Decentralization Feedback Sandwich

19 Apr, 2026

Good: eth.limo got hacked, but it seems it was the fault of the only centralized part of the internet stack and they owned up admirably¹

Bad: rsETH got hacked via LayerZero and KelpDAO, impacting AAVE v3 among many others. It was fair to expect ex-ante that the projects involved are built with explicit goals² of making this sort of hack impossible

Good: although it was more difficult than expected³, I was able to create a Farcaster account 100% permissionlessly, without any privacy compromises such as providing a phone number, email, or logging into services without ~~wearing a condom~~ using a VPN

Useful Resources:

useful Neynar scripts this repo failed for me, but gave enough clues that with a little attention, me and Claude could get it to work. Be extra careful, because auto-setup.js is fragile with your secrets
open Snapchain/Hypersnap APIs available here, mostly drop-in replacement for the permissioned API
x402 Neynar endpoints no account sign up required⁴
Farcaster docs to optionally verify a wallet. Without taking this step, you kinda look like a bot account. The docs were written before Warplet and before Solana + Monad support, so the examples don't work without slight modifications

N.B. when creating your custody address, create the mnemonic first so you can log into clients. To avoid gas funding pain, I used an existing wallet to create the Farcaster account, then transferred the custody address to a freshly created wallet⁵

Previous Next

DYOR this is slightly more complicated than it appears. See also https://x.com/coinspect/status/2045614188307927261 for nuance↩
and aspirational promises to users!↩
The Base App, Zapper and Firefly had previously rolled out cheap, easy and user-friendly clicky methods for anyone to do this. Base has pivoted away. Unfortunately, neither Zapper nor Firefly worked today, each giving generic server-side errors representing that something has broken in their backends without triggering P0 issues. Cassie said that Quorum will include an onboarding flow↩
afaict I never used this, but it's good to know it exists↩
it feels safer to share the mnemonic with closed-source clients, when the (freshly created) mnemonic doesn't protect any funds. This is a useful, albeit brain-damage-y, method of compartmentalization opsec↩