice proof sizes to shrink by another half to a quarter, putting 10–20KB proofs within reach.
  • Formal verification: A Rust reference implementation plus Agda / Lean blueprints, forming a multi-institution "canonical library." Drawing on lessons from the Everest project, which verified TLS in F*.
  • Foundation: latticefold is already implemented in Rust under the Linux Foundation's Nightstream. A consortium model that also pulls in Stanford and others. Formalizing math problems like module SIS is also under consideration.
"If you write your own cryptography, someone is bound to make a mistake — and in ZK especially, bugs are fatal. So it makes sense to bring everyone together, build a highly optimized standard reference library, take it to NIST, and even look ahead to putting it into ASICs." — Charles Hoskinson
The hard problem of key derivation (HD wallets), and the dream of FHE

Lattice cryptography is Shor-resistant, but on the flip side, conventional hardened / soft key derivation (deriving from 24 words) is non-trivial. Since it's undecided which scheme will win, they first want to align, across chains, a scheme-agnostic derivation and hardware wallet standards — for the sake of interoperability, the plan is to move in step before each company puts out its own standard (Algorand ships native Falcon accounts, but waits on HW wallets until it aligns with others).

A further-out dream is FHE (fully homomorphic encryption). If you build an on-chain "key generation box" with FHE, the blockchain itself could hold the secret key (public, yet still secret). Signing and key rotation would be possible without decryption, potentially resolving the reliance on HD wallets and recovery phrases at the root. It also connects to the idea of the treasury holding third-party assets (BTC, etc.). That said, after evaluating OpenFHE, the assessment is that practical use still requires about a 1000× reduction in computation.

Topic 5 · Investment Strategy

🚀The Orion Fund and "3–5 unicorns"

Applications for the Draper-affiliated Orion Fund closed on this day. The discussion: it could become the "hub of venture-building" for Cardano. The Orion Fund / Comeda Labs (a venture studio) / Draper Dragon / Draper University form a single universe, aiming to attract large amounts of outside capital.

🔰 So what is the Orion Fund, anyway? (for newcomers · verified against official sources)

In a nutshell — it's an ecosystem investment fund managed by Draper Dragon, funded chiefly from the Cardano treasury. Its initial phase was announced in April 2026, with capital drawn down from the treasury in stages (backed by community vote).

Who runs it?Draper Dragon (a well-known Silicon Valley VC, founded in 2006 by Tim Draper and others) manages it. The Cardano Foundation serves only as "secretariat / administrator" and makes no investment decisions.
Where the money comes fromMost of it from the Cardano treasury (about $75M of the $80M target). The remaining ~$5M comes from outside investors.
What does it invest in?Tokenization of real-world assets (RWA), institutional DeFi, and the like. Direct investment plus a venture studio (incubation support) plus education (hackathons / accelerators).
What problem does it want to solve?The reputation that "Cardano has no success stories" — i.e. a "distribution" problem — which it aims to overturn with funding and incubation. The goal is to push Cardano's TVL past $3B.
Does the money come back?Designed so that returns flow back to the treasury through a vehicle called "Arouet Holdings."

"Is it like Y Combinator?" — There are some similarities. The Draper camp has an incubation base (Comeda Labs), a deployment fund (Draper Dragon), and a YC-style accelerator / hackathon (Draper University). But the core is a "VC fund + incubation," and rather than a single, formulaic short-term accelerator like YC, it's a more investment-leaning setup.

* On the Space, a big figure of "about $5 billion in outside LPs" was mentioned too, but that's a "target" for attracting future outside capital; the initial fund itself is about $80M (of which $5M is outside LPs). "LP = Limited Partner = an investor in the fund" here, which is different from an LP in DeFi (liquidity provider).

Create an anchor investment

A new fund needs an anchor deal that shows "what kind of fund this is." The ideal is a deal that's philosophically / brand-anchored to Cardano (one that won't easily flee to multi-chain). "The worst case is waking up to find 90% of the apps have moved to another chain."

Candidate "narratives"

RealFi (microfinance / bear-market-suited)Pogun (Bitcoin DeFi)Midnight — 3 to 5 differentiated winning paths, each with a different strategy, team, and the economic environment it can weather. If each reaches the billion-dollar scale, the stigma can be shed.

Footprint strategy

The Argentina office has been a huge success. It even sparked a connection with Circle (Jeremy Elari) and hosted 20+ events. The plan is to build similar bases in Miami / Austin / NY / Silicon Valley, as permanent homes for hackathons, EIRs, and showcases.

🦣 Aside: the biggest return from Charles's VC "cFund" wasn't crypto

The biggest investment of cFund is Colossal — the biotech company trying to bring back the woolly mammoth, which also "resurrected" the dire wolf (the extinct giant wolf). They got in at a low valuation, and it's now valued at about $12 billion. Charles says, "I want the anchor investment to be Cardano-related — a deal with a reason it can't philosophically or brand-wise pull away from Cardano."

📌 Fact-check notecFund = a $20M blockchain VC established in 2020. IOHK (= Charles's company, now IOG) is the main backer, and Wave Financial manages it (IOHK put in half, $10M). Rather than "Charles's personal VC," it's a fund with IOHK as the primary backer.
Colossal is a real biotech company that "brings back extinct species," and Charles is one of its investors (officially confirmed). Its valuation is about $10.3B (as of September 2025) — slightly lower than the "$12B" said on the Space is the accurate figure. The dire wolf: three pups were announced in April 2025, but in reality they were "gray wolves with edited genes," and whether it's true "de-extinction" is debated among scientists. For the mammoth, the goal is an embryo in 2026 and the birth of pups in 2028.
"In Silicon Valley, people now say 'why would you build on Cardano?' This isn't a technology problem — it's a 'distribution' problem. That's the world where Orion comes alive. They won't build StarStream, but they can join the conversations that solve the perception problem." — Charles Hoskinson

Topic · A listener-driven blowout (recording 4:00 / 5:30)

🦄The "Unicorn Reinforcement Loop" Debate

Following Charles's remark that "we need 3 to 5 unicorns," one listener (nicknamed Futurist) made an impassioned case for "manufacturing unicorns by booking revenue back and forth between companies." A finance pro fired back that "that's effectively fraud," making for one of this Space's most heated exchanges.

Proposal: A reinforcing ecosystem loop

Citing the "meme" of OpenAI, Microsoft, and Amazon signing huge deals with one another, the idea is to set up 4 to 5 holding companies and cycle $20-30M in annual revenue between them. Even at a 5-10% gross margin, at "30-50x valuation" you could "on paper" mint a $1-1.5B unicorn. A revenue-swap via Colossal × Midnight was also floated.

Rebuttal: That's Enron-style accounting

A former investment banker warned: "If it's an open cabal, you go to jail. $20M in / $20M out means EBITDA is zero. Pulling revenue forward always unwinds eventually." Though he added that "the SaaS industry and token emissions have propped themselves up this way for years." He also cited Chamath's "SaaS ouroboros."

The conversation branched out to the SpaceX IPO (96% lockup, roughly $2T market cap immediately after), acquisition strategies of payment companies, on-chain analytics businesses like TRM Labs, and even a space-mining fund called "M31." One listener argued that "Jobs and Musk, aside from SpaceX, are all B2C. Today's consumers are hard to convince, so the real battle is a B2B/enterprise mutual-reinforcement loop," closing by saying he wants to put the question to Charles himself next time.

🤖 "Aren't the top AI companies doing the same thing?" — Exactly right

It's a sharp point, and Futurist himself held up the huge OpenAI / Microsoft / Amazon deals as his "template." In fact, right now, NVIDIA invests in OpenAI → OpenAI uses that money to buy NVIDIA GPUs, along with big deals with Microsoft, Oracle, and AMD… these "money-going-in-circles trades (circular / round-trip deals)" are being widely reported and have become a central point of the "AI bubble" critique. It's precisely a setup where "one side's revenue becomes the other side's revenue."

So what did the pro object to? — The dividing line is "whether there's real substance behind it." If actual products or value are being exchanged, it's a legitimate business transaction (Charles's Samsung↔Apple example: they sue each other while still supplying each other memory). But if it's just money circulating with nothing behind it, then EBITDA is zero and it will inevitably unwind = it edges toward Enron-style window dressing. Opinion is genuinely split on the big AI deals too — "real demand, or accounting that just makes things look good?"

🔎 So how did it end? Is it a viable strategy?
The debate reached no clean resolution. The finance pros warned strongly that "pure revenue round-tripping is fraud and will collapse eventually," and Futurist himself conceded that "my proposal is on the thin, borderline-acceptable edge" and "really this is something I should take straight to Charles," before the topic drifted off toward SPACs and payment-company acquisitions.

The "viable / not viable" line you can draw from it:
Inflating valuation alone through empty revenue circulationNot viable (illegal, fraud risk, guaranteed to unwind).
Genuine partnerships and mutual deals backed by real demandViable, in fact the gold standard (both sides' numbers grow as a result).
⚠️ There's also a "grey zone" in between — e.g. ① token emissions (a project showers rewards in tokens it prints itself to "buy" activity or deposits), and ② the SaaS "ouroboros" (VC-funded companies buy each other's software and pass revenue around in a loop; an ouroboros is the "snake eating its own tail" — a symbol of circularity). In both, the revenue and the numbers look "real," but partly it's just the same money or self-issued tokens going around in circles — and the thinner the substance backing it, the more dangerous. That's the practical lesson from this debate.
⚠️ This debate reflects the personal views of individual speakers and is not a recommendation to act on it. As noted within the discussion itself, manipulating valuations through mutual revenue booking can be illegal depending on context.

Topic 6 · The heated main event

💡What "Marketing" Really Is: "Vision"

Charles's long answer to the community's call (from Alpha) for "more marketing."

⏱ Quick takeaway (Charles's answer): Most people who say "advertise more" actually just want someone to spread the "right answer" they have in their own head. So what's needed before advertising is — ① agree as a community, through governance, on "the core KPIs and the 5-year goal" → ② tell that "vision." In other words, what marketing really is, is "vision (where are we headed)," and only once that's set does advertising work. That's his argument.
↓ Below is how Charles arrives at that conclusion (a long argument woven with Jobs and Musk examples). It starts with a "deliberately unanswered question."

STEP 1 — The shakeup: firing back with "which matters more?"(= deliberately not giving an answer)

TVL ⇄ TX count per block

Which you prioritize changes the strategy.

Number of dApps ⇄ Value of the top 5 dApps

Quantity, or quality.

Node count (decentralization) ⇄ TPS

Decentralization, or performance.

10 companies on 1 codebase ⇄ 3 companies on 3 codebases

Unified diversity, or implementation diversity (Haskell/Go/Rust nodes).

👉 And that's exactly why Charles's "answer" is this: every one of these points has "a legitimate difference of opinion." People who say "do marketing" often just want someone to broadcast a "specific answer" already in their head. So first get community agreement through governance on "the core KPIs and the 5-year goal" — that, he says, is the precondition for effective marketing.

STEP 2 — Why "vision"? (four pillars supporting the conclusion)

Charles backs up the conclusion above ("marketing = vision") with these four points (= his reasons for "why vision before advertising"):

  • ① Start with the end in mind: assume you've closed a big round three years out, then work backwards to lay out milestones and KPIs. → In other words, the "goal (vision)" comes first.
  • ② "Me too" loses: "we also have high TPS / smart-contract support" isn't differentiation and leads to a race to the bottom on price (e.g., SUI is faster and better than Solana yet still can't win on adoption). → So you need a "different vision."
  • ③ Vision attracts the doers: "execution is downstream of vision. Great executors can be hired anytime. What's rare is a vision people genuinely want to join." → With a vision, the people come.
  • ④ Back to roots: make Cardano an identity and a movement, more than "just a currency." The legacy built over 10 years, decentralized governance, EUTXO, Ouroboros — you can't buy or replicate those. → This is the very core of the vision worth telling.
🎯 What the four points share: they all converge on a single argument — "first decide 'where you're headed (the vision)'. Advertising, top talent, and execution all follow naturally after that." The Jobs and Musk examples (below) are cited as real cases of this "vision-first" approach.

🍎 The three things Steve Jobs did in 1997

① Donated the old Macs to the Stanford museum to break the "past addiction" / ② Focused the whole company on the iMac / ③ With the "Here's to the Crazy Ones" campaign, moved the computer from a "commodity" to a "lifestyle product." He built a profit structure where a single logo let it sell for 20-30% more, then reinvested into the iPod → a multi-trillion-dollar company. "Cardano needs the same transformation."

🚀 Elon Musk and SpaceX — "the vision guy"

Even when Boeing offered $300K plus benefits, engineers chose SpaceX at $42K a year with no benefits — because "they wanted to be part of the team going to Mars." Musk keeps winning because he's "the vision guy" and leaves execution to people like Gwynne Shotwell. "Cardano too should fight with a vision that, if it wins, something good happens for humanity."

🤖 The "Anthropic vs OpenAI" analogy (per Charles)

Charles cited Anthropic as an example of a "principles-based approach" — "from the start they had a strict philosophy for building AI, and they stuck to it. While OpenAI and others chased 'the bouncing ball,' Anthropic quietly pursued its mission, closing the gap with each release, until it finally outpaced a rival 10 times its size. They built an AI constitution — we have a constitution too. There's an overlap there."

"No single person is smarter than everyone. No individual can beat the decisions made by millions of people coming together. That's why I obsess over governance design — bundle the wisdom of the crowd, and the rest is just execution." — Charles Hoskinson

Topic · App spotlight [Feature] (recording ~3:40 / 3:52-3:59)

🏦RealFi Feature — A Deep Dive Into "The ETF of DeFi"

The app Phil called "what I'm most excited about" and Charles rated as "an absolute delight." It's a passive financial vehicle that requires no active position management. Let's break down the key points in real detail.

📖 TermFinancial vehicle = a "container / mechanism" for putting money to work (an umbrella term for mutual funds, ETFs, funds, and so on). Passive = the type where professionals or a mechanism run it for you without you having to buy, sell, or adjust yourself. The opposite is active, where you trade diligently on your own. So a "passive financial vehicle" is essentially "a container for investing that keeps working even on autopilot."

① What was the problem in the first place (traditional Cardano DeFi)

Boiling down Phil's explanation — earning yield in today's DeFi takes this much effort:

  1. Prepare two tokens: for example, ADA and a "Foo token," and pair them up.
  2. Create LP tokens: deposit both into a DEX to provide liquidity → receive LP tokens.
  3. Staking/farming: deposit those LP tokens into another contract and earn rewards in farming tokens.
  4. ⚠️ Here comes Impermanent Loss: if the two assets' prices diverge, you take a loss. "It's called 'impermanent' only because semantically it isn't finalized yet — in reality it's a bona fide, permanent 'real loss'" (Phil).
  5. Constant maintenance required: watch the charts, rebalance, and keep shifting liquidity between pools as volume changes.

📉 Impermanent Loss, made clear with numbers

In one sentence — when you provide liquidity (LP), you miss out on the "upside" of an asset that rose in value. Because the pool "automatically keeps the ratio of the two assets constant," it sells off the one that went up and buys more of the one that went down, all on its own. The result: your value shrinks compared to simply holding.

Concrete example: say you deposit one $1 ADA and one $1 FOO into a pool, $2 total. Then FOO's price doubles:

If…You had just heldYou had deposited in the pool
Value in hand$3.00about $2.83
Difference— (baseline)about −$0.17 (about −5.7%)

That −$0.17 is the Impermanent Loss. Because the pool "automatically sold off the FOO that rose," you lose out to someone who simply held.

🧊 Why "impermanent"?Because if the price returns to the original ratio, this loss disappears, it's called "impermanent." But as Phil says, in reality it often doesn't return, and once you withdraw the loss is locked in = a "real loss." RealFi's aim is to take this active management and IL headache off the user's shoulders (= the "ETF of DeFi" up next).

② RealFi's answer = "The ETF of DeFi"

The current DeFi "meta"

Per Phil: "the modern meta is no longer day-trading on Uniswap. 99% of the money is in low-risk, long-term yield." The mainstream is to "park it" in Morpho Vaults, Ethena, Aave, and Curve/Uniswap stableswap pools.

The ETF analogy

"Most people don't actively day-trade stocks; they buy an ETF that handles the active management for them. RealFi is the DeFi version of that ETF." It's similar to Ethena or Morpho Vault in that "you don't micro-manage — you leave it to the mechanism/managers" (i.e. not the same product, but a similar "passive-investing experience").

A "you can recommend it to family" design

"No worrying about liquidation, no shoring up positions, no chart-watching. This is a Vault, and the management is done for you. If it goes well, yield accrues passively over the long term — a real financial vehicle you can recommend to friends and family" (Phil).

🔰 Unpacking the terms: "meta" and "Vault"

What's "meta"? — a gaming-derived turn of phrase meaning "the dominant strategy / standard play considered most effective at the moment." "DeFi's modern meta is no longer day-trading" = the current mainstream has shifted away from making money by trading diligently (day-trading) to simply "parking" assets in low-risk, long-term investing.

What's a "Vault"?a "safe / investment box" you deposit funds into. Once deposited, an investment strategy runs automatically inside, and (if it goes well) yield accrues. But the yield fluctuates, and principal is not guaranteed (see the Ethena caution below).

💵 What is Ethena (USDe / sUSDe)? — understood with a diagram

A "synthetic dollar" that grew fast on Ethereum. Not a bank deposit — it's a mechanism that holds a dollar's value while generating yield through a crypto-based "two-sided (delta-neutral)" strategy.

Holds two positions at onceThe aim
Spot long: holding staked ETH and the likeearns staking rewards
Futures short: "selling" an equal amount of ETH futuresearns funding + cancels out price movement

The key: ① and ② offset each other's price movement (if ETH rises, ① gains and ② loses the same amount; if it falls, the reverse). So the price stays stable near the dollar, and only "staking rewards + funding" remain as yield. The yield-bearing version of this is sUSDe (a token whose value grows once you deposit). As of 2026, the annual yield is reported to be roughly 9-12%.

🧊 A level-headed take (important)Ethena is not a "risk-free bank deposit." There are real impairment scenarios: funding turning negative / the exchange (counterparty) going bust / the stETH collateral depegging from ETH / smart-contract vulnerabilities, and so on (the reserve fund is merely a "buffer," not a guarantee). Plenty of people have ultimately lost money in this kind of "passive investment," most often when exactly these risks surfaced. The accurate framing is not "passive = you won't lose money" but "the management effort goes down, but the risk remains."

③ How it's actually run (the internals)

To the question "Does an AI agent run it?", Phil answered that it's run via two allow lists.

🔗 On-chain allow-list strategies

A pre-approved list of DeFi strategies — Alchemix (DeFi where the yield auto-repays your debt) / Morpho (lending that makes borrowing and lending more efficient) / USDC (US-dollar stablecoin) / T-bill (short-term US Treasuries) yield sharing, and so on.

🏛 Off-chain private credit

Investments outside the crypto sphere, such as the private credit market (non-public lending to companies and individuals). RealFi's management team combines and manages these two.

🧊 A level-headed takeThe RealFi team is confident, but whether it can continuously secure high-quality private-credit deals is an unknown. This space is opaque and illiquid, with default and fund-freeze risk, and a track record is what matters. "Whether the source of the yield is truly sound" is something to judge after launch, by examining the internals.

④ RealFi's "story," as Charles sees it

Charles frames RealFi as an investment narrative like this — it's a microfinance play whose yield source sits outside of crypto, so "it's a good product that works even in a bear market" and "it has the lens of banking for the unbanked, with a feel unlike anything else." He's pinning hopes on it as one of the 3-to-5 unicorn candidates.

🧊 A level-headed takePhrases like "passive, management-free, recommend it to family" are appealing, but they don't mean zero risk. ① Smart-contract risk remains. ② The strategies used under the hood (Ethena-style synthetic yield, private credit, etc.) each have real-world precedents of impairment or freezing, and can be damaged in a correlated way during sharp market swings. ③ "Managed for you in a Vault" presupposes trust in the management team and the allow lists, and off-chain private credit in particular tends to be opaque and illiquid. ④ It's still a pre-launch project. The healthy way to view it is not as a "principal-guaranteed safe asset" but as a place to invest once you understand the internals and the counterparties (this page is not investment advice).

Topic 8 · Designing governance

🏛Governance and the "executive function"

Separate the time horizons

Multi-year efforts like Orion (3–5 years) and events only months away like Token2049 are being mixed into the same decision-making space. Long-term work (research, VC) and the near term (events to execute right away) should be handled separately. Research and post-quantum results will bear fruit around 2030.

Risk of a few running the show (concentration of votes/influence)

At bottom, this is about the concentration of votes and influence. Today's "loosely coordinated" style of running things is easy to exploit, and if a handful of large DReps or a small group of insiders wield strong influence behind the scenes, you can end up in a state where "anyone they dislike never gets funding again." That is the risk of oligarchy (rule by the few). The argument is to avoid this by building in democratic consent through an explicit executive function.

Introducing anonymous voting

To address the problem of people holding back their votes for fear of retaliation, or acting purely out of self-interest (quid pro quo), private voting (anonymous voting) via Midnight is being considered. There is even a plan to move part of Catalyst onto Midnight.

🗳 Worth watching: private (anonymous) voting via Midnight

When it is plain to see who voted for what, people cannot vote their true conscience because "they don't want to be retaliated against." The result is rampant quid pro quo voting that curries favor with whoever holds power. A notorious historical example is Tammany Hall (the political machine that ran 19th-century New York, "buying" votes by handing out jobs and patronage, and leaving a legacy of infamy through the corruption of Boss Tweed and others). Charles points out that this pattern of "public votes = deference, retaliation, and vested interests" can be seen to some degree in Cardano governance today.

Hence the idea of introducing anonymous voting that uses Midnight's privacy technology so that "who cast which vote stays secret, yet the tally can still be computed correctly." There was also talk of a plan to put part of Catalyst (community fund allocation) on Midnight. Eliminating the "stay silent out of fear of retaliation / only act when it benefits me" dynamic and reclaiming genuine consensus-building — this is a move that could change the quality of governance from the roots up.

The idea of "moving the conversation off X"

Once it becomes a contest of appearances, debate breaks down. X — which runs on grandstanding by people who just want to be seen, and on rage bait that stokes anger — is fundamentally ill-suited to "consensus-building." That is the concern.

💡 Here's the crux: the idea is to build "a Cardano-only conversation channel that only ADA holders can enter." The foundation already exists — Midnight's Discord has roughly 49,000 members, they have built in-house tools comparable to the Ethereum world's Guild.xyz / collab.land, and they want to launch it in 3–6 months. The aim is to move debate from "toxic public social media" to a "deliberative space" backed by the verified identity of being a "holder."

"Even if things get adversarial, that's confined to specific issues. On other issues — Pentad, or Draper — we can see eye to eye and engage constructively. It's the same as Samsung and Apple slugging it out over patents while one supplies the other with memory. That's the grown-up way to do it." — Charles Hoskinson (on the relationship between CF and IOG)

Also drawing attention is a translation gap around Emurgo's "departure." In English it was "stepping away from the Pentad," but in Japanese it was rendered as "stepping down from being a founding entity of Cardano" — so the note goes (*mentioned within the Space; for the official position, check each company's primary sources). IOG itself is transitioning to a venture-studio model (an organizational form that continually spins up and grows new businesses in-house), and the Haskell node is slated to be spun out to a different steward next year.

Topic · Deep dive (recording ~2:15 / ~3:05, and various other points)

🌙Midnight deep dive — a new kind of ID through "selective disclosure"

Midnight, which Charles named at the top of the "Big 4." Here we organize the key points raised in the Space, digging into the technical substance. First, as a foundation: Midnight is a privacy-focused partner chain, a separate company with its own blockchain and its own budget (kept separate from Cardano's Treasury).

The core = ID through selective disclosure (what Charles calls "Midnight Passport")

*"Midnight Passport" is the name Charles used in the Space; we have not been able to confirm it as an official product name. That said, the selective-disclosure ID capability itself does exist in Midnight (see the note at the end).

What can it do

You can verify "whose account this is" while keeping the identity hidden until later. If you sign with a wallet, you can say "this is Phil's / Esco's wallet, and only the owner can sign," and later prove "yes, it really was mine."

The "no wriggling out of it" property(non-repudiation)

A signature can only be created by the owner, and later you cannot deny "it wasn't me" either. So even after a wallet is compromised, you can prove "this was originally mine."

A "fair compromise" on KYC

Charles: "I understand the value real people place on KYC. But the risks outweigh the benefits. So we need a different ID primitive — selective disclosure. That's the fair compromise."

🍺 "Selective disclosure" in a nutshell

When you're asked for age verification at a store, you show only that "you are over 20" without revealing your name, date of birth, or address — that is selective disclosure. Think of Midnight's selective-disclosure ID as a mechanism that cryptographically achieves "proving only the necessary fact while keeping all other identity information hidden."

"You can build a proof-of-ownership structure without revealing the identity. So even if a wallet leaks, you can later prove 'this was actually mine.' This is one of Midnight Passport's many applications." — Charles Hoskinson

Where it's useful (applications raised in this Space)

  • The challenge exposed by the SecondFi incident: the idea of "proving you're the owner after the fact even if your keys leak" — the context in which Charles said "that's why we need this kind of ID" (→ SecondFi incident). *The actual recovery app this time was not Midnight but built with Cardano/Gnark.
  • Safe post-quantum migration: because you can demonstrate ownership without relying on signatures or public keys, it can be used for migrating to post-quantum addresses (→ see the explanation at the end of Gnark×WASM).
  • Anonymous voting: enabling people to vote in governance without fear of retaliation (see below).

Anonymous voting and governance

Charles points out that when people fear retaliation or bullying, they start to "stop voting / only act when it's in their own interest," giving rise to the 19th-century American Tammany Hall-style quid pro quo voting. As a countermeasure, there was talk of a plan to put part of Catalyst on Midnight and introduce anonymous voting.

Community and tools

A 49,000-member Discord

Midnight's Discord has roughly 49,000 members. They have already built many tools in-house, and the idea is to roll them out over 3–6 months, benchmarking against the Ethereum world's Guild.xyz / collab.land.

The ADA-holders-only channel idea

On the view that a public venue like X becomes self-destructive as it turns into a stage for showing off, the idea is to move debate to a Cardano-only channel that only people who have proven ADA holdings can enter. Midnight's tools are envisioned as the foundation for this too (→ Governance).

📌 Fact-check addendum (confirmed against official information)We later verified this against official documentation and the like — Compact is a real dedicated language, a TypeScript-based DSL. The compiler outputs zero-knowledge circuits. As mentioned in the Space, the proving system is Halo2-based, not Gnark (Pluto-Eris curves, Kachina / Zswap protocols), with proofs of about 128 bytes and on-chain verification on the order of milliseconds. Midnight is a partner chain with its own validators/consensus (not an L2), its native token is NIGHT, and its mainnet went live on March 30, 2026 (currently in a federated phase). Selective disclosure is implemented as W3C-compliant DID + Verifiable Credentials, with the raw data (date of birth, net worth, KYC status) staying on the device while only commitments and ZK proofs go on the ledger (= the "age check" analogy in the body text matches the official explanation).
Note that the product name "Midnight Passport" cannot be confirmed officially; it is the term Charles used in the Space (the capability — ID through selective disclosure — does exist). Privacy-focused chains, for all the strength of selective disclosure, also face an inherent headwind: the gaze of regulators. For the latest, accurate specs, check midnight.network / docs.midnight.network.

Topic · Practical Q&A (recording 5:00–6:00)

🌙Midnight's partnerships, budget, and ambassador activity

In the latter half, questions from the community came thick and fast about the organizational and partnership realities around Midnight.

Ian Cain moves to Cosmos

Ian Cain, who had been Midnight's head of partnerships, moved to become head of partnerships at Cosmos for budget reasons after having contributed 100+ partners. "Good dude and highly capable. Maybe Midnight was just too new to fit in the current budget," went the assessment. His move to a competitor and the handling of NDAs / non-competes drew attention.

Midnight's budget is separate

Midnight is a separate company with its own blockchain and its own budget, separate from Cardano's Treasury-withdrawal process — the setup was summed up as founding entities doing the hiring.

The raw reality of ambassador activity

One listener said, "With 12,000 LinkedIn connections I've done outreach to 100-plus people, and I want to get $200M (≈¥30B) into Midnight from a party called 'Ascot.'" There was also a moment touching on branding training in Japan. It was also mentioned that much of this activity runs on volunteerism.

🧊 A level-headed takeThis is the person's own "goal / aspiration," not a done deal ($200M ≈ ¥30B, at ¥150 to the dollar — that's on the order of "30 billion yen," not "300 million"). "Ascot" is also an uncertain name derived from automatic transcription, and its true identity is unknown. It's more accurate to read this as one individual's wish, not an official Midnight fundraise.
💬 Overall, the advice was repeated: "Even a good idea hinges on product-market fit (= the state where product and market mesh) and choosing the right partners. First show 'it actually works' with a small MVP (minimum viable prototype), interview 100 people to prove 'the numbers (demand) hold up and customers show up,' and only then raise money." — In a word: "Confirm it works, the numbers hold up, and customers show up, then proceed."
🧊 A level-headed takeA head of partnerships moving to a competitor (Cosmos) right after building 100+ partnerships, however well-regarded the person is, hints at two things. ① A money (budget) problem: the stated reason is "budget circumstances" = there wasn't budget to allocate to that role (in other words, close to "cut for lack of money"). ② Key-person dependency: the organizational fragility that 100+ partnerships rode on "that one person," and when they leave, the relationships and momentum may drain out with them. This is only one indicator, not a verdict, but it's fair to treat it as a sign that Midnight's business development can't be called rock-solid (plus, privacy-focused chains face the inherent headwind of regulators' scrutiny).

Topic · Actually one of the biggest chunks (recording 0:00–1:00 / 5:00–6:00, etc.)

🤖Behind-the-scenes AI industry talk — Anthropic vs OpenAI

It's a Cardano Space, but in fact candid assessments of AI coding tools and each company's models took up a long stretch. We summarize the key points as the panelists' "voices from the field" grounded in their own experience (this is strictly personal opinion and gossip, and accuracy is not guaranteed).

Model takes (panelists' opinions)

  • The read that Anthropic is struggling under compute constraints (citing Dario's public statements). Gossip such as "they're shipping Opus to protect Fable (the high-performance model)."
  • Voices saying "Grok 4.5 is better than Opus 4.8, and orders of magnitude cheaper." "If you lose on the model, it's over."
  • "The latest GPT has high intellectual maturity and isn't a sycophant." Though there was also the assessment that "for programming I still trust Claude."
  • Charles favorably cited Anthropic's AI constitution and principled approach in a separate context (→ see the vision discussion).

Coding "harness" culture

  • Beyond Claude Code / Codex, they rattled off many tools including Open Code, Slate, Hermes, Conductor, Droid, and Charm.
  • Praise for Cursor "building a cheap RL-trained model (Composer) without owning compute."
  • They got candid even about tricks for burning through subscription credits (like running long-running tasks right before the deadline). There was even a claim of "consuming tens of thousands of dollars' worth of compute in a single day."
  • The level-headed punchline: "What works better than the harness is 'actually understanding what you're trying to do.'"

🪞 Editor's note (on how to treat this topic)

This AI-industry talk is heavily laced with the panelists' opinions, gossip, and jokes on the day (model rankings, pricing, each company's internal situation, and so on). It's talk that depends strongly on timing and individual usage, so please don't take it as fact. For accurate specs and pricing of each model, check each company's official information. We include it here as a record that "these were the topics buzzing in the Space."

Topic · Practical material (recording 6:00–6:40)

🔧"Practical wallet tips" picked up from the chatter

Mixed in with the late-night chatter, there was actually some useful knowledge too. It's based on the panelists' anecdotes, so act at your own risk and after verifying.

The same seed can be reused across many chains

Because most wallets implement the same standard (BIP-39/32, the 2048-word list), you can often import the same seed phrase into other chains too. "I'd made as many as 5 wallets for a single chain, but actually 5 total would have been enough."

The only risk is a "malicious wallet app"

When you put an existing seed into a new chain's wallet, the danger is the case where the new wallet software that chain recommends actually steals your seed. Verifying where the software comes from is essential.

Don't put your assets in "one basket"

The urge to consolidate is there, but "putting everything into one is scary." Splitting across at least 3–5 wallets by purpose (e.g., storage / trading) is reasonable — a pragmatic landing spot.

"History management" for people who don't know Git

To a beginner who "saves every change in timestamped folders," a panelist shared a real example of using Google Docs/Sheets' edit history in place of Git (tracing back through history to fix an anomalous inventory value). There was also the unguarded confession that "the note with my seed — I left it back in Japan"… (= do not imitate this kind of management).

Topic · Other moments

🎬What happened in the Space (digest)

😢 A hacking-victim asks for help

A listener who had believed in the project since 2017 confessed that "today over 300,000 ADA was drained — it was the worst day of my life." The speakers responded: "First of all, don't ask for help in the Space (scammers will swarm you) — DM us through the official app." They drew a frank line: "If it stems from the SecondFi incident, it's eligible for compensation. If it's a separate cause like phishing, compensation is extremely difficult."

🤝 A mood of "the industry is in a unification phase"

With Algorand's Bruno and CF's Alex on stage, the host repeatedly stressed that "collaboration beyond tribalism is where the value is." "As long as we share the same North Star, we can compartmentalize the small differences of opinion."

🌐 Where Cloudflare fits in

"Vercel? No, we used Cloudflare R2" — they described adopting R2 to serve the proving artifacts, chopping 2GB into pieces and streaming it to 16 Web Workers (published on the very same Cloudflare as this page).

🏛 A Treasury proposal: "Where do I send it?"

An earnest voice: "I understand the application process for a 100,000 ADA Treasury withdrawal, but I don't know who to send it to." Practical advice flew back and forth: "Eva / John are looking at proposals," and "for CF, LinkedIn/email works better than X."

🎓 College clubs as a governance use case

Noting that US fraternities/sororities still manage voting and attendance in Excel, someone proposed making them a target application for Cardano governance/voting. A caveat: "First confirm whether they'll actually use it — i.e. verify PMF."

🌌 Skepticism toward celebrity partnerships

Past bull runs pulled in celebrities, but "they only showed up to collect a check." "The moment it's tied to big money, they dump on us" — a voice against casually recruiting celebrities.

😈 Banning troll accounts

Multiple alt accounts like "Satoshi's bride / Ocean Bride" slipped onto the stage and were banned. They spoke of watching out for "a person cycling through 12+ accounts."

⚽📺 World Cup, movies, history chit-chat

The World Cup (Spain beating France, Messi jokes), clone-movie theory, UFC, and even a full-on lecture on the Reconquista and Roman Empire history, plus a breakdown of the anime "Code Geass" — the kind of tangents only a 7-hour marathon can produce.

📝 Beyond the above, the late-night hours run on for a long time with pure chit-chat — off-color jokes, inside jokes, playing music, and so on. For the full picture, see the primary source (full text).

Supplement

📖Mini glossary (clarity first)

Hard words explained with everyday analogies. Want to dig deeper? Follow the "🔗 Learn more" link on each card.

Groth16

A tiny "pass" stamp that proves "it's really true" without showing the contents. The stamp is small, so it's easy to put on a blockchain.

🔗 Learn more

Gnark

A craft kit (written in Go) for making that "pass" stamp. This app was built with it.

🔗 Learn more

K21 / K20

The "size" dial for the computation you prove. The bigger the number, the sturdier but heavier. This time they chose the sturdy K21.

🔗 Explained on this page

proving key

A huge "template" (about 2GB) for making the stamp. Everyone uses the same template. There's no secret inside it.

🔗 Explained on this page

WASM's 4GB limit

A rule that the browser's "work desk" can only spread out about 4GB of stuff. That's why heavy proofs were so tough.

🔗 Learn more

Web Worker

A "clone worker" inside the browser. Sixteen of them split up and handle the heavy work.

🔗 Learn more

Cloudflare R2

A "giant warehouse on the internet" that delivers huge files around the world. They used it to serve the 2GB template.

🔗 Learn more

Lattice cryptography

Cryptography that uses a "grid mesh." Inside it, "finding the nearest point" is a super-hard maze that even a quantum computer can't solve.

🔗 Learn more

Falcon-512 / 1024

A "signature that can't be broken even in the future" made with that lattice cryptography. 512 is the lightweight version.

🔗 Learn more

folding / latticefold

A trick that "folds many proofs into one" to make them lighter.

🔗 Learn more

FHE (fully homomorphic encryption)

A "magic box" that lets you compute on the contents while it stays locked. You get the answer without opening it.

🔗 Learn more

VRF

A "dice you can't rig" that everyone can later verify was "genuinely fair."

🔗 Learn more

Midnight / selective-disclosure ID

A privacy-focused chain that lets you "prove only the facts you need" — like showing "over 20 years old" while hiding your name (Charles calls it "Midnight Passport").

🔗 Official

non-repudiation

An "un-erasable signature" that keeps you from denying it later — "yes, I really did this."

🔗 Learn more

Impermanent Loss

When you deposit two assets, the one that goes up gets sold off on you, leaving you "better off if you'd just held" — a slow bleed.

🔗 Learn more

Ethena (USDe/sUSDe)

A synthetic dollar that "hedges both sides" with crypto to keep the price stable and earn interest. But it's not risk-free.

🔗 Official

Vault

A "safe that invests your money automatically" where you deposit funds. It runs on its own (which is not the same as guaranteed principal).

🔗 Learn more

mercenary liquidity

"Mercenary money" that flees in an instant for the slightest gain. Popularity you bought disappears just as fast.

🔗 Learn more

Pentad

The "five main organizations" team structure that supports Cardano.

🔗 Learn more

BIP-39 / BIP-32

A "universal recipe" that builds keys from a 24-word passphrase. That's why the same passphrase works on other chains too.

🔗 Learn more

Pogun

A mechanism that "puts sleeping Bitcoin to work" to earn interest (the "Pogan" you hear in the audio is a mistake).

🔗 Learn more

Leios

A "next-generation engine" that makes Cardano faster and able to handle much more.

🔗 Learn more

harness

The "command center + toolbox" for putting AI to work. It orchestrates how many AIs work and how.

🔗 Learn more

EBITDA

A gauge of "how much a company can earn from its core business." If this is zero, there's nothing inside.

🔗 Learn more

Primary source

📄Original transcript (full 7-hour version)

This summary is an unofficial reconstruction by a third party, based on the full text (about 65,000 words) of the roughly 7 hours 13 minutes of X Space audio (title: Game Time 🫶🏽 (Unification station)), which was auto-transcribed by AI (Whisper large-v3-turbo). For those who want to "throw it at their own AI to summarize" or "check the primary source," we've made it possible to view, copy, and download the full text.

7:13:47
Recording length
~65,000 words
Transcript word count
Every 5 min
[H:MM:SS] timestamps included

⚠️ Because it's auto-transcribed, it contains mishearings, inconsistent spelling of proper nouns, and speaker mix-ups. No speaker separation (diarization) was performed. The crypto-tech discussions covered on the summary page appear after roughly 2:00:00 in this recording (the first half is chit-chat and other topics).

🔗 Original audio: x.com/i/spaces/1rGmqqEAmZqGy — recordings of X Spaces can become unavailable after a certain period. That's exactly why this full transcript (below) has been preserved.

Show / hide full text
Open "Show full text" to load the transcript here…