RedStone is onboard—but where are Newton’s responsibility brake pads?
On June 23, the day Newton’s mainnet Beta launched, RedStone’s price feeds were formally connected to its strategy execution layer. “RedStone price feeds become the data backbone for market- and risk-related conditions inside Newton's policy engine” — the official announcement sounds beautiful. I read this sentence three times in a row, and a chill ran down my spine. RedStone isn’t an amulet; it’s just another trust assumption@NewtonProtocol What is RedStone? It’s a modular oracle providing services across more than 100 chains, claiming “zero incorrect pricing events.” Sounds professional. But the issue is that being professional doesn’t mean it can’t be attacked.$NEWT
When I read the whitepaper by $NEWT , my back suddenly went cold.
Most AI computation is carried out on off-chain servers, while on-chain only validates the results. The project design document clearly states: “Newton Protocol is designed around three core components: Newton Model Registry, Newton Keystore, and Automation Intents”.
But what really tightened my stomach was the oracle layer. AI trading and cross-chain arbitrage all rely on external price oracles to obtain market data. If an oracle is attacked and the price is tampered with, the AI will automatically execute incorrect trades, causing users’ assets to be directly drained.
This isn’t a hypothetical risk. The 2025 PolyMarket oracle manipulation case is a vivid example—one whale manipulated UMA’s oracle voting mechanism, casting a total of about 5 million UMA tokens to force the incorrect result “the mining contract has been signed” through the determination process, leading to losses of roughly $7 million to users of the bets pool. Even more ironic, PolyMarket’s official response said it was “not caused by a system technical fault,” refusing to refund affected users.
And there’s more. Oracle attacks are becoming even more dangerous than traditional smart contract vulnerabilities. In early 2026, an AI trading agent had its oracle data source polluted, siphoning $45 million out of a DeFi protocol within 15 minutes. By Q1 2026, the number of on-chain daily active AI agents exceeded 250,000, up over 400%. Yet 68% of newly integrated DeFi protocols’ AI agents have clear flaws in data source verification.
AI agents execute faster than human intervention limits. Once the oracle price is falsified, the AI completes the entire process—from erroneous trades to asset transfers—within minutes. And in the @NewtonProtocol whitepaper, I couldn’t find any explicit definition of who is responsible for the losses—operator? developer? protocol? Or the users themselves?
If an oracle is forged, the AI automatically makes mistakes, users’ assets get drained, but nobody takes responsibility. I’ve seen this scam too many times—the whitepaper dares to write anything, while the accountability clause is always missing. #newt
$M It’s already up 4x from the bottom, and the charges haven’t gone negative yet. I just don’t believe the big players won’t smash the price in one wave and trigger more buy orders, and that the final destination for the altcoins is zero.
“‘TEE is trusted’”—the sentence itself is the biggest trust assumption
“Newton combines Trusted Execution Environments and Zero-Knowledge Proofs to create a verifiable automation layer.” @NewtonProtocol In the white paper, that sentence—I’ve read it five times over. What is TEE? It’s a secure enclave inside the CPU, isolated from the operating system. Intel calls it SGX; AMD calls it SEV-SNP. The white paper tells you: code runs in here, nobody can tamper with it, nobody can snoop on it. Sounds fortressed. But a chill ran down my spine.#Newt TEE.Fail: Less than $1,000 to pierce the “trusted” exterior In October 2025, a research team from Georgia Tech and Purdue University disclosed the TEE.Fail attack. They spent under $1,000 on off-the-shelf equipment, plugged it between the CPU and memory, and successfully stole encryption keys from Intel SGX, Intel TDX, and AMD SEV-SNP—then even forged remote authentication proofs.
When I was reading @NewtonProtocol ’s architecture documentation, my stomach tightened.
“Newton Protocol is designed around three core components: Newton Model Registry, Newton Keystore, and Automation Intents” —the whitepaper’s blueprint is impressively comprehensive, welding together the TEE trusted execution environment, ZKP zero-knowledge proofs, AI agent-chain computation, and cross-chain authorization logic.
But what chills me is this: the TEE is an off-chain black box.
Once a TEE server is compromised and its contents are tampered with, the off-chain AI computation can be falsified while the on-chain ZKP verification can’t detect it at all. A 2025 NDSS Symposium academic paper analyzed 29 TEE-based blockchain schemes and found that the three production-level networks—Ten, Phala, and Secret Network—have clone-attack vulnerabilities. Attackers can clone TEE instances, making it impossible for users to distinguish whether a response came from a legitimate state.
Even more painful is the trust model of the TEE itself. Bitget’s analysis is blunt: while TEE chips (such as Intel SGX) provide hardware-level isolation, “vulnerable or unavailable TEE nodes will break AI models and expose sensitive data.” TEE is stateless; it relies on the host’s data storage, making it highly susceptible to rollback attacks.
If the TEE server is hacked and the off-chain AI agent goes rogue, the on-chain ZKP verification still can’t see a thing.
What about the bonded collateral? If an AI agent’s wrongdoing causes user losses, the staked $NEWT is simply nowhere near enough to compensate. Gate’s assessment report also mentions that the protocol covers a complex technical stack and multi-layer architecture—complete deployment and stable operation face challenges. Responsibility assignment is ambiguous—does it fall on the TEE hardware vendor? The node operator? Or a flaw in the protocol itself?
The idea of welding TEE + ZKP + AI agents together is certainly bold. But when the off-chain black box is pierced, everything falls apart—and the on-chain ZKP is left in the dark. With insufficient collateral and unclear liability, this is a playbook I’ve seen far too many times. #newt
Six Contracts, Six Fault Lines: Potential Flashpoints in Newton Smart Contracts
$NEWT The white paper describes it beautifully: “Newton Protocol features a comprehensive smart contract system covering agent registration, permission management, staking, and dispute resolution.” I’ve read this sentence over and over four times. The second-layer contracts, the staking contracts, the agent registry contracts, the zkPermission contracts, the forfeiture contracts, and the governance contracts—six modules nested within each other. For every additional contract, the attack surface grows by another layer. When the code logic upgrades from “transferring funds” to “AI agent verification and execution,” the impact of vulnerabilities is no longer just losing coins—it’s the collapse of the entire trust mechanism.
When I reviewed the contract architecture of @NewtonProtocol , the back of my neck suddenly went cold.
In Gatepedia’s risk assessment, it says: “The protocol covers a complex technical stack and multi-layer architecture; complete deployment and stable operation face technical challenges.” But what truly tightened my gut wasn’t the sentence itself—it was the contract scale hidden behind it.
Layer-2 contracts, staking contracts, proxy registry contracts, permission zk-Permission contracts, slashing contracts, governance contracts—this entire codebase is enormous, and the logic is deeply nested. Just taking each module out on its own would keep an audit team busy for months; now they have to be welded together.
What unsettled me even more was the logic behind staking and slashing. Validators need to stake $NEWT to participate in network consensus. Any malicious behavior could result in the staked assets being slashed. Proxy operators also need to stake NEWT as a performance bond, and service default similarly carries the risk of slashing.
On paper, it sounds reasonable, right? But for a multi-contract system involving Layer-2 Rollup, TEE hardware authentication, ZK permission verification, cross-chain authorization, and slashing settlement—if any piece of code has a vulnerability, the outcome is hacker attacks: stealing staked NEWT, treasury tokens, and users’ assets.
For a protocol that hasn’t been fully deployed yet, the larger the codebase and the deeper the nested logic, the wider the potential attack surface. The whitepaper depicts everything in a very complete way, but contract vulnerabilities are never written in the whitepaper—they’re only recorded in hackers’ transaction logs.
Do you trust the architecture diagram, or do you trust the code audit report? #newt
When I was flipping through $NEWT ’s architecture documents, a chill ran down my spine.
In Binance Research’s report it says: “The Newton Protocol is designed around three core components: Newton Model Registry, Newton Keystore, and Automation Intents”. “Layer2 Rollup + zero-knowledge proofs + a trusted execution environment (TEE) + AI agent chain-in computations”—the whitepaper presents a blueprint that welds these four modules together very comprehensively, but the implementation difficulty makes my heart tighten. Each individual one is already a system-engineering challenge; now all of them have to be packed into a single protocol.
The proving cost overhead for ZKPs is a well-known pain point. Gate’s evaluation report is blunt: “The protocol covers a complex technical stack and multi-layer architecture; full deployment and stable operation face technical challenges.”
Layer-2 scaling with Rollups requires handling data availability and fraud proofs. The ZKP verification computation itself also requires expensive on-chain resources—an academic paper from 2025 estimates that for ZK-Rollup, the per-batch verification cost ranges from 760,000 to 996,000 Gas, which is roughly $50 to $66. And this is only the cost of a single verification. TEEs rely on hardware attestation. Since 2017, Intel SGX has been repeatedly breached by Prime+Probe, Spectre variants, Plundervolt injection, and LVI attacks; by 2022, Intel simply removed SGX support in its 11th/12th gen Core CPUs. AI agent chain-in computation also has to deal with cross-chain authorization and triggering logic. @NewtonProtocol
The idea of welding Rollup, ZKP, TEE, and AI agents together is bold. But if one link goes wrong, the entire trust chain breaks. For a protocol that hasn’t even launched a mainnet and testnet yet, the higher the complexity of the technical stack, the greater the risk of delays, reversals, and debugging troubles. #Newt
The whitepaper dares to say everything, but the codebase may not have moved for half a year. Do you trust the architecture diagrams, or do you trust the mainnet?
ZKP+TEE+Rollup: Newton’s most sexy narrative—and also the most dangerous gamble
The NEWT whitepaper puts it beautifully: "Newton combines Trusted Execution Environments and Zero-Knowledge Proofs to create a verifiable automation layer." I read this sentence three times. When you cram Rollup scalability, ZKP verification, TEE trusted hardware, AI agent-chain computation, and cross-chain authorization logic all into a single protocol, the technical complexity isn’t addition—it’s multiplication. ZK circuits must be correct, TEE hardware must have no backdoors, AI model behavior must be predictable, and cross-chain messages must not be tampered with—every additional trust assumption this system makes reduces overall reliability by an order of magnitude.
When I was reading the x402 upgrade document for @OpenGradient , one design detail made me stop.
Pre-funded accounts — “pre-funded accounts”: users first top up OPG into an on-chain account, and each inference deducts from the balance, avoiding the hassle of signing every single transaction. Sounds pretty reasonable, right?
But after finishing the technical details, I found that this mechanism essentially only “mitigates” settlement risk, rather than “eliminates” it.
First, let’s see how it works. A user initiates an inference request, and the server responds with 402 Payment Required, including an amount and a payment ID. After the user signs, the inference is executed, and the cost is settled on the Base. The advantage of pre-funded accounts is that you don’t have to sign every time, saving Gas and making the experience smooth. But the key point is — the account balance is funded by the user themselves, and the deduction happens after the inference execution.
This means: the node does the work first, then gets paid.
So the problem is this. A malicious free-rider user could simply pre-fund a small amount of OPG as a show of good faith, wait until the inference result is obtained, and then transfer the balance away before settlement is completed. In the document, I didn’t see any hard requirement for a minimum account balance, any rule for real-time freezing of funds, or any description of penalties for defaulting. A pre-funded account with no minimum balance requirement, deductions occurring after service delivery, and no penalties for free-riding — it’s basically the same as a restaurant that says, “eat first, pay later.” The difference here is that no one stops you from not paying.
The project’s technical architecture states: “payment is settled after inference execution.” Since settlement happens after execution, that time window is long enough for a user with questionable motives to withdraw the assets.
The project only promotes how pre-funded accounts can “reduce friction,” while sidestepping a core question: how likely is it that nodes won’t get paid? If this free-rider risk can’t be fundamentally eliminated, then in the long run, the stability of compute supply will be questioned. If nodes can’t earn money, why would they stay in the network?
How long can a settlement mechanism that shifts bad-debt risk onto the nodes last? I don’t know whether the project team has accounted for this on the books. #opg $OPG
I have a habit: whenever I see a project talk about “decentralized AI,” I go dig into the underlying stack to see whose models it actually runs.
After reading the documentation for @OpenGradient , I went silent. The docs spell it out plainly: “Inference nodes are stateless worker nodes that...provide secure access to external model providers like Anthropic or OpenAI.”
In plain language: your inference request goes into a TEE, gets encrypted, forwarded, the result is returned, and then it’s signed and recorded on-chain. The workflow adds layers of cryptography—but the model itself is still Anthropic and OpenAI doing the running.
The more I look, the more something feels off.
The “black box” issue really hasn’t been solved. What I verified is that “the TEE forwards the request correctly,” not “why the model produced this particular result.” TEE attestation only proves the code ran inside the enclave; it doesn’t prove the model logic itself has been audited. ZKML can indeed provide mathematical proofs, but the design docs themselves admit the overhead is 1,000 to 10,000 times—suggesting it be used only in “high-value scenarios,” like DeFi settlement and financial scoring. By default, LLM inference goes through TEE.
The single-point dependency risk is also very real. In the model list supported by the SDK are GPT-4.1, Claude 3.7 Sonnet, Gemini 2.5 Pro, Grok 3—everything is from big vendors’ APIs. I checked: every time the project officially announces support for a new model, it implicitly means you’re becoming dependent on another API provider. If OpenAI issues rate limits tomorrow, or if Anthropic cuts off access—like it did with Windsurf—then even a TEE can’t get around it. A TEE can prove your request wasn’t tampered with, but it can’t prove that the API provider will still let you use it tomorrow.
They hang “decentralization” on their mouth, but at the bottom they outsource the most core inference capability to centralized API providers. TEE can encrypt transmission, but it can’t encrypt away dependencies on third-party APIs. I’ve seen this playbook way too many times—just a different shell. #opg $OPG
I have a habit: whenever a project mentions “asynchronous verification,” I go look up “what to do when verification fails.”
The core of HACA’s architecture for @OpenGradient is “produce the result first, then do on-chain verification.” The inference node runs the model and returns results in milliseconds. The TEE generates a hardware-backed attestation proof, which is then asynchronously submitted to the full nodes for verification. Once the result is obtained, the position is opened, and the transaction is executed—then the verification node says, “there’s something wrong with this proof.”
So what then? I scoured OpenGradient’s official design documents but couldn’t find the answer.
The documentation details how the TEE node checks the PCR values during registration, how the proof is submitted to full nodes for verification, and it even admits that “asynchronous settlement implies a temporary trust gap.” But it doesn’t have a section explaining how to handle it after verification fails when the result has already been returned to the user. Technically, this isn’t an omission. Because TEE verification is only about “the code ran inside the enclave,” while the verification node confirms the validity of the signature—not whether the result itself is correct. What TEE and ZKML proofs verify is that “the code was executed,” not that “the result is correct.” If the result is wrong, the proof still passes without a fuss.
The OpenGradient team markets “result first, verification later” as a performance advantage, yet leaves the messy fallout after verification failure for users to handle themselves. I need to figure out that cost before deciding whether to use it. #opg $OPG
I have a habit: whenever I see a project claim “cryptography that can be verified,” I dig into what exactly it’s verifying.
The architecture document for @OpenGradient is refreshingly honest: it puts LLM inference requests into AWS Nitro Enclaves, relying on authentication documents generated by Nitro as “hardware endorsement.” What users are verifying is AWS’s signature—not the model’s mathematical correctness. Research in academia on Nitro Enclaves also makes it clear: Nitro’s security model is built on the assumption of “trusting AWS infrastructure,” with AWS holding control over the underlying hardware and software. You’ve swapped trust from OpenAI to AWS, and cryptography is merely giving that hardware trust a costume.
What about ZKML? After ZKPyTorch converts Llama-3 into a ZK circuit, generating a proof for a single token takes 150 seconds. 150 seconds per token—yet large-model inference often involves hundreds of tokens. Running this approach commercially for large models is still not realistic.
Even the OpenGradient project team admits this. The design document states plainly: the overhead of ZKML is 1,000 to 10,000 times, and it’s recommended only for “high-value scenarios,” such as DeFi liquidations and financial scoring. Most developers will still go with TEE and the Vanilla mode. A protocol that puts ZKML on the marquee and uses TEE as the main engine—its so-called “decentralized trust”—still ultimately rests on an AWS hardware guarantee. I’ve seen this playbook too many times. It’s just a different shell. #opg $OPG
I have a habit: whenever a project says “the token has value backed by supply,” I go check exactly how its supply flows.
$OPG Total supply is 1 billion tokens, and at TGE the amount that can actually circulate is only 190 million. The remaining 81% is locked in various pools. Core contributors get 15%, while investors and advisors get 10%. Both groups must first lock for 12 months, followed by linear release over the next 36 months. After the lockup period ends, 25% of the tokens become a constant “tap” of ongoing supply. What concerns me even more is the 40% allocated to the ecosystem fund: at TGE only 10% is released, while the remaining 90% is unlocked slowly over 60 months. Every time the team announces a new partnership, what may be happening behind the scenes is that they are using OPG as the settlement currency.@OpenGradient
Next is value capture. OPG’s core use case is paying AI inference fees, but the AI inference market is driven by pricing. Centralized APIs have already been competed down to the cost limit. Decentralized solutions have to fund both inference nodes and verification nodes—two sets of costs. If the price is high, users won’t run it; if the price is low, the nodes won’t earn enough. I looked around but couldn’t find any description of a deflationary mechanism such as revenue buybacks or token burns.
Then there’s staking yield. 10% of the tokens are allocated to staking rewards, released linearly over 96 months. Those 100 million OPG tokens are already included in the total supply; they just haven’t been released yet. Every staking reward token you receive corresponds to an additional circulating token created in the market—not “you made money,” but “you were allocated a share of newly minted supply.” If inference-fee revenue can’t support staking yields, then once the subsidy pool hits zero, the yield will drop off a cliff.
Put these three things together: ongoing mid-term supply inflows, token demand depends on price competition, and staking yields are sustained by new tokens. Before I decide how to place my bets, I need to do the math first.#opg
I saw project @OpenGradient talk about “high performance + verifiability,” and I went to dig into how it actually resolves this apparent contradiction.
Traditional blockchains can’t handle AI for a simple reason: every validating node has to re-run every transaction. Transfers can work, but ask one hundred nodes to each run a 70B-parameter LLM independently—the cost becomes 100x, and the results still won’t match.
OpenGradient’s HACA architecture takes a different approach—splitting execution and verification into two independent timelines.
Inference nodes run the model and return results to users in seconds. Meanwhile, a TEE generates hardware-backed attestation proofs, or a ZKML generates mathematical proofs, which are submitted asynchronously for full nodes to verify. Verifying a single proof on full nodes only takes milliseconds, regardless of whether the underlying inference took 50ms or 5 seconds. This is what “Web2-level response speed + blockchain-level trust” really means—not making the blockchain faster, but making the blockchain not have to run the model.
OpenGradient’s node responsibilities are also carefully designed. Inference nodes use GPUs; full nodes only verify proofs and never run the model. Data nodes fetch external information inside the TEE. Model files and large ZKML proof artifacts live on Walrus, while the chain stores only reference IDs. This keeps the on-chain footprint lightweight and full-node requirements low enough.
Compatibility hasn’t been left behind either. It’s built on Cosmos SDK + CometBFT, providing second-level finality and Byzantine Fault Tolerance. It’s fully compatible with EVM—Hardhat, Foundry, and MetaMask work directly. Solidity contracts can even directly call AI inference natively in the future via precompiles.
By separating AI execution from verification—making the fast parts fast, and putting the slow parts on-chain slowly for attestation—OpenGradient’s design is indeed internally consistent on technical grounds. The rest is whether, once the mainnet is running, real-world data will line up with the theory. #opg $OPG .
I've got this habit where whenever I see a project like @OpenGradient claiming 'cryptographic verifiability', I dive into the costs of that verification.
OpenGradient's ZKML solution is technically sound, but the cost left me gasping. Their official docs lay it out clearly: the overhead of ZKML is 1000 to 10000 times that of regular inference. A cost of ten thousand times—what would normally take 1 millisecond now takes 10 seconds with ZKML. And that's not all. The EZKL library that ZKML relies on only supports ONNX opset versions 9 to 18. If your model uses newer operators, you either downgrade or switch solutions—many developers skip ZKML to keep things simple.
So here’s the dilemma: the project offers three verification modes—ZKML, TEE, and Vanilla. ZKML is too slow, Vanilla has no verification, so we’re left with TEE. TEE essentially relies on AWS hardware backing, and I've already discussed that risk—OpenGradient keeps shouting 'verifiable', yet most developers might still end up taking the TEE route.
Now, let's look at the async design of the HACA architecture. The inference node runs the model first, returns results to the user in seconds, and then the proof is verified asynchronously on-chain. You get your results, open your position, make your trade—then the verification node says, 'that result is off'. Malicious nodes can easily exploit that time window to return incorrect results and escape. OpenGradient's official docs say 'full node verification proof, no need to re-execute calculations'—but that’s exactly the issue: you're verifying the proof itself, not whether the result is correct. For high-frequency trading or DeFi liquidations, a few seconds of verification delay could mean tens of thousands of dollars.
Writing ZKML into the whitepaper as a selling point, treating TEE as the actual heavy lifter, and using an async structure to pass the verification risk onto users—after all this, how much weight do the words 'verifiable' really carry? #opg $OPG
I've got this habit: whenever I see a project claiming 'hardware-level trust', I dig into what happens if that trust collapses.
The validation layer of @OpenGradient is pretty interesting—it runs all LLM inference requests inside AWS Nitro Enclaves. When TEE nodes register, the smart contract verifies the AWS Nitro certification documents to ensure that the PCR values match the approved hash stored on-chain. But here's the kicker: you're just shifting trust from OpenAI to AWS.
The security of TEE has a 'track record'. Since 2017, Intel SGX has been penetrated by Prime+Probe, Spectre variants, Plundervolt injections, and LVI attacks. By 2022, Intel just cut SGX support from their 11th and 12th gen Core processors. AWS Nitro is better than SGX architecture, but the 'vendor dependency' issue is just as critical. If AWS has a vulnerability, the trust chain of Nitro will also break.
There's another underrated blind spot with TEE: it can only prove that the code runs in a secure enclave; it can't prove that the code itself is free of bugs. OpenGradient checks PCR values when registering TEE to ensure that the 'approved version' of the code is what's running in the enclave. But if that version has a logical flaw—like missing a step in settlement logic or having a backdoor in access control—TEE will still sign off. It only proves 'the code was executed', not 'the actions taken by the code are correct'.
What makes me even more uneasy is the academic research coming at the end of 2024—researchers analyzed 29 TEE blockchain solutions and found existing anti-fork mechanisms had cloning attack vulnerabilities, affecting three production-grade networks: Ten, Phala, and Secret Network. The 'marriage' of TEE and blockchain is far from as solid as advertised. If TEE gets compromised, not only could inference results be manipulated, but users' private prompts could also be directly exposed. TEE does bring efficiency, but handing over the entire trust foundation to hardware vendors and security chips—with their historical track records—this is something I need to weigh up before deciding whether to use it or not. #opg $OPG
I have this habit of checking out projects that claim 'differentiated competitive barriers' to see how they really stack up against their peers.
@OpenGradient positions itself as a 'verifiable AI computation layer'. Over 2,000 models, more than 2 million inferences, and $9.5 million in funding—the numbers look good. But the issue is, the same lane is already crowded. Bittensor's miner and validator architecture covers model training and quality assessment, while Akash has made real revenue in the decentralized cloud computing field—by Q1 2026, Akash's computing power consumption hit a new high of $5 million, providing low-cost GPU rentals for AI companies. Render ties rendering power demand directly to token value through its Burn-and-Mint mechanism. Each of these three has a clear first-mover advantage, and it’s becoming more pronounced.
Is the 'verifiable' angle that OpenGradient is pushing really that technically challenging? The hybrid verification architecture of ZKML and TEE is indeed innovative, but the proof generation costs of ZKML are 1,000 to 10,000 times that of regular inference, while TEE fundamentally relies on centralized hardware backing like AWS Nitro. AWS has integrated this setup into SageMaker, which is basically just adding a TEE and accounting module. Centralized cloud providers can replicate this functionality without building the network from scratch; they just need to slap an 'auditable' label on the hardware layer.
What really unsettles me is the ecosystem aspect. The project claims 2 million users and 2 million inferences, which sounds impressive, but I can’t find any public data on user retention rates or conversion rates. If key partner applications start to drop—like active developers on Model Hub leaving—will the inference volume and $OPG consumption take a nosedive together? The scarcity of ecosystem applications means that network value is almost tied to just a few key partners. The only definite feedback loop I can see is the storage layer from Walrus and cross-chain settlement from Nuffle, but whether the demand-side gears are actually turning remains unclear.
Under this double pressure, OpenGradient's narrative does show differentiation, but its competitors have been digging their moats for years while it’s still trying to knock on a door of a market that hasn’t fully opened using the 'verifiable' card. #opg
I've got a habit of checking out projects that claim to have 'millions of users' and diving into what these users are actually doing with it.
@OpenGradient 's public data is indeed impressive—hosting over 2,000 models, processing over 2 million inferences, and serving 2 million users. a16z and Coinbase Ventures have pumped in $9.5 million, and the team hails from Google and Palantir. But what really made me pause is another question: who are these 2 million users?
I scoured all the public info on OpenGradient but couldn't find any independent data on user demographics, use cases, or retention rates. The project's Model Hub integrates over 100 developers' models, but that 2 million user figure—comparable to the population of a medium-sized country—lacks any concrete application scenarios to back it up. Is financial risk control validating the inferences? Are DeFi protocols auditing AI decisions? Or is an AI agent settling on-chain? No answers.
What concerns me more is the demand itself. The vast majority of people calling on AI only care about whether the results are accurate, fast, and cheap. Who’s going to audit the cryptographic proof of every inference? Only a handful of high-value scenarios—like smart contracts involving asset custody or financial institutions needing compliance audits—have that kind of demand. How big is this market? No one can say for sure. Right now, the 2 million inferences seen haven’t disclosed which apps, scenarios, or whether users are continuously engaging.
Saying '2 million users' and '2 million inferences' in funding pitches sounds impressive, but if they don't disclose who these users are, what they're using, or how long they've been using it, that number is just like 'download counts'—looks good, but doesn't indicate anything substantial. #opg $OPG
I have a habit of checking where the yield from staking projects really comes from.
The tokenomics for $OPG is crystal clear: total supply of 1 billion tokens, with 10%—that’s 100 million—allocated specifically for staking rewards, to be released linearly over 96 months. The project team sliced a piece of the pie from the total supply, serving up a small chunk each month to stakers. There are indeed returns, but they aren't generated from the protocol's earnings; they come from tokens that were pre-locked in the pool.
These 100 million OPG tokens were already part of the total supply; they just haven’t been released yet. Each staking reward you receive corresponds to an additional circulating token on the market—this isn’t “making money,” it’s “getting a share of newly printed tokens.” @OpenGradient
96 months is a long stretch, almost eight years. But the key question is: can the protocol replace these incentives with its own revenue during this period? If the transaction fee income isn’t enough to support attractive staking yields, once the subsidy pool runs dry, the staking yield will plummet. At that point, the project team will either have to keep minting more tokens (further diluting existing holders), or stakers will collectively exit.
They package staking rewards as “passive income,” but hide the real costs in the 96-month release curve. I need to do the math on this before deciding whether to stake or not. #opg