Nockchain
Stay Updated
Nockchain is the
zk-Proof of Work
blockchain

Riscvy Business

Vitalik, RISC-V, Helium, ZKsync, CISA, China

The biggest story in ZK this week is a short proposal that Vitalik Buterin posted to the Ethereum Magicians forum.

He proposes to scrap the 10-year–old Ethereum Virtual Machine and run smart-contracts directly on the RISC-V zkVM.

Buterin notes that half of today’s ZK-EVM proving time is wasted emulating the EVM’s byte-code interpreter; swap it for a general-purpose RISC-V target and you slash prover cycles 50-100x. Two upgrade paths are on the table:

  1. Dual-VM era—new contracts deploy as RISC-V binaries, legacy contracts keep running in the old EVM.
  2. “Interpreter contract”—existing EVM byte-code is wrapped and called from a RISC-V interpreter contract, letting the core protocol expose only one VM.

The storage/call/balance op-codes would stay, but they’d become RISC-V syscalls. The idea dovetails with the wave of RISC-V zk-VMs (Risc Zero, SP1, Jolt, etc.).

Some fear the coordination burden would be worse than “The Merge.”

Some are questioning the merits of RISC-V.

We’re biased, but we think something better than RISC-V might be on the horizon.

News

ZKsync Hacker Returns $5M After Accepting a 10% Bounty. The attacker who drained roughly $5M in unclaimed airdrop tokens from an admin wallet last week sent back 90% before ZKsync’s “safe-harbor” deadline, keeping the 10 % reward. Funds are now held by the ZKsync Security Council, which has opened a governance vote to decide whether the tokens are burned, redistributed to claimants, or rolled into the next airdrop. A post-mortem and upgraded privilege-management controls are due next week.

U.S. Grid Relies on 500 Chinese Ultra-High-Voltage Transformers With Remote-Kill Backdoors. Security researchers report that the number of Chinese-built long-lead-time transformers installed in America has grown from ≈300 in 2020 to at least 500 today. A 500-ton unit diverted to Sandia National Labs in 2019 allegedly contained hardware capable of remote shutdown, prompting Executive Order 13920 (later suspended) and sparking warnings that hardware provenance is a first-order cyber-physical risk. Because only 30 substations can black out the entire U.S., critics argue these transformers represent latent “sleeper cells” inside bulk-power transmission.

AT&T Subscribers Now Roam Onto Helium’s 93K Decentralized Hotspots. In a deal announced by Helium CEO Amir Haleem, AT&T devices automatically off-load to more than 93,000 Helium Wi-Fi nodes across the U.S. and Mexico. Helium supplies real-time “proof-of-coverage” quality metrics back to AT&T, turning a crypto-native incentive network into carrier-grade infrastructure. Helium already claims 800,000 daily users and similar roaming with Telefónica’s Movistar; the network migrated to Solana last year, positioning the partnership as a high-visibility test of decentralized physical infrastructure (DePIN).

Trump Order Shifts Cybersecurity Funding to States, Slashes 1,300 CISA Jobs. An April 18 executive order hands primary responsibility for critical-infrastructure defense to state and local governments even as the administration phases out a $1B DHS grant program and cuts roughly 1,300 positions at CISA. Only 22 of 48 participating states met minimum standards in the latest Nationwide Cybersecurity Review, and smaller municipalities warn of “Balkanised” responses to ransomware and OT attacks. Observers fear the move mirrors 19th-century militia federalism—effective only until the first multi-state incident.

a16z Crypto Buys $55M of LayerZero’s ZRO Under a Three-Year Lock-Up. Andreessen Horowitz’s crypto arm doubled down on LayerZero, acquiring 21% of the circulating supply at a 3-year vesting horizon. The cross-chain messaging layer already routes 145 million messages across 125 blockchains and underpins PayPal’s stablecoin, Pendle, and Wyoming’s state-backed coin. General Partner Ali Yahya framed the bet as “critical FX rails for an internet-native capital market,” suggesting LayerZero will expand into tokenized data and governance services.

Lattica Launches GPU-Accelerated FHE Cloud for Privacy-Sensitive AI Workloads. Tel Aviv-based Lattica exited stealth with $3.25 million in seed funding and a platform that runs transformer inference directly on fully homomorphic-encrypted data, keeping patient or trading records opaque to the cloud. Its HEAL abstraction layer distributes workloads across GPUs, TPUs, and ASICs, claiming 40× speed-ups over academic baselines. Early pilots target HIPAA-compliant clinical-trial analytics and MiFID II-grade financial modeling, positioning FHE as a practical alternative to differential privacy or secure enclaves.

Critical Infrastructure Leaders Are Preparing for the Inevitable. Executives have moved from asking “is the threat real?” to budgeting against assumed breaches. Black & Veatch’s Ian Bramson urges boards to translate CVEs into business-impact terms—“bang the risk register until money comes out.” The new mantra is consequence-driven defense: design for safe failure, rehearse manual overrides, and treat cyber insurance as a hedge, not a plan.

They Stole a Quarter-Billion in Crypto and Got Caught Within a Month. Two twenty-something hackers met on Minecraft servers, phished a D.C. whale, and drained 3,100 BTC (≈$243M). Their flamboyant spending—$569k on one nightclub tab, gifts of Birkin bags and a pink Lamborghini—drew blockchain sleuth ZachXBT, who traced peel-chain laundering across a dozen exchanges. Less than four weeks later the FBI arrested Malone Lam and Jeandiel Serrano, aided by ZachXBT’s on-chain graphs and TikTok evidence. The case underscores how open-ledger forensics and OSINT now rival subpoena power in high-value cybercrime.

Research

Trusted Compute Units: A Framework for Chained Verifiable Computations (2025). Castillo et al. study how blockchains can trust complex work that happens outside the chain without revealing private data or running up high fees. The authors note that existing tools—secure chips called TEEs and cryptographic systems called zkVMs—each solve only part of the problem and rarely work together. Their main idea is a new building block named the Trusted Compute Unit (TCU). A TCU wraps any chosen technology in a standard container, produces a proof that its output is correct, and records a fingerprint of its code in a small on-chain registry. Because every TCU also checks the proofs from the step before it, long chains of jobs become verifiable end-to-end. The team shows this in a federated-learning example and reports that the added delay and cost stay low. This matters because it lets decentralized apps run heavy or private computations off-chain while still giving users clear evidence that nothing was tampered with.

The Sponge is Quantum Indifferentiable (2025). Alagic et al. ask whether the “sponge” design behind SHA-3 still looks random to an attacker armed with a quantum computer—a property called quantum indifferentiability. They break the big permutation inside the sponge into three Feistel-style layers that can be analyzed with the compressed-oracle technique, a quantum version of lazy sampling. Using this tailored model they prove that, even after many quantum queries, the sponge behaves almost exactly like an ideal random oracle, and they give matching bounds for collision and pre-image attacks.  In plain terms, their math shows that the core of SHA-3 keeps its one-way and collision-free character in a post-quantum world. Because SHA-3 and its sponge cousins sit at the heart of most upcoming post-quantum signatures and key-exchange schemes, the result strengthens confidence that those standards will remain secure once large-scale quantum machines arrive.

Preserving Whistleblower Anonymity Through Zero-Knowledge Proofs and Private Blockchain (2025). Mbimbi et al. ask how whistleblowers can send digital evidence to authorities without exposing who they are, or letting anyone tamper with the files. Their idea mixes a private blockchain with zero-knowledge proofs. They add a “dynamic difficulty mechanism” that makes the proof-of-work puzzle harder whenever the evidence is judged more sensitive, giving extra protection only where it is needed. Because every block is time-stamped and cannot be changed later, the chain also keeps a clear record of who touched the evidence. In small tests, the system hid identities, caught any attempt to alter files, and stayed quick enough for everyday use. This matters because fear of retaliation often stops insiders from reporting corruption.

Perspectives

The CCP is Possibly Adding Heavy Metals to American Consumer Goods, Military Doctrine Suggests. Joshua Steinman shares a RAND study examining Chinese military doctrine, outlining the PLA's focus on "system destruction warfare." The strategy is aimed at paralyzing rather than annihilating enemies.

Has China Initiated the Post-Lithography Era? Chinese scientists have created the most complex 2D microprocessor to date—the RV32-WUJI contains nearly 6,000 molybdenum disulfide transistors, each just three atoms thick, representing a quantum leap from previous 2D circuits that maxed out at 156 transistors. While silicon chips are still millions of times more powerful, this breakthrough demonstrates that 2D semiconductors are transitioning "from device-level laboratory research to system-level engineering applications," potentially enabling Moore's Law to continue beyond silicon's physical limits.

Ethereum Could Also Go Trustless. Two years after Ethereum implemented a trusted setup for proto danksharding, new research like the FRIDA paper and practical implementations like FRIEDA and Mikan are exploring STARK-friendly data availability solutions without trusted setups. Perhaps Vitalik will consider this also, @dimahledba suggests.

Why RISC-V Over WebAssembly? Wei Dai argues that WebAssembly already has many desirable properties for smart contracts that Ethereum's EOF (Ethereum Object Format) is trying to add, including the absence of jumps and better static analysis capabilities. He points out that zkEVM work has previously been done with WebAssembly through the ewasm project, suggesting that ZK-friendliness shouldn't be the primary decision factor between RISC-V and WebAssembly architectures.

Yakovenko Claims Solana Could Knock Ethereum Validators Offline. Solana founder Anatoly Yakovenko ignited some controversy suggesting that "a single Solana SPL program spamming blobs could knock every Ethereum validator on AS7018 off-line." While his observation about ISP concentration is accurate—with AT&T serving approximately 38% of U.S. residential users and hosting 19-23% of U.S. Ethereum nodes—others contest the feasibility, noting that AT&T's 10+ Tbit/s capacity makes a blockchain-triggered shutdown implausible in practice.