The Web3 Security Podcast

When the Interchain Foundation acquired Skip Protocol in 2024, Cosmos Labs inherited a 200-chain ecosystem with no commercial strategy and a massive security backlog. Barry Plunkett, co-CEO, explains how they systematically tested three strategic pivots in six months, killed two based on hard metrics, and found enterprise product-market fit by following "accidental traction" signals they'd initially ignored.
First pivot: ZK-based IBC bridging to Ethereum paired with Skip Go's interop API. They timeboxed three months to the Babylon Bitcoin LST launch as a forcing function. Volume data post-launch killed the thesis—existing bridges were "pretty good" and marginal improvements don't create ecosystem momentum. Second pivot: position Cosmos Hub as a unified deployment platform for seamless multi-chain experiences. Direct enterprise outreach revealed Base and Solana's network effects created insurmountable BD cost disadvantages for a smaller ecosystem. The breakthrough: Fortune 500 companies and governments kept reaching out for help with Cosmos infrastructure pilots they'd started internally. That inbound signal became the strategy.
 
The security approach reflects the same first-principles methodology. Kevin, former head of security at Optimism who led Bedrock releases, implemented a policy: engineering managers receive HackerOne reports directly with no security intermediary layer. If you wrote the code and the bug was missed, you own the fix immediately—no backlog accumulation. For protocol-level changes, the team mandates line-by-line PR review sessions where code authors walk the full engineering team through every change. This catches critical vulnerabilities before external audits and prevents tribal knowledge from siloing. They coordinate patches monthly on the second Tuesday (Microsoft's schedule) after learning ad-hoc "patch when found" approaches burned out validator operators managing infrastructure across dozens of chains.
 
Topics discussed:
Timeboxing strategic experiments to three months with quantitative kill criteria before resource commitment
Following inbound enterprise signals over predetermined theses when accidental traction contradicts core assumptions
Mandatory line-by-line PR walkthrough sessions with full engineering teams before protocol-level releases
Monthly coordinated patch schedule (second Tuesday) preventing validator operator fatigue across multi-chain infrastructure
Direct bug bounty report routing to code authors eliminating security intermediary layers and backlog accumulation
Engineering manager accountability for immediate fix implementation rather than sprint planning security debt
Graduating experimental modules through staged test environment deployments before long-term support commitment
Analyzing why standalone IBC interoperability and Hub-native deployment strategies failed against established L1 network effects
Standardized component interfaces (ABCI between Comet/SDK, IBC cross-chain) enabling parallel experimentation across 200-chain ecosystem
Tokenization thesis: bringing cost of holding and moving money to zero creates financial services "Internet moment"

Maker's core accounting contract—the vat—has remained immutable for six years while processing tens of billions in TVL. Centrifuge is proving this isn't legacy thinking; it's the only approach that survives institutional custody requirements where protocol upgrades introduce unacceptable counterparty risk.
Jeroen Offerijns, CTO of Centrifuge, explains why their $750M TVL RWA protocol runs 6-7 serial audits rather than parallel reviews on a final commit hash. The goal isn't redundant coverage—it's forcing architectural iteration between audits. Low-severity findings don't get dismissed; they trigger contract redesigns before issues compound. This matters when tokenizing Apollo's private credit or S&P 500 funds, where a single exploit permanently destroys institutional trust.
The technical implementation diverges from standard DeFi patterns at every layer. Centrifuge co-authored ERC-7540 with competitor Maple Finance because RWA settlement requires multi-day cycles for off-chain broker execution and NAV updates—atomic swaps don't exist here. Their cross-chain security uses multiple bridge providers simultaneously; vulnerability requires compromising all providers. Invariant testing with Echidna and Medusa surfaces chained rounding manipulations that exceed human auditors' ability to reason through state permutations across multi-step transactions.
Topics discussed:
Serial audit methodology: using findings to force architectural iteration rather than validating final code
Maker's immutable core pattern: isolating accounting logic in never-upgraded contracts with modular extensions
ERC-7540 co-authorship with Maple Finance: standardizing asynchronous operations for multi-day RWA settlement
Multi-bridge redundancy: requiring simultaneous compromise of all interoperability providers
Invariant testing with Echidna/Medusa via Recon: catching chained exploit patterns beyond human reasoning
Low-severity findings as architectural signals: redesigning contracts before issues compound
AI auditing integration: per-commit security validation reallocating human auditors to protocol-specific vectors
DRWA architecture: separating regulated fund custody from permissionless yield token access
Centrifuge V3.1 as freely immutable infrastructure: enabling third-party RWA protocols to avoid rebuilding primitives
Rejecting upgradeable proxies: modular contract design for institutional custody requirements

Safe's smart account infrastructure secures $60B+ in TVL while handling over $1 trillion in cumulative transaction volume. Co-founder, Richard Meissner reveals how Safe is rebuilding its collaboration layer from scratch—replacing centralized transaction services with encrypted on-chain queues while preparing smart accounts for post-quantum cryptography through deterministic deployment standards.
Topics discussed:
Safe Harbor's permissionless transaction queue migrating from contract storage to event-based and blob storage to reduce costs while maintaining consensus-layer availability guarantees
Validator network architecture in frictionless queues performing spam protection and integrity checks on encrypted payloads before paymaster-sponsored on-chain submission
Asymmetric encryption implementation using shared keys among Safe signers to hide transaction intent, with blob storage providing shorter data availability windows than permanent contract storage
ERC-7955's elimination of nonce-dependent deployment attacks by publicly exposing factory private keys through EIP-7702, preventing address spoofing exploits that caused historical fund losses
Four-layer security methodology: audits during development, dual auditors from different firms at release, formal verification with Runtime Verification and Certora, and $1M+ bug bounties during phased rollouts
Phased production deployment strategy starting with foundation Safes as front runners for months before prompting user upgrades to new contract versions
Smart account migration pathways for post-quantum algorithms using passkey implementations (non-native curve support) as proof-of-concept for lattice-based signature schemes
Organizational structure separating Safe Labs' enterprise custody focus from Research team's permissionless protocol development to balance adoption velocity with decentralization roadmap
 

Sebastian Bürgel's modified Lighthouse client can map any Ethereum validator's public key to their IP address by collecting attestation signatures and tracking their network origin points. Once mapped, attackers can launch precisely-timed DDoS attacks during that validator's block production slot, forcing them offline and redirecting their MEV opportunities to the next validator in sequence.
This network-layer exploit operates entirely outside the smart contract security model that most teams focus on, yet threatens the economic assumptions underlying Ethereum's consensus mechanism. As VP of Technology at Gnosis and founder of HOPR's privacy infrastructure, Sebastian demonstrates how current validator security practices leave billions in staking rewards vulnerable to sophisticated attackers who understand beacon chain networking patterns.
Topics discussed:
Beacon chain attestation harvesting methodology for linking validator pubkeys to IP addresses
Economic incentives for validator sniping attacks during high-value MEV block production windows
Modified Lighthouse client architecture for systematic data collection across validator networks
Network-layer security gaps that smart contract audits cannot identify or prevent
Browser-native ENS resolution bypassing centralized DNS infrastructure for DApp frontends
Multi-signature deployment verification preventing single-developer compromise of production applications
Full-stack security evaluation expanding beyond smart contracts to deployment infrastructure
Incentivized mixnet packet transformation architecture versus Tor's basic relay routing

When you discover someone who found a way to decrypt every WhatsApp message through symmetric key reuse, then later designed Coinbase's ETH staking architecture that has never experienced a slashing event, you're looking at a rare breed of security engineer who bridges the exploit and defense mindsets perfectly.
Anto Joseph, Principal Security Engineer at Eigen Labs, walks through his unconventional path from exploiting Need for Speed CD keys in fourth grade to architecting some of crypto's most critical infrastructure. His work spans Intel's hardware security for retinal laser displays, Tinder's location privacy systems handling millions of users, and the 14-page security design document he authored for Coinbase's ETH staking as his first crypto project.
Now at Eigen Layer, Anto's three-person security team protects $23 billion in assets while pioneering cryptographic verification systems that could fundamentally change how bug bounties work. His approach to using AI agents for security research, including getting Devin to solve real exploit scenarios in 8 hours, offers a glimpse into how automated security testing will evolve in Web3.
Topics discussed:
WhatsApp vulnerability: symmetric key reuse across all installations
Tinder's 1-mile grid snapping preventing triangulation attacks
Coinbase ETH staking architecture achieving zero slashing events
Month-long fuzzing campaign on AWS for Base launch
Economic security through programmable slashing and redistribution logic
zKTLS proofs eliminating human verification in bug bounties
Risk Zero proof system for atomic testnet-to-mainnet bounty claims
Reinforcement learning approaches for Web3 vulnerability discovery

What happens when you're responsible for $70 billion in user funds and every code change requires approval from hundreds of token holders? Ernesto Boado discovered that managing AAVE's security feels identical whether it's $10 million or $70 billion at stake—the key is abstract thinking that prevents paralysis while maintaining rigorous procedures.
As co-founder of BGD Labs and former CTO of Aave, Ernesto reveals how they've kept the world's largest DeFi protocol secure through systematic auditor evaluation, strategic upgrade decisions, and a hands-on approach to security research relationships. His contrarian take on bug bounties and practical insights into decentralized governance offer a blueprint for scaling security in the trillion-dollar DeFi ecosystem.
Topics Discussed
 
Systematic auditor evaluation introducing "wildcard" security firms rather than relying on traditional "big three" vendors to avoid dependency and test new partnerships.
Psychological scaling approach where $70 billion TVL feels identical to $10 million in development decision-making to prevent analysis paralysis while maintaining security rigor.
Security researcher relationship building through consistent code engagement over multiple submissions and honest bounty evaluation rather than adversarial dynamics.
Decentralized upgrade governance requiring documentation clear enough for unfamiliar auditors to understand, using explanation clarity as the ultimate readiness test.
Development tooling evolution from Truffle/Remix in 2018 to Foundry adoption in 2022, reflecting DeFi's maturation from experimental to production-ready infrastructure.
Strategic formal verification approach targeting specific system components while avoiding generalized application that delivers diminishing security investment returns.
Contrarian perspective on bug bounty programs as currently broken due to adversarial relationships between security researchers and protocol teams.
AI impact predictions for systematic vulnerability detection and improved documentation while recognizing limitations in finding complex multi-component exploits.

What happens when a veteran Web2 security executive turns multisig ceremony coordinator at Polygon? The result: a crash course in how Web3 security demands both old-school fundamentals and bleeding-edge vigilance in protecting billions of dollars locked on-chain.
Christopher von Hessert, VP of Security at Polygon, reveals how traditional security expertise from companies like IBM and ServiceNow translates into defending against everything from North Korean IT workers to AI-generated phishing campaigns. His journey from managing ServiceNow's global security team to orchestrating multisig upgrades from Amsterdam studios highlights the evolving demands of Web3 security leadership.
But von Hessert doesn't just protect protocols—he challenges the ethics driving the security research community. His perspective on white hat incentives, the ransomware-like behavior of some "ethical" hackers, and why the industry needs more than smart contract expertise creates a provocative framework for understanding Web3 security culture.
Topics discussed:
Building Web3 security careers through Web2 fundamentals like red teaming, threat modeling, and offensive security rather than just smart contract auditing.
Implementing 13-step multisig verification processes at Polygon to prevent payload manipulation and ensure transaction integrity across upgrade ceremonies.
Identifying North Korean IT workers through interview patterns and behavioral analysis while balancing ethical concerns about legitimate remote workers.
Challenging the "hack first, negotiate later" mentality in white hat security research as essentially ransomware behavior disguised as ethical hacking.
Managing security priorities across Polygon's POS bridge containing billions in user funds versus newer Ag Layer interoperability protocols.
Defending against AI-powered attack vectors including automated phishing campaigns and deepfake video calls targeting multisig signers.
Scaling security expertise beyond smart contracts to cover consensus algorithms, client software, and core blockchain infrastructure vulnerabilities.
Establishing threat modeling frameworks that assume employee compromise and build defense-in-depth strategies for multisig operations.
Balancing traditional Web2 security concerns like endpoint protection and phishing training with Web3-specific risks like private key management.
Predicting the evolution of Web3 security toward secure-by-default tooling similar to how cloud platforms eliminated common Web2 vulnerabilities.

Fredrik Svantes evolved from hunting World of Warcraft gold farmers to securing Ethereum's trillion-dollar ecosystem as the foundation's Security Research Lead. Running the world's oldest blockchain bug bounty program while spearheading initiatives to make Ethereum safe for both billion-user adoption and institutional trillion-dollar deployments, he offers rare insights into the security challenges of protecting critical infrastructure at unprecedented scale.
His contrarian stance on replacing reactive blacklists with protocol-level whitelists, combined with hard-won lessons from coordinating the merge and subsequent upgrades, reveals how Ethereum balances decentralization with protection. From managing AI spam in bug reports to designing crowdsourced audit competitions, Fredrik's approach shows how to secure systems when traditional methods simply don't scale.
 
Topics discussed:
$2 million audit competitions mobilizing hundreds of researchers across 10+ client implementations in different programming languages.
Filtering AI-generated vulnerability spam in bug bounty programs using staking requirements and pattern recognition techniques.
Trillion-dollar security initiative metrics: billion people holding $1,000 safely vs institutions deploying trillion-dollar smart contracts.
Hard fork security procedures with assigned team roles following the Holesly testnet configuration incident.
Protocol-level whitelists replacing reactive blacklists to eliminate entire vulnerability categories proactively.
Reducing Ethereum Foundation dependencies through ecosystem-sponsored security programs across multiple entities.
UX as Web3's critical weakness requiring iOS-level polish with guardrails that maintain decentralization principles.