Preventing Future Issues: Where Good Engineering meets Good Process

Okay. Hi everybody. I'm going to make a video to talk a little bit about some quality assurance items and things that are on the horizon that we need to address for 2026. We lived through a pretty interesting time last week. Basically, there was one chain, and then a transaction came in, leading to two parallel versions of history.

They fought for a little while and then came back together. When you have a hard fork or complete consensus failure inside the system, you run into a situation where you can't just put them back together. As a result, you have to stop the network and manually restart it. Human beings come in and say, "Okay, well, checkpoint," and then you're done. This is the type of situation that Solana has had to deal with when they’ve had to restart their network.

However, there have been other cases where people have had to do this. Traditionally, the chain just runs and runs. Cardano has been in this state for about eight years, give or take, and last week we found ourselves in this precarious situation. This is quite dangerous because while you're operating with this duality, there’s a collection of actors—bridges, exchanges, and DeFi in particular—who live in a world where this is the norm. As a result, they just assume that the chain is running in a particular configuration.

In this scenario, you've temporarily doubled the supply. You have two alternative versions of history, and technically, you could spend ADA here and spend ADA there, effectively creating a double spend. It’s a little different from a definitional sense because, from a local perspective, a double spend never happens, but globally, you actually have two subsets of ADA that you're dealing with. Bridges don’t understand that. Exchanges don’t understand that.

DeFi doesn’t understand that. They’re programmed for one version of history. There’s a write-up that’s coming. The product integration team is putting it together, and it’s a wonderful write-up. We’re all coordinating a lot of disclosures and other things, and there’s a series of escalations in terms of the technical depth and rigor of these discussions to talk about what happened, how it happened, and how it came back together.

It’s truly miraculous that we were able to build a system that could self-heal and recover. Basically, it was a degradation of service—a soft fork that was self-healing. Self-healing in that the network upgraded to a version that could choose a side, and the history was reconciled. Unfortunately, when you have a soft fork, you end up with orphan blocks. There’s going to be a delta between those two.

This has happened over 3,000 times in the Bitcoin space. Before people say, "Oh, well, that’s a design flaw and you guys messed up," Bitcoiners have lived with this over 3,000 times. Every time a miner creates a version of history and the minority chain catches up and supersedes that, there’s a new longest chain, and the block in the old longest chain gets discarded. All those transactions are no longer valid, which is why people wait for finality. They typically wait for a certain number of blocks—usually six blocks in the Bitcoin space.

This can happen in a local sense. It’s very common for Nakamoto-style consensus. Typically, you don’t have a long-chain reorganization. A long-chain reorg occurs when it happens over a large number of blocks—like 10, 20, 30, 50, 100, or 200. This is why bridges, exchanges, and DeFi tend to have different settlement times than the network time.

They say, "Before we consider your deposit to be legitimate, we wait maybe 100 blocks or 200 blocks or something like that." So the single most important thing when you start looking at this is how do we prevent and detect? Those are the two words you’re looking for: prevent this from happening and detect what happened last week to fix it. If you have this situation, the fix is rather straightforward. The network shuts down, and you're not a cryptocurrency for a while.

You have to launch a new cryptocurrency. You’ve effectively manually stitched together the network, and you’ve invented a new version. It’s kind of like Star Trek with the transporters. Some people believe that when you use the transporters in Star Trek and teleport yourself, you’re no longer you; you’re a clone of you, and the old you was chopped up and killed in the teleporter. It’s a similar situation here.

We’ve transported you from one space in time to another and edited something in it. So, you’re fundamentally different. You’re no longer the original chain; you’re a different chain. That’s about as catastrophic as it can become, and you typically don’t want that to occur. In the case of the soft fork, it really is all about the nature and characteristics of these chains.

If you have slashing bonding systems, depending on your flavor of proof of stake, not only can you put the chains back together, but it may result in a huge economic loss for all the people who bet wrong. So you have to be really careful with that. Nakamoto consensus is really good on its recovery when you have a chain split and you pull the forks back together. This is something that Satoshi really thought a lot about, and that’s why we based Ouroboros on many of the concepts that Satoshi had. This is the first time in the history of Cardano where we actually got to test it.

It was deeply uncomfortable, but the system worked according to specification, which is why even Anatoly from Solana praised it. He lives in this world, and we got to experience it. I bet he wishes he had that ability because this is just a different thing. So that’s the fix, but what about detection and prevention? That’s what this video is basically about.

Starting with prevention, how Cardano works: you have a concept of blueprints, building, and then deploying and testing. We use formal methods, and those formal methods are derived from some form of paper—a white paper. The paper follows a peer-reviewed process. We know that the protocols are pretty sensible. The blueprints are written in a formal language.

Then we build, deploy, and test. It’s a very waterfall approach. There’s no way to get around that process. You can’t really be agile because what if you discover something here? You have to go all the way back up the stack.

This is one of the reasons why Cardano has a slower development cadence than other chains. In many cases, other chains live in a spiral development model, starting with building, deploying, learning, and then repeating that cycle until they reach a point where they say they just can’t solve it anymore. This has always been a little more waterfall-oriented. This approach is tremendously useful for the prevention of bugs. We lived in a stable state for eight years, and then suddenly, for a day, we were in this problematic state.

We recovered rather quickly in a way that did not require a hard fork and did not destroy the network. It was pretty cool, and it did not require manual intervention from a centralized actor. It was an organic self-healing recovery where the network upgraded itself after a fix was propagated, and the longest chain won. This typically produces high-quality but slow outcomes, which is the biggest frustration that most people have with Cardano. They say it’s too slow, can’t catch up, etc.

Although you’re probably all glad that we had some mechanism to fix the network and have it self-heal, those formal methods were actually used last week; otherwise, we’d be in a really bad situation. When we talk about prevention, we have to open up this entire process and ask: Are we writing the right papers? Are we doing the blueprints right? Are we using those blueprints appropriately? Are we writing code in a very high-quality way?

Is the way we’re deploying and testing that code sufficient? All of these should be subject to scrutiny. I already talked to Jack from Intersect and said, "You’re the oversight organization, and we have egg on our face as developers. We have to justify how these types of things aren’t going to happen again and how we’re going to do better on the prevention side." We deserve to go through scrutiny as an engineering firm about how each of these components is going to be improved in a way that doesn’t cost more and doesn’t take more time, but overall, the flow through those components is producing better outcomes.

The bug that was exploited here existed since 2022. For some reason, it escaped scrutiny for three years, which is usually what happens with zero-day exploits. When someone has a zero-day exploit, they have them in Windows, they have them in Linux, and your phone has them. Usually, that exploit comes from an old bug, not something brand new. It may not appear to be a bug on the surface, but when combined with some other piece of software, it becomes a bug.

Software is an emergent system with infinite complexity. This will happen, and no matter what you do, you’re going to have some bugs inside the systems, which is why we have to move to the second step, and this is where I would say we are the weakest right now. We got a little lucky with this particular bug because we were heavily monitoring the network and doing simulations for the LAYOS upgrade, and there are independent node builders testing and playing with things. There’s a higher level of scrutiny over the normal operation of the network. What outside people don’t understand is that when you get into a state like this, you don’t instantly get an email in your inbox saying there’s a problem with Cardano.

You think everything is fine for a while. It’s kind of a small leak somewhere in your walls. A little pipe starts leaking, a little crack forms. It’s not you get a text message saying, "Hey, it’s your pipe from your basement in the wall that’s covered up. I just want to let I’m starting to leak and I’m going to be an issue in two weeks.

" No, two weeks later, you notice the wall is really moist, there’s mold growing, and your hand can go through the drywall. You say, "Holy [__], I have a leak." Similarly, when these things happen, you don’t instantly know that they’ve happened. There are telltale signs, like chain quality deteriorating, and you say, "Wait a minute, I think there’s something going on with the network." We have a collection of informal processes and procedures, but one thing we can do—and I think we’re going to explore this in the postmortem and retrospective—is construct a canary network.

This network would be a lot faster and wouldn’t serve an economic purpose; it would serve an observational purpose. A canary network can look at the main net as a watchman and observe from many different perspectives. It can be composed of multiple nodes, have various ways of looking at the chain and the ledger, and constantly ping the main net for challenge responses. It would be a very fast network with sub-second latency, geographically well-distributed, and composed of independent implementations. This canary network could act as an early detection system if something is going on inside the system and pinpoint exactly where that issue is occurring.

It would also capture a cloned mempool that’s enhanced because normally, when you think of a mempool, you’re just saying, "What’s my set of work that I have to do for the next block?" People just take it off the bench and go do something with it. We don’t typically think about how to preserve the mempool history of what people are spamming the network with for a long period of time. In fact, we prune that out. But with a system like this, you could preserve days or weeks of history of pending transactions—just not finalized transactions.

You could be geographically well-distributed and have all kinds of pinging scenarios that exist, composed of multiple independent nodes. Right now, we don’t have a formal notion of a canary network, which is why we got lucky when the detection was early, and we were able to intervene with a patch. A canary network would also have a synergistic relationship with the actors in the ecosystem—your bridges, exchanges, and DeFi. If there appears to be a statistically significant problem, you’d want a signaling mechanism to alert all users or at least those who subscribe to you, saying, "Hey, there’s an issue. Something’s going on.

" The sooner you can do that, the sooner they can flip a switch on their infrastructure to halt operations. This doesn’t mean refunding money or shutting down services forever; it means halting services because, in this situation, you have a tenuous situation where people can game it to steal money from these actors. Long-chain reorganizations are very uncommon—occurring once every eight years—but you need a mechanism to immediately let them know that something is wrong and to stop. You can even put transactions into a pending state, allowing users to still interface with it, but the transactions don’t settle. They go into a queue, and there’s a delay in processing until further instruction comes.

This way, you don’t necessarily lose commerce; you just slow it down while you’re waiting to investigate because it may be a false positive or something very significant. Typically, with a canary network, you also think about what’s called an anomaly detection system, which can use AI. There are tons of amazing anomaly detection systems that can be tuned and parameterized. When they’re monitoring the system, they can say, "Hey, there’s something out of the ordinary. The pings aren’t coming back right.

Consensus is not being achieved appropriately. There’s some issue here." Then you go to the signaling mechanism and say to bridges, exchanges, and DeFi, "Stop." You can also have managed wallets, like Lace, for example, saying, "Don’t relay transactions yet." You can send a message that canary mode has been flipped on.

This requires a pub-sub protocol. I’ve been asking for it for eight years. The reason why there were certain departures in our network team is that they were philosophically opposed to even broaching the topic, even though we’ve written papers about it. There’s some fresh blood now, and it’s a high priority for me for 2026. We will find a path to get this done.

Pub-sub is not an option; it is absolutely essential for us to have things a canary network and a means of easily communicating and coordinating with people. We manually had to call, email, or message all the stake pool operators, all the exchanges, and all the DApp developers. People spent 30 hours straight doing that. It’s lucky that we all kind of grew up with them and know most of them. If we didn’t have the ability to do that, it would have taken a lot longer for the network to be able to self-heal, and the range of damage done by being in this problematic mode would have been catastrophic.

Pub-sub means you can instantly push a button and send a message to all of those actors, and every single person is informed at the same time. This incident alone demonstrates the existential need for it, and I’m so tired of people fighting me on it. It has to get done. That’s going to be a priority for 2026. I don’t care how we get it done, especially given the fact that this can be a separate network protocol running in a separate network.

The canary network has to have the ability to communicate, but it does not have to share the same infrastructure or use the same protocols as the main network because it serves a different purpose. It’s an anomaly detection system, and its purpose is to monitor the network and create a concept of network health. Every cryptocurrency needs this, and you need a set of protocols, KPIs, and other things. We have them, we track them, and we use them when we build, but it’s a bit fragmented, and they need to be standardized and put into a system. On the detection side, if you have early detection, then you can have early intervention, which means that the resolutions are much less problematic.

If all the people engaging in commerce can lock down rapidly, then these types of modes don’t have any economic consequences, giving people more time to recover and self-heal the network. Now, fixing is completely dependent upon your protocol. If you have an Ouroboros-style protocol or Nakamoto consensus proof of work, you’re likely to have a path to self-heal. If you have a BFT protocol, you’re out of luck if you go past the point of no return, and then you have to manually reset the network. There are things you can do to plan for your worst-case situation.

If your canary network is observing the entire network, this is also the perfect place to create Mithril certificates, checkpoints, and proofs. It’s the perfect place for that. You can have a multi-chain embedding with those. You take those and have an on-chain path and an off-chain path. On the on-chain path, you can store them in Cardano periodically or at least the Merkle root of these representations.

Off-chain, you can put them in places like IGON or on the Bitcoin blockchain as a rune. There are dozens of ways you can do that. There’s a small fee because these are small representations, but they’re occasionally archiving things. If you do have to reset things, in the worst-case scenario, the Solana case, you have a source of truth that everybody agrees is there, and it has some degree of auditability and provability, especially since you have more sophisticated dumps of the mempool. This whole concept of a Mithril certificate network is already underway, and then you can start talking about checkpoints with Mithril and all kinds of different proofs.

Starstream also provides an alternative proving mechanism. By the way, this is also where you start with quantum resistance in a non-disruptive way because you can sign these representations with lattice or hash-based signatures that are immune to quantum computers. Even if a quantum computer tries to interfere with the sovereignty of the chain to rewrite it, that’s totally fine. You have a fallback here to recover the state of affairs. Then there’s a meta aspect that kind of lives here, and it’s the constitution and intention.

There are very naive people floating around saying, "Code is law, code is law, code is law." I was a code-is-law person when there was no alternative. The question is, what matters more: user intent or code’s intent? You have code or you have users. Users are subjective and retroactive; they meant to do something in the moment, but now, knowing the consequences, they may say, "I didn’t mean to do that.

" That’s a problem. Code is objective and unambiguous, but in some cases, it does the wrong thing or creates a bad outcome for everybody. What you do is make this more objective and say there’s a meta law above the code. The constitution is there. We have a Cardano constitution, and the vast majority of ecosystems don’t.

They never invested in it; they didn’t So this is your mechanism of quality for dry code. When you look at wet code, that is a social process. Part of that is writing down the proactive intention, and part of that is learning and education. You have to make sure that people have a certain level of knowledge, and part of that involves checks and balances. This includes things like multisig, separation of power, and temporal components, where you force people to wait a certain amount of time to make decisions so they have time to adequately debate and think about them.

Part of that is interim staging. For example, with the detection component, that's mostly a wet space thing. Once you've detected an anomaly, you're sending a message, and those particular systems have to make a decision. Do we feel comfortable operating in an amber alert, or do we want to take a step back and stop for a moment? This involves social conventions and processes.

This is the world of ISOs like 27001, best practices, standards, and governance. Effectively, Cardano is one of the first cryptocurrencies, along with Tezos and a few others, to explicitly create equal precedence for both dry and wet code on-chain. The wet code is ultimately regulated by the constitution. The law of that code is equivalent to, and in some cases greater than, the dry code. We started with excellence in dry code, and now we're working our way through the excellence of wet code, and we have governance systems in place.

Part of fixing issues can also involve social aspects like dispute resolution. Ultimately, dispute resolution comes down to risk and restitution. How do we quantify and manage the risk of the system? When people are aggrieved or there are problems, how do they get restitution? How do they get made whole?

For instance, if some people lost money at a bridge exchanger in a DeFi context as these chains split, we have restorative justice and punitive justice. Restorative justice means we make those people whole, and the people responsible have some sort of obligation to them. Retribution, on the other hand, means we punish those responsible. Any justice or dispute resolution system has to incorporate a little bit of both. You want to disincentivize bad behavior, and there are mechanisms to do that, while also incentivizing cooperation and collaboration.

If we build this entire system the right way and it stands the test of time, the treasury of Cardano can actually get an insurance policy, just like fire insurance, for the entire network. The insurance policy can be owned by Cardano. The protocol itself is a legal entity. The treasury pays the premium, and when an event happens, a claim can be filed for restitution. For example, if there are a billion dollars in losses and a billion-dollar insurance policy, the policy can pay into a smart contract to allow people a verifiable way to recover losses.

You can even self-insure a little by allocating a certain percentage of the treasury as a self-insurance pool, augmented with external insurance. We can create a real-world asset where the network pays a premium, and people can put up ADA or some other asset to earn a passive yield until that insurance policy is called. We can self-insure as a network or create a financial product for it. There are other mitigations for risk management as well. A lot of what I've discussed here is about risk management.

Detecting risk is equally important because if you find a fire early, the odds of it causing significant damage are much lower. If you find a faulty electrical box before it catches fire, you can simply replace it rather than dealing with the ruins of a burned-down building. Currently, we don't have a dispute resolution function because Cardano doesn't have a full judicial branch. We have a full legislative branch, a partial executive function, and a partial legislative-judicial function. As we think about upgrading the constitution, future versions can discuss mechanisms of dispute resolution that don't make sense unless you have a way to capture proactive intent.

This is because you need to objectively understand the contractual relationships that everyone wanted, compare the intention from the transaction, and then have something to work with. However, you would still need arbitration in that case. There are ways to make this compatible with the New York Convention on law, so arbitration on Cardano would be upheld in the courts of over 150 countries. There are many ways to achieve this. We’re learning as a network and growing.

Ultimately, all of this flows into integrity. The question is, how much trust and integrity do I need for onboarding? There are stages to that. You have early adopters and crypto anarchists, then you have institutions that are high-risk, like hedge funds and traders. They have sophistication but are willing to take a lot of risks.

Then you move to the general public, which is what started happening in 2021, and they all got burned because the systems didn’t have enough integrity. Next, you get to high-assurance activities like airplanes, hospitals, national infrastructure, and voting infrastructure. There’s a hierarchy here, and we can explicitly list all of them. As an exercise, you can create your own list. Every single level requires integrity to grow, and only through the pursuit of excellence, following principles and balancing things accordingly over time, can you grow your integrity.

When an event occurs, it damages the integrity of the system. No matter what I say, no matter what we do, no matter how much money we spend on marketing, because of this incident, the integrity of Cardano has been damaged. There will be groups of people for days, weeks, months, or even years who will believe that Cardano is irreparably broken or not worth their time, or that it’s an unsafe system. Whether that belief is justified or not, they now hold it. Integrity is ultimately subjective; it’s a measurement of some group’s belief and the durability of something.

Why do you think gold is valuable? Is it due to some intrinsic property that guarantees its value? No, it’s valuable based on the belief that society values it. What if a new religion forms that deems gold a product of the devil, and they execute anyone possessing it? What do you think that would do to the price of gold?

The intrinsic properties of the material haven’t changed, but the value has decreased because the market has effectively been destroyed. Alternatively, what if a magic machine could create gold out of thin air, or if space mining discovered an asteroid with a thousand times the gold on Earth? You have beliefs about how gold is perceived, its supply function, and its long-term durability. Why are those beliefs solid? Because gold has been used and valued for over 5,000 years.

The temporal component of its stability has endured, leading to a cultural perception of its value reinforced at many levels. Blockchains, as social artifacts, are no different. You believe blockchains are valuable because they work as intended, and you believe that because you have evidence of long-term operations. Bitcoin has run for 16 years, and Cardano has run for eight years. It works until it doesn’t.

The question is, is it self-healing? Can it overcome issues, or does the whole system fall apart? If the system is self-healing, you believe it has high integrity. It works a tank, drives a tank, and even when it gets stalled, it finds a way to keep moving. If the system has good restitution and risk management, even when a disaster happens, there’s money available to fix it, and the victims are compensated.

When you put all these components together, you have a high-integrity system. Then you can climb the ladder from early adopters to institutions and the general public, eventually reaching high-assurance activities. Once you achieve that, society can be placed on a blockchain, and society can gain all those benefits. Every time one of these incidents happens, it’s a teachable moment for us as an ecosystem to improve the state of affairs. We go back to first principles and ask, is the dry code working for us?

The answer is no, because an incident occurred that caused a significant problem. We have to fix that. Then we ask, do we have an early detection system that we’re satisfied with? The answer is no. This means that next year, we need to build a proper canary network and improve fragmented systems to create a unified solution that everyone can use.

Are we happy with our ability to communicate with key leaders and stakeholders in the ecosystem, like bridges, exchanges, DeFi, and wallets? No. We need to invest in building a pub-sub protocol to get this unstuck and remove people from power who are trying to prevent this from getting into the network. It’s catastrophic that we don’t have it. It would make multisig easier, for example.

It would facilitate communication between your stake pool operator and you, as well as between your DREP and you. It’s absurd in 2025 that this has been stalled by the egos of a few. Then, are we satisfied with our fixing process? There are two sides to it. Once we put things back together, is it done in a way that preserves integrity?

The other side is, do we have a dispute resolution system? The answer is no. Do we have a risk management system, an insurance pool? The answer is no. Do we have a restitution system?

The answer is no. Do we have a conception of user intention? Not yet, but we’re building in that direction. 2026 is going to be a vibrant and active year. It gives us the ability, because we’re performing surgery, to really improve the state of dry code and also build in a direction where we can have a canary network and start capturing user intention.

That’s why nested transactions are so important to me. When you look at Babel fees, it’s the very first example of a protocol-level intention system. If I can start building that, I can create a language for intention that’s relatively unambiguous. Then we can compare the transactions that happen to user intention and gather much better statistics, especially on the canary side, about what’s going on. The constitution is successful; it’s a single source of truth.

We have tenants, which is why I can unambiguously say that when that attacker submitted that transaction, they broke the constitution of the system. The code did not define the intended use; our constitution does. That person broke the law. They tampered with a piece of public infrastructure, and we have an unambiguous example of that. It was severe enough to cause economic harm to people, reaching the magnitude of criminality.

In the requisite jurisdictions, they can deal with that. Cardano doesn’t have to handle that dispute resolution; it lives strictly in the cleanup mode of economic harm and who pays. It can be nobody, it can be the treasury, it can be an insurance pool, or it can be the attacker to the victims through an off-chain arbitration process through law enforcement if they believe in restorative justice. All these things are immaterial to today’s conversation, but they all feed into a broader concept of integrity, which organically creates real-world adoption. You can’t fake this.

You can’t pretend to have it. It’s equivalent to going around painting bars of lead and claiming they’re gold. It might weigh like gold, but the minute you look at it, you realize it’s not the real thing; it’s fake gold. You cannot fake integrity. Either you have it or you don’t.

It’s ultimately a temporal and subjective thing, derived from lived experiences, the relationship between wet code and dry code, and the amount of redundancies and checks and balances. Here’s the simplest possible example, and the vast majority of you listening have had to make this choice. Here’s you and here’s a door. That door has a probability of two events: you go through it, and there’s a non-zero probability that as a result, you die. We don’t know what that probability is, but the probability of life is pretty simple.

It’s one minus the probability of death. Whatever that probability of death is, that’s your probability of life. So the question is, would you go through that door? When you first hear this, most people say they would never go through a door if there’s a chance of dying. But you all have.

Here’s why: you go right through that door into the airport terminal, allowing you to connect to the plane. The only reason you’re willing to do that is that you believe the probability of death is low. Why do you believe that? Because for the past hundred years, everyone has been working hard to improve the integrity of that system. In other words, we want the probability of death to decline.

It will never be zero, but you go through that door because you believe it’s very small, and everyone is invested in making it smaller year by year. You wouldn’t go through that door if the probability of death was 25% or 50%. You’d find another way to do things. That’s the ultimate mental model of integrity. You do something, and there’s a life condition and a death condition.

I’ll give you another example; it’s even simpler. You probably did it today. You get in a car. When you get into that car, there’s a probability of death and a probability of life. It might be small or high, but you’d be pretty angry if the design of cars, public infrastructure, and the quality of drivers meant that the probability of death was very high or increasing year by year instead of decreasing.

So, are cars a high-integrity system? They’re lower integrity because there are many more deaths than in airplanes. Are airplanes high-integrity systems? For the most part, yes, but they still fall out of the sky and kill people. When you look at something that runs your society, it has to have that same probability of life concept.

It’s earned through a combination of algorithms, technology, redundancies, social processes, and a layering of concepts like prevention, detection, and resolution, as well as risk management. When you put all those components together, including collections of rewards and punishments, you have integrity preservation inside the system. So, where is Cardano today? We’re still a high-integrity system. The fact that we recovered from something like this without having to go to the worst-case scenario is a testament to the incredible engineering of many people.

I believe in those people, and I think they’ve done a phenomenal job. However, we’re at a checkpoint where, as we look to 2026, we must recognize that there are things we must do internally and externally to improve the integrity of the system. We need to start building out a much better corpus on the wet code side, focusing on social processes and risk management. We also need to develop additional technologies on the dry code side to speed things up and improve coordination. Externally, we must do better at marketing.

This comes back down to the same point repeatedly because none of this matters if people simply lie. Going back to the airplane example, what if every time a plane crashes, there’s a dedicated group of people who spend weeks replaying that crash and telling everyone that it will happen every time you board an airplane? We had this with the Hindenburg incident. Zeppelins were not fundamentally unsafe, and there were many improvements that could have been made. If we had continued to evolve them, they might have become a viable form of transportation, especially transatlantic.

However, because everyone saw the Hindenburg disaster, it completely destroyed the perception of that technology. There’s a distinction between perception and reality, which is why integrity is a subjective process. All these things we do are objective inputs into a subjective perception. Who is accountable for improving that subjective perception? If no one is there, the integrity we’ve built doesn’t matter; it’s like Betamax—no one will use it.

In 2026, we also have to be better at addressing this. That’s why we worked hard on the one-pager with Intersect and put effort into postmortems and other initiatives. However, you’ll already see people flooding Twitter, claiming that Cardano was brought down by a vibe coder and that the network completely failed, resulting in everyone losing their money. But don’t worry; nobody uses it, so it’s okay. That’s the narrative being spread.

It’s frustrating and terrible, but that’s the subjective experience of many other ecosystems. So, who are the ambassadors to engage with them? Last night, I went into an XRP space and shared the facts with them. They were excited about our recovery and expressed admiration. Anatoly, to his credit, praised what happened and acknowledged that Cardano did something great.

Who is doing that for us with Solana, Avalanche, and Aptos? That’s a fundamental social question because none of this other stuff matters if you don’t address that too. You have to do both, and that’s an important budget item for 2026 that we need to discuss, along with important delegated authority to ensure it gets done. This will help us improve the subjective reality because we know how to improve the objective. Thank you, everyone.

Cheers.