The Web3 Security Podcast

TheWeb3SecurityPodcast

The Web3 Security Podcast explores the discipline of Web3 security through conversations with leaders at prominent crypto and Web3 companies. Each episode delivers practical insights into security philosophies, strategic approaches, and vendor evaluation processes. Our guests share hard-earned lessons from the field, without revealing sensitive implementation details or vulnerabilities. We dive deep into the thinking behind security decisions, the challenges of protecting decentralized systems, and the strategies that actually work. Whether you're a CTO, security leader, or technical decision-maker, you'll walk away with concrete insights to strengthen your security posture.

  1. Sky's zero-finding audit framework: Six-month onboarding and process investigation | Deniz Yilmaz

    4 DE FEV.

    Sky's zero-finding audit framework: Six-month onboarding and process investigation | Deniz Yilmaz

    When Sky's audits return serious issues, they don't just fix bugs and ship—they pull the brake and investigate what failed in their internal review process. Deniz Yilmaz, CTO of Sky Frontier Foundation, walks through the defensive layers behind USDS (third-largest stablecoin globally): six-month engineer onboarding requirements, spellcrafting governance with mandatory execution delays, and a protocol security team dedicated to codifying the implicit knowledge that keeps audit reports clean. Topics discussed: Treating audit findings as internal process failures requiring investigation, not just bug fixes Six-month mandatory onboarding periods before engineers can modify spellcrafting code Pre-audit internal review standards achieving consistent zero-finding results across multiple audit firms Spellcrafting governance requiring bi-weekly token holder votes and execution delays for all protocol changes LLM auditing integration delivering PR-level feedback before code reaches internal review Mandatory OPSEC certification with domain hash verification testing for multisig signers Protocol security workstreams codifying senior engineer practices into transferable frameworks Auditor selection prioritizing codebase-specific experience over firm reputation Subdao security enforcement maintaining core standards across autonomous entities with independent economics Game theory-based development considering internal actor exploitation during code design

    1h5min
  2. Web3 Security Podcast: DC Builder, Research Engineer at World Foundation

    27 DE JAN.

    Web3 Security Podcast: DC Builder, Research Engineer at World Foundation

    World Foundation's proof of personhood system defended against an iris spoofing attack where users verified multiple times by pairing their left eye with someone else's right eye—exploiting uniqueness checks that operated on eye pairs rather than individuals. DC Builder, Research Engineer at World Foundation, explains the multimodal defense they deployed: continuous 3D heat mapping, time-of-flight sensors, anomaly detection models trained on contact lens datasets across manufacturers, and checks for glasses that alter iris patterns. This represents one attack surface in a system protecting 38 million verified humans. World became Nvidia's largest security partner for Jetson NX embedded chips, filing more CVSS reports than any other customer after discovering edge cases from production deployment that Nvidia's internal teams hadn't encountered. DC's current focus: building Proofkit, a Noir backend optimized for client-side ZK proving on constrained mobile devices, because the 99th percentile of World's users operate phones with minimal memory and CPU headroom. The technical architecture spans layers most Web3 teams never touch. Trusted execution environments and secure enclaves depend on vendor supply chains. Private keys etched into Orbs during manufacturing get destroyed after provisioning. Groth16 proofs require trusted setups from both PSE and World's own ceremony. Multiparty computation encrypts iris codes, but compromise would expose biometric-derived data. Open-source firmware on ejectable SD cards enables independent verification against GitHub repos—an auditability model DC walks through in detail. Topics discussed: Iris spoofing via eye permutation attacks: left-eye/right-eye combinations bypassing uniqueness checks Multimodal biometric defense: 3D heat mapping, time-of-flight sensors, contact lens detection across manufacturers Filing majority of Nvidia Jetson NX CVSS reports through production edge cases undiscovered internally Building Proofkit: Noir backend optimized for ZK proving on memory-constrained Android devices at 99th percentile Formal verification pipeline: automatic GNARC-to-Lean circuit extraction developed with RayLabs Groth16 trusted setup dependencies: PSE ceremony plus World's own setup and associated compromise risks MPC protocol security: encrypted iris codes and what exposure means for biometric-derived sensitive data Hardware auditability: ejectable SD cards enabling firmware verification against open-source repositories Supply chain trust model: secure enclave vendors, TEE implementations, manufacturing key provisioning Attack surface inventory: hardware TEEs, Linux-based custom OS, biometric ML pipelines, MPC protocols, ZK circuits

    1h9min
  3. How Solana achieved 2 years uptime after launching with $3M | Matt Sorg (Solana Foundation)

    14 DE JAN.

    How Solana achieved 2 years uptime after launching with $3M | Matt Sorg (Solana Foundation)

    When Solana dropped to $8 during FTX, Matt Sorg watched Twitter erupt while his validator network stayed focused on the technical roadmap. The VP of Technology at Solana Foundation had built something that would prove more valuable than hype: a technically aligned community shipping performance improvements on a quarterly cadence. Matt explains why Solana's early instability wasn't architectural it was financial constraint forcing impossible tradeoffs. Spring 2018's dead ICO market meant launching with roughly $2-3 million versus the hundreds of millions typical L1s raise today. The choice: ship with tech debt or die waiting for perfect code. They shipped, survived the resulting instability crisis, and spent the next several years systematically eliminating every bottleneck through what Matt calls "mindful engineering." The maturity shows in the security infrastructure. Four independent audit firms review every Anza code release. Continuous fuzzing catches performance regressions. Firedancer's launch as a second client enables differential testing that's becoming the de facto Solana specification. The result: approaching two years of continuous uptime with upgrades shipping every three months. But the real technical leap is what's coming: Alpenglow consensus enabling 40% validator failure tolerance, multiple concurrent leaders eliminating MEV by removing block building monopolies, and local inclusion certificates delivering Web2 speed feedback before global consensus. Topics discussed: Launching mainnet spring 2018 with $2-3M in dead ICO market versus modern $100M+ L1 funding Systematic tech debt elimination through bottleneck analysis achieving nearly two years uptime Four independent audit firms plus continuous fuzzing reviewing every Anza release Firedancer second client enabling differential testing becoming canonical Solana specification Alpenglow consensus mechanism allowing 40% validator failure versus standard 33% Byzantine tolerance Multiple concurrent leaders requiring only one honest leader among eight for inclusion guarantees Local inclusion certificates providing Web2 speed feedback before global consensus finalization 800+ profitable validators independently reviewing GitHub releases on bare metal versus cloud VMs Savvy validator recruitment through performance focused mission attracting talent that only operates on Solana AI powered social engineering replacing technical exploits as dominant app layer attack vector Applications over engineering financial components before product market fit validation Non financial primitives like points enabling faster iteration without security overhead

    1h7min
  4. Coinbase's auditing standards with Shashank Agrawal

    18/11/2025

    Coinbase's auditing standards with Shashank Agrawal

    Coinbase's security process protecting over $7 billion in TVL rejects the single-audit model common in DeFi. Shashank Agrawal, Senior Engineering Manager, Protocol Security at Coinbase, explains their multi-round validation approach: internal security teams (separated from product engineering) audit first, then external firms audit, and rounds continue until external auditors surface only lows and informationals—never highs or criticals. This stopping rule creates a quality bar where internal audits must catch everything significant before external validation. For the Base bridge specifically, this meant independent OP Stack security validation despite Optimism's existing audit work, driven by the "absolutely zero room for error" standard when contracts hold substantial user funds. Their approach treats external auditors as verification layers rather than primary discovery mechanisms.   Topics discussed: Multi-round audit methodology continuing until external firms find zero high-severity or critical issues Internal security team structure operating independently from product engineering before external validation Base bridge security requiring custom OP Stack validation independent of Optimism's audit coverage In-house MPC library development using professor-reviewed specs bridging research papers to production implementation Tabletop war gaming exercises simulating worst-case chain scenarios with security, engineering, legal, and compliance teams Free Hexagate monitoring partnership providing base-layer protocol coverage for Base ecosystem builders Security hiring process using live code audits at different complexity levels for senior (level 5) versus staff (level 6) positions Off-chain infrastructure security: key management and transaction signing treated as equal priority to smart contract auditing AI smart contract auditing tools showing current production limitations in determinism and false positive rates Incident response planning where monitoring systems and alert workflows prioritize minute-by-minute decision speed

    1h4min
  5. Ethereum Foundation's path to 10,000 TPS and Bitcoin's 51% attack risk | Justin Drake

    05/11/2025

    Ethereum Foundation's path to 10,000 TPS and Bitcoin's 51% attack risk | Justin Drake

    Justin Drake reveals Ethereum's infrastructure path to 1 gigagas per second—equivalent to 10,000 TPS and 10x Solana's current user transaction throughput—while operating validators on consumer hardware. As researcher on Ethereum Foundation's protocol architecture team, he details how ZK-EVM proof systems will eliminate the validator bottleneck within six years, enabling state verification on Raspberry Pis while scaling capacity 500x through annual 3x gas limit increases. The technical requirements are crystallizing rapidly. Real-time proving now achieves sub-12 second latencies (one Ethereum slot) with under 10kW power consumption—accessible in standard home electrical systems rather than data center infrastructure. Drake frames this as critical for the 1-of-N security assumption: with ~100 global data centers, N remains dangerously low; with 10kW proving available to thousands of locations with electric vehicle charging capacity, the liveness guarantee becomes credible even under coordinated government pressure. But Drake's most contrarian insight targets Bitcoin's deteriorating security model. With ~$2 trillion secured by ~$10 billion in mining infrastructure, Bitcoin's 200x security ratio approaches economic attack viability. The calculation is stark: $10B buys sufficient mining hardware and infrastructure, while perpetual futures markets offer $35B in aggregate short positions. An attacker with $25B capital can short $15B notional, deploy $10B in mining equipment, and profit from price collapse—particularly as BitVM bridges concentrate billions in optimistically-verified TVL vulnerable to 7-day censorship attacks. Each halving doubles this vulnerability in the absence of meaningful fee markets. Topics discussed: ZK-EVM proving infrastructure achieving real-time sub-12 second proof generation within 10kW power envelopes for on-premises deployment Ethereum scaling roadmap targeting 500x throughput increase via 3x annual gas limit growth reaching 1 gigagas/second by 2031 Prover-killer mitigation through EIP-focused opcode repricing and 16M gas per-transaction limits enabling mandatory proof requirements Client diversity strategy deploying 3-of-5 ZK-EVM verification systems preventing consensus failures from soundness bugs Bitcoin's 200x security ratio creating profitable 51% attack scenarios as $10B mining costs meet $35B perpetual short markets Post-quantum migration requiring 80% consensus layer rewrite using hash-based signature aggregation by 2028-2029 Formal verification programs leveraging Lean4 framework and AI-assisted proving for end-to-end cryptographic system validation Economic security optimization demonstrating 50% stake cap sufficiency while reducing issuance costs 10x through real yield focus Inclusion lists preserving censorship resistance during high-throughput epochs without sophisticated validator participation requirements Privacy wormholes enabling L1 transaction unlinkability through formally verified proof-of-burn systems Lean Ethereum bundling 2-4 second slots, sub-three-slot finality, and attested-proposer separation with quantum-resistant cryptography

    1h24min
  6. Cosmos Labs' 3 pivots in 6 months: Timeboxing experiments to find PMF | Barry Plunkett

    21/10/2025

    Cosmos Labs' 3 pivots in 6 months: Timeboxing experiments to find PMF | Barry Plunkett

    When the Interchain Foundation acquired Skip Protocol in 2024, Cosmos Labs inherited a 200-chain ecosystem with no commercial strategy and a massive security backlog. Barry Plunkett, co-CEO, explains how they systematically tested three strategic pivots in six months, killed two based on hard metrics, and found enterprise product-market fit by following "accidental traction" signals they'd initially ignored. First pivot: ZK-based IBC bridging to Ethereum paired with Skip Go's interop API. They timeboxed three months to the Babylon Bitcoin LST launch as a forcing function. Volume data post-launch killed the thesis—existing bridges were "pretty good" and marginal improvements don't create ecosystem momentum. Second pivot: position Cosmos Hub as a unified deployment platform for seamless multi-chain experiences. Direct enterprise outreach revealed Base and Solana's network effects created insurmountable BD cost disadvantages for a smaller ecosystem. The breakthrough: Fortune 500 companies and governments kept reaching out for help with Cosmos infrastructure pilots they'd started internally. That inbound signal became the strategy.   The security approach reflects the same first-principles methodology. Kevin, former head of security at Optimism who led Bedrock releases, implemented a policy: engineering managers receive HackerOne reports directly with no security intermediary layer. If you wrote the code and the bug was missed, you own the fix immediately—no backlog accumulation. For protocol-level changes, the team mandates line-by-line PR review sessions where code authors walk the full engineering team through every change. This catches critical vulnerabilities before external audits and prevents tribal knowledge from siloing. They coordinate patches monthly on the second Tuesday (Microsoft's schedule) after learning ad-hoc "patch when found" approaches burned out validator operators managing infrastructure across dozens of chains.   Topics discussed: Timeboxing strategic experiments to three months with quantitative kill criteria before resource commitment Following inbound enterprise signals over predetermined theses when accidental traction contradicts core assumptions Mandatory line-by-line PR walkthrough sessions with full engineering teams before protocol-level releases Monthly coordinated patch schedule (second Tuesday) preventing validator operator fatigue across multi-chain infrastructure Direct bug bounty report routing to code authors eliminating security intermediary layers and backlog accumulation Engineering manager accountability for immediate fix implementation rather than sprint planning security debt Graduating experimental modules through staged test environment deployments before long-term support commitment Analyzing why standalone IBC interoperability and Hub-native deployment strategies failed against established L1 network effects Standardized component interfaces (ABCI between Comet/SDK, IBC cross-chain) enabling parallel experimentation across 200-chain ecosystem Tokenization thesis: bringing cost of holding and moving money to zero creates financial services "Internet moment"

    1h14min
  7. Centrifuge's serial audits: 6 security reviews that reshaped RWA architecture | Jeroen Offerijns

    14/10/2025

    Centrifuge's serial audits: 6 security reviews that reshaped RWA architecture | Jeroen Offerijns

    Maker's core accounting contract—the vat—has remained immutable for six years while processing tens of billions in TVL. Centrifuge is proving this isn't legacy thinking; it's the only approach that survives institutional custody requirements where protocol upgrades introduce unacceptable counterparty risk. Jeroen Offerijns, CTO of Centrifuge, explains why their $750M TVL RWA protocol runs 6-7 serial audits rather than parallel reviews on a final commit hash. The goal isn't redundant coverage—it's forcing architectural iteration between audits. Low-severity findings don't get dismissed; they trigger contract redesigns before issues compound. This matters when tokenizing Apollo's private credit or S&P 500 funds, where a single exploit permanently destroys institutional trust. The technical implementation diverges from standard DeFi patterns at every layer. Centrifuge co-authored ERC-7540 with competitor Maple Finance because RWA settlement requires multi-day cycles for off-chain broker execution and NAV updates—atomic swaps don't exist here. Their cross-chain security uses multiple bridge providers simultaneously; vulnerability requires compromising all providers. Invariant testing with Echidna and Medusa surfaces chained rounding manipulations that exceed human auditors' ability to reason through state permutations across multi-step transactions. Topics discussed: Serial audit methodology: using findings to force architectural iteration rather than validating final code Maker's immutable core pattern: isolating accounting logic in never-upgraded contracts with modular extensions ERC-7540 co-authorship with Maple Finance: standardizing asynchronous operations for multi-day RWA settlement Multi-bridge redundancy: requiring simultaneous compromise of all interoperability providers Invariant testing with Echidna/Medusa via Recon: catching chained exploit patterns beyond human reasoning Low-severity findings as architectural signals: redesigning contracts before issues compound AI auditing integration: per-commit security validation reallocating human auditors to protocol-specific vectors DRWA architecture: separating regulated fund custody from permissionless yield token access Centrifuge V3.1 as freely immutable infrastructure: enabling third-party RWA protocols to avoid rebuilding primitives Rejecting upgradeable proxies: modular contract design for institutional custody requirements

    1h5min
  8. Safe's $60B security stack: Formal verification, audits, and $1M bounties | Richard Meissner

    08/10/2025

    Safe's $60B security stack: Formal verification, audits, and $1M bounties | Richard Meissner

    Safe's smart account infrastructure secures $60B+ in TVL while handling over $1 trillion in cumulative transaction volume. Co-founder, Richard Meissner reveals how Safe is rebuilding its collaboration layer from scratch—replacing centralized transaction services with encrypted on-chain queues while preparing smart accounts for post-quantum cryptography through deterministic deployment standards. Topics discussed: Safe Harbor's permissionless transaction queue migrating from contract storage to event-based and blob storage to reduce costs while maintaining consensus-layer availability guarantees Validator network architecture in frictionless queues performing spam protection and integrity checks on encrypted payloads before paymaster-sponsored on-chain submission Asymmetric encryption implementation using shared keys among Safe signers to hide transaction intent, with blob storage providing shorter data availability windows than permanent contract storage ERC-7955's elimination of nonce-dependent deployment attacks by publicly exposing factory private keys through EIP-7702, preventing address spoofing exploits that caused historical fund losses Four-layer security methodology: audits during development, dual auditors from different firms at release, formal verification with Runtime Verification and Certora, and $1M+ bug bounties during phased rollouts Phased production deployment strategy starting with foundation Safes as front runners for months before prompting user upgrades to new contract versions Smart account migration pathways for post-quantum algorithms using passkey implementations (non-native curve support) as proof-of-concept for lattice-based signature schemes Organizational structure separating Safe Labs' enterprise custody focus from Research team's permissionless protocol development to balance adoption velocity with decentralization roadmap

    1h11min
Ver tudo (13)

Sobre

The Web3 Security Podcast explores the discipline of Web3 security through conversations with leaders at prominent crypto and Web3 companies. Each episode delivers practical insights into security philosophies, strategic approaches, and vendor evaluation processes. Our guests share hard-earned lessons from the field, without revealing sensitive implementation details or vulnerabilities. We dive deep into the thinking behind security decisions, the challenges of protecting decentralized systems, and the strategies that actually work. Whether you're a CTO, security leader, or technical decision-maker, you'll walk away with concrete insights to strengthen your security posture.

Informações

  • Criado por
    TheWeb3SecurityPodcast
  • Anos de atividade
    2025 - 2026
  • Episódios
    13
  • Classificação
    Explícito
  • Copyright
    © TheWeb3SecurityPodcast
  • Site do podcast
    The Web3 Security Podcast