Ripcord watches your DeFi positions for pre-exploit signals — a malicious proxy upgrade, an admin-key handoff — and auto-withdraws to your own wallet before the attacker's transaction clears.
session key scope: withdraw → owner · nothing else · revocable · one signature
ARM A POSITIONPULL IN CASE OF EXPLOITArming installs a session key on your own smart account, scoped by your account's validator — not by our promises. The key can call exactly one thing: withdraw your position, to your address.
A fully compromised Ripcord could, at worst, exit you early. It can never redirect, swap, or hold your funds. Revoke on-chain any time; the key also expires on its own.
Every protocol is scored on two axes — AI exploitation now, quantum key exposure later — weighted by the value actually at risk.
60 PROTOCOLS · EVM + SOLANA · CONTINUOUSThe guardian subscribes to the signals that precede a drain: proxy upgrades, admin handoffs, governance downgrades, mempool anomalies. Timelock-approved upgrades are recognized and suppressed.
EIP-1967 EVENTS · MEMPOOL · RE-PROBESOn a real attack signal, the exit is simulated, signed with the scoped session key, and submitted on the priority path. Funds land in your wallet — nowhere else.
SIMULATE → SIGN → INCLUDE · GASLESS PATHAutonomous models find and weaponize contract zero-days at machine speed. Human reaction time is no longer part of the defense. This axis scores how exposed a protocol is today.
Shor's algorithm breaks the signatures guarding admin and upgrade keys. On address-is-pubkey chains those keys have been exposed since genesis. This axis scores who falls first.
Detect → simulate → sign → include is a multi-hop sprint against the attacker's transaction. Ripcord wins when the exploit leaves a window. It loses when there isn't one. We won't pretend otherwise.