From Here, Watching the World Through Ninja’s Eyes — Weekly Incident Watch Starts
Yaku4 min read·1 hour ago--
Ninja Medium Series (5.5 / Bridge) — Kazuki Kaneshiro / Founder, ZKSC Inc.
Five Articles Into Foundation Series, Done
In the last month, I wrote five articles. I wanted to write out what I’ve been thinking, once, all the way through.
Article 1: The Day $50M Vanished on Three Signatures — And No One Read the Alert
I reframed the Radiant Capital and Bybit incidents as “Display-Execution Divergence.” Detection tools, left alone, fill up with false positives. Eventually the whole switch gets turned off. Important decisions get made from a single source. Web2 finance took 50 years to answer these two structural mistakes — with natural-language explanations humans can understand, and an independent second channel. Web3 hasn’t brought this in yet.
Article 2: Resolv’s $25M Grew After the Key Broke — Because Automation Ran Wild
I broke down the chain from the private key compromise to the $300M spillover into three structural gaps. One key that can mint 80M USR (single authority). Surrounding protocols swallowing a single source (Resolv itself) whole. No one responsible for dependency visibility. A bank design where one branch manager alone could close a fake loan would be laughable. Web2 finance built Basel-style shared supervision after the 1974 Herstatt Bank incident. DeFi calls itself trustless, but in reality it’s tied together by strings of trust. Something has to verify those strings independently. Ninja’s Position Intelligence focuses on dependency visibility.
Article 3: Don’t Ask the LLM “Is This Safe?”
Asking a device that generates answers probabilistically to make security judgments is broken from first principles. Reproducibility, explainability, and traceability — what financial audit built up — are human wisdom built on “humans make mistakes.” Long before LLMs appeared, financial institutions rejected neural networks as black boxes. They chose logistic regression and gradient-boosted decision trees. Verifiability came before accuracy. Don’t throw away that wisdom in the Agentic era. The feedback loop of verifiability is the core of how society has improved over time.
Article 4: From Trail of Bits’ 11 Examples to 90 Million
I traced the lineage of Web3 security and its path toward public goods. The name not-so-smart-contracts comes from the 11 vulnerability pattern examples Trail of Bits published in 2017-2018. OpenZeppelin, Forta, SEAL 911, Immunefi, ZachXBT — without them, today's Web3 security wouldn't exist. Web2 has CVE / CWE — a 40-year public goods infrastructure. Web3 hasn't reached that yet. I spelled out which parts Ninja opens up and which parts stay as moat. The detection logic for our 17 alert codes — we protect that absolutely. Our participation in ERC-8004 is a declaration: we join the standard design for Agentic Finance.
Article 5: Ninja Knows, ShoGun Stops — The Day 1 to Day 5 Roadmap
I laid out the three-layer architecture (Ninja Intelligence Core / Ninja Delivery Layer / Shogun) and the phased rollout from Day 1 to Day 5, alongside the industry timeline. SEC’s DeFi front-end no-action letter, EU AI Act, MiCA, Japan’s PSA amendment. I argued that the direction of regulation and Ninja’s product plan point the same way.
That was the “Foundation Series.”
From Here, Season 1 — Weekly Incident Watch
If Foundation Series was about why, Weekly Incident Watch is a record of what’s happening.
Every week, I’ll watch the world through Ninja’s eyes. Three formats, mixed as it fits.
(1) High-Risk Patterns This Week
Real high-risk patterns NinjaScan detected — contracts and transactions — within the bounds of public information, with specific addresses. How Entity Intelligence or Action Intelligence fired. How the traffic light lit up.
(2) Incident Deep Analysis
Recent hacks, exploits, and accidents, broken down at the same level as Radiant / Bybit / Resolv. What happened. Why it didn’t stop. What I could see from Ninja’s angle.
(3) Industry Trends
Regulation (SEC / EU AI Act / MiCA / Japan PSA), new protocol behavior, research releases, standardization discussions (ERC-8004 and others). Tracking meta-level moves in Web3 security.
Which of the three, and when — that depends on what’s happening that week. I won’t force a fixed schedule. Threats don’t pick a day of the week. Neither will the record.
To Readers
This isn’t company PR. It’s my personal Medium account. I want it to be an ongoing record of one person thinking about security in the Agentic Finance era.
If you see a suspicious contract or TX, try it on @NinjaScanBot. If the result looks wrong, or you think something got missed — tell me. That’s where Ninja’s Learning Loop starts.
If you run a DeFi protocol and you’re struggling with dependency visibility or monitoring, reach out. If there’s a topic in industry trends you’d like covered, I welcome that too. Fund managers who want to talk for investment review, grant reviewers looking at tech and public value — don’t hesitate to reach out.
All to [email protected].
Next
Foundation Series was about organizing thoughts. Season 1 will be about recording a world that’s in motion.
Next time, I want to start from the most important event Ninja observed this week. What that turns out to be, I’ll decide after watching the world for one week.
I hope this series becomes a way for readers to see the world through different eyes.
— Kazuki Kaneshiro / Founder, ZKSC Inc.
CTA
- Try NinjaScan: @NinjaScanBot
- Follow on Medium: get Weekly Incident Watch updates
- PoC / investor / grant inquiries: [email protected]
- Whitepaper: Ninja Whitepaper (April 2026 Edition) — a living document, updated regularly
