.svg)
NOV 20-21, 2025 - Buenos Aires, Argentina
DeFi Security
Summit
La Rural,
Buenos Aires, Argentina
Buenos Aires, Argentina
Smart Contract Security
.avif)
Bug Bounties
Web3 Security
Fuzzing
Contests
.avif)
WhiteHats
OpSec
Formal Verification
ZK
What is DSS
The DeFi Security Summit (DSS) is one of the most important global gatherings focused on the intersection of decentralized finance and cybersecurity. It's more than just a conference — it's where the future of secure Web3 infrastructure is being shaped.
Every year, DSS brings together top minds in blockchain, auditing, and security — from white-hat hackers and protocol developers to academic researchers and industry leaders. The goal? To tackle the most pressing issues in DeFi security head-on — from smart contract exploits and cross-chain vulnerabilities to governance threats and beyond.
.avif)
What is DSS
The DeFi Security Summit (DSS) is one of the most important global gatherings focused on the intersection of decentralized finance and cybersecurity. It's more than just a conference — it's where the future of secure Web3 infrastructure is being shaped.
smart contracts
DeFi stacks
cryptographers
cryptographers
Every year, DSS brings together top minds in blockchain, auditing, and security — from white-hat hackers and protocol developers to academic researchers and industry leaders. The goal? To tackle the most pressing issues in DeFi security head-on — from smart contract exploits and cross-chain vulnerabilities to governance threats and beyond.
cryptographers
threat modeling
builders
The Venue
DSS 2025 will be hosted at La Rural in Buenos Aires, Argentina — the same venue as Devconnect.
Address: Av. Sarmiento 2704, C1425 Cdad. Autónoma de Buenos Aires
Speakers
Head of DeFi Engineering at Lido
Co-Founder and CTO, Gearbox Protocol
Core Team: Solutions Engineer, Security Ops, AI R&D at Spearbit
R&D at Safe
Blockchain Security Engineer at Coinbase
Blockchain Threat Researcher, BlockThreat
Senior Blockchain Engineer at Concordium
Security Engineer at ChainSecurity
Head of Security, Celo
Security Researcher at OpenZeppelin
Founder & CEO at Olympix
Security Researcher & Triage Lead at Immunefi
Security Engineer at Vyper
Chief Blockchain Officer, Kerberus
CEO, Runtime Verification
PhD student at Yale
Principal Engineer at Fireblocks
Tech Lead at Sky
CTO, Mimic
PhD Student at KTH, Royal Institute of Technology
Head of DevRel at Chronicle Labs
Smart Contracts Lead at Balancer
Security Researcher at Certora
Sponsors
Diamond
Gold
Silver
Bronze
DSS 101
DeFi Security 101 is a one-day intensive course specifically designed for builders who wish to deepen their understanding of web3 security.
DSS 101 provides a strong foundation, equipping participants with the necessary knowledge and skills to engage effectively with DSS main conference and the broader web3 security space.
Whether you’re new to security or looking to sharpen your skills, this hands-on technical event is the perfect start to your web3 security journey.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Schedule
.svg){kind=icon}
.svg){kind=icon}
When?
NOV 20, 2025
Where?
La Rural, Buenos Aires, Argentina
Auditorium Stage
Session 1A - Core DeFi
09:30
09:00 AM
Secure Protocol Upgrades: Lido V3
Approaching protocol upgrades with security at the core: from design principles to testing and audits, the Lido V3 experience and insights for the wider DeFi ecosystem.
Speakers:
Iurii Tkachenko, Head of DeFi Engineering, Lido DAO
Duration:
20 min
09:50
09:00 AM
Permissionless Governance with Institutional-Grade Security: The Gearbox Approach
A persistent challenge in DeFi is balancing permissionlessness with security and operational flexibility. Many protocols rely on developer-controlled upgrades, proxy contracts, or centralized governance to maintain agility—leaving counterparties exposed to governance capture, key compromises, or opaque upgrade flows.
Gearbox Protocol introduces a novel governance design based on architecture provides institutions and counterparties with guarantees of safety and long-term resilience while enabling flexibility through modularity and extensibility.
Gearbox Protocol introduces a novel governance design based on architecture provides institutions and counterparties with guarantees of safety and long-term resilience while enabling flexibility through modularity and extensibility.
Speakers:
Mikael Lazarev, Co-founder and CTO, Gearbox Protocol
Duration:
20 min
10:10
09:00 AM
Sky’s Prime Security Framework: Horizontally scaling the Sky Ecosystem Through Incentive Alignment & Best Practices
Learn more about how domain experts in DeFi security, governance operations and game theoretic mechanism design are building the framework that will enable Sky’s scaling strategy to dozens of SubDAOs.
Speakers:
Deniz Yilmaz, Tech Lead, Sky
Duration:
20 min
10:30
09:00 AM
Designing DeFi Resilience: Inside Aave V4’s Security Blueprint
Explore how Aave V4 secures DeFi by design. We unpack key architectural choices, their threat models, and tradeoffs, and show how formal verification with the Certora Prover ensures resilience and reliability.
Speakers:
Dhairya Sethi, Smart Contract Engineer, Aave
Tomer Ganor, Security Research Tech Leader, Certora
Tomer Ganor, Security Research Tech Leader, Certora
Duration:
20 min
10:50
09:00 AM
From Manipulation to Mitigation: Rethinking Oracle Security in 2025
Oracles power every DeFi protocol but remain prime attack targets. This talk analyzes real-world exploits and provides actionable strategies to ensure data integrity, freshness, and resilient security for safer onchain applications.
Speakers:
Bianca Buzea, Head of DevRel, Chronicle Labs
Duration:
20 min
11:10
09:00 AM
Financial Security Risks of DeFi
TODO
Speakers:
TODO
Duration:
45 min
12:00 - 13:00 Lunch Break
Session 2A - Infrastructure
13:00
09:00 AM
Security of L1 vs L2s
TODO
Speakers:
TODO
Duration:
45 min
13:45
09:00 AM
DeFi Security Starts at the Chain Level
Security audits aren't enough. True DeFi security demands assessing risks at the chain level. Join me to explore how L2BEAT's risk framework evaluates Layer-2 chains, ensuring robust protection beyond smart contracts and protocols.
Speakers:
Maciej Zygmunt, Software Engineer, L2BEAT
Duration:
20 min
14:05
09:00 AM
Off-Chain But Not Off Radar: Securing Crypto Infrastructure Beyond Smart Contracts
Smart contract audits are the industry standard, but what about the massive node implementations and custom VMs running them? This talk will discuss practical approaches for securing critical infrastructure where traditional audit methods fall short.
Speakers:
Palina Tolmach, CTO, Runtime Verification
Duration:
20 min
14:25
09:00 AM
Solana Security - The Next Level
TBA
Speakers:
Robert Reith, CEO, Accertion
Duration:
20 min
14:45
09:00 AM
Security vs. Censorship-Resistance: Can We Optimize for Both?
The crypto community wants security and censorship resistance, but can we truly optimize for both? This talk explores the next frontier of security tools like firewalls, and the trade-offs to balance robust cybersecurity and censorship resistance.
Speakers:
Andy Beal, Co-Founder, Forta
Duration:
20 min
15:05
09:00 AM
Economic Censorship Games in Fraud Proofs
This talk considers economic censorship attacks, where an attacker censors the defender's transactions by bribing block proposers. At each step, the attacker can either censor the defender -- depleting the defender's time allowance at the cost of the bribe -- or allow the current transaction through while conserving funds for future censorship.
We analyze three game theoretic models of these dynamics and determine the challenge period length required to ensure the defender's success, as a function of the number of required protocol moves and the players' available budgets.
We analyze three game theoretic models of these dynamics and determine the challenge period length required to ensure the defender's success, as a function of the number of required protocol moves and the players' available budgets.
Speakers:
Ben Berger, Research Scientist, Offchain Labs
Duration:
20 min
15:25 - 16:25 Lightning Talks Session I
16:25
09:00 AM
AI-Powered Auditing: Hype, Reality, and the Future of Web3 Security
TODO
Speakers:
TBD
Duration:
45 min
17:10
09:00 AM
Crypto Startups Say They Take Security Seriously… But Do They?
TODO
Speakers:
TBD
Duration:
45 min
Nogal Stage
Session 1B - Compilers and VMs
9:30
09:00 AM
Solidity Optimizer Under the Hood
Solidity’s optimizer is often a black box. This talk explains what it really does under the hood, how via-IR changes the game. When to guide or override code with Yul, and how to write contracts the optimizer can truly optimize.
Speakers:
Vladimir Kumalagov, Security Researcher, OpenZeppelin
Duration:
20 min
9:50
09:00 AM
Building Crosschain Bridge across VMs
Bridges between L1 to “EVM-compatible” / “EVM-equivalent” L2 chains have their security consideration due to subtle but impactful differences such as opcodes, precompiles, gas accounting, and execution semantics, which can introduce bugs invisible to unit tests. This talk unpacks those differences with an eye toward practical engineering risks and security design.
Speakers:
Joseph Olutimehin, Blockchain Security Engineer, Coinbase
Duration:
20 min
10:10
09:00 AM
The CPIMP Backdoor: Anatomy of a Multi-Chain Proxy Attack
A deep dive into the CPIMP vulnerability—how a stealthy proxy-in-the-middle infected dozens of DeFi protocols, and how Dedaub and SEAL 911 raced to neutralize it before widespread exploitation.
Speakers:
Yannis Smaragadakis, Co-Founder, Dedaub
Duration:
20 min
10:30
09:00 AM
Differential Fuzzing of the Vyper Compiler
This talk introduces problems in compiler security. Further, it showcases a differential fuzzer of the Vyper language utilizing an AST interpreter as the correctness oracle.
Ivy, a new Vyper interpreter, executes Vyper AST in a custom EVM and enables Csmith-style semantic equivalence testing against the compiler's bytecode. AST-aware, type-safe contract generator enables wide language coverage: generate contract → execute traces → compare semantics.
Ivy, a new Vyper interpreter, executes Vyper AST in a custom EVM and enables Csmith-style semantic equivalence testing against the compiler's bytecode. AST-aware, type-safe contract generator enables wide language coverage: generate contract → execute traces → compare semantics.
Speakers:
cyberthirst, security engineer, Vyper
Duration:
20 min
Session 2B - Testing and Fuzzing
11:00
09:00 AM
Going Beyond 100% Coverage
This talk is about Logical Coverage, meaningful combinations of function calls which seems to lack words to describe them.
We'll define Coverage Classes, and from there give a structured definition and an algorithm to enumerate an over approximation of feasible Logical Combinations, with the goal of making auditors and developers know when they have actually reviewed 100% of the code.
We'll define Coverage Classes, and from there give a structured definition and an algorithm to enumerate an over approximation of feasible Logical Combinations, with the goal of making auditors and developers know when they have actually reviewed 100% of the code.
Speakers:
Alex The Entreprenerd, Founder, Recon
Duration:
20 min
11:20
09:00 AM
State of Fuzzing: Closing the Circle From Machine to Human and Back
Smart contract state spaces are massive. Coverage-guided heuristics struggle to explore them effectively. Manually guided fuzzing changed this - auditors direct testing through flows and invariants. Now, LLMs start to generate these automatically.
Speakers:
Josef Gattermayer, CEO, Ackee Blockchain Security
Duration:
20 min
11:40
09:00 AM
Smart Contracts Fuzzing: Current Problems and Proposed Solutions
Smart contract fuzzers are ineffective. I decipher the problem with 2-step approach with function selection and parameter mutations in details with some real-world examples. I then propose my ideal 3-layer solution: LLMs for semantic understanding, state-based fuzzing with mutation strategies, and GPU acceleration to facilitate discussions.
Speakers:
Andy M. Lee, Founder & CEO, Mamori
Duration:
20 min
12:00 - 13:00 Lunch Break
Session 3B - Math and ZK
13:00
09:00 AM
Understanding Math-Heavy Code
Stop treating math code as a black-box.
This talk gives a survey of the common knowledge gaps that block understanding of mathematical code, then reverse-engineers Uniswap V3's getTickAtSqrtPrice() function as an example.
This talk gives a survey of the common knowledge gaps that block understanding of mathematical code, then reverse-engineers Uniswap V3's getTickAtSqrtPrice() function as an example.
Speakers:
Jeffrey Scholz, Founder, Rareskills
Duration:
20 min
13:20
09:00 AM
Bounding Rounding Errors in Integer Maths
In this session we will explore lesser-known facts around rounding error bounds in DeFi math and how to reason about them rigorously.
An infamous example for rounding errors are ERC-4626 vaults. Hence, we dissect the ERC-4626 conversion formula that OpenZeppelin came up with in defense. We will show how this virtual liquidity works and the absolute and relative error bounds that can be observed compared to the real-valued formula.
An infamous example for rounding errors are ERC-4626 vaults. Hence, we dissect the ERC-4626 conversion formula that OpenZeppelin came up with in defense. We will show how this virtual liquidity works and the absolute and relative error bounds that can be observed compared to the real-valued formula.
Speakers:
Yanis De Busschere, Security Engineer, ChainSecurity
Duration:
20 min
13:40
09:00 AM
Bulletproof Protocol for Set/Not-Set Membership Proofs: Security and Implementation Considerations
This talk presents how the Bulletproof protocol can be extended to support set/non-set membership proofs and takes a deep dive into common implementation-level security pitfalls, including missing inputs in the Fiat–Shamir heuristic (such as the `Frozen Heart` vulnerability and the `Last Challenge` attack).
Speakers:
Doris Benda, Senior Blockchain Engineer, Concordium
Duration:
20 min
14:00
09:00 AM
RISC Zero Security Deep Dive: Architecture, Risks, and Review Methodology
What is risc0? How does it work? What do you need to look for as a security engineer reviewing risc0 code.
Speakers:
Kirk Baird, Executive Director, Sigma Prime
Duration:
20 min
Session 4B - Institutional
14:30
09:00 AM
How dApps Can Stop Money Laundering
North Korea pushed $1B of Bybit hacked funds through DeFi rails. Protocols turning a blind eye invite growing law enforcement attention. This talk presents concrete technical tools and case studies showing how disruption can actually work.
Speakers:
Julia Hardy, Co-Founder, Head of Investigations, zeroShadow
Duration:
20 min
14:50
09:00 AM
Lessons Learned After ISO27001 / SOC2 Certification: Bridging DeFi Culture and Enterprise Standards
DeFi thrives on hackathon energy, but certifications demand discipline. This talk shares 1inch’s journey through ISO27001/SOC2, the cultural clashes we faced, and how we married startup speed with enterprise rigor to achieve compliance.
Speakers:
Ilya Naryzhnyy, CIO, 1inch
Duration:
20 min
15:20 - 16:20 Lightning Talk Session II
Session 5B - Vulnerabilities
16:20
09:00 AM
Adversarial ERC-4626: How Vault-Share Manipulation Still Bypasses Listing Screens in 2025
LST/LRT wrappers, points-tokens, and restaked derivatives are exploding. ERC-4626 is the default envelope. Attack surface is bigger now than before.
Oracle teams and risk committees rely on previewDeposit/previewMint as if they were binding promises. They aren’t.
Many “checks” are unit-tests that don’t model donations, flash liquidity, or time-dependent exchange rates.
Oracle teams and risk committees rely on previewDeposit/previewMint as if they were binding promises. They aren’t.
Many “checks” are unit-tests that don’t model donations, flash liquidity, or time-dependent exchange rates.
Speakers:
0xmonsoon, Security Researcher, OpenZeppelin
Duration:
20 min
16:40
09:00 AM
Fast-tracking Security-Critical Referendas on DAOs
Current referendum mechanisms deployed on DAOs are not designed for time-critical proposals like agreeing on a security patch or updating DeFi parameters. The network or contract may be drained of all the funds before the patch is ayed by the DAO stakeholders.
This pressing issue motivates us to propose a novel referendum mechanism for DAOs with the objective of optimising the time taken to decide the outcome.
This pressing issue motivates us to propose a novel referendum mechanism for DAOs with the objective of optimising the time taken to decide the outcome.
Speakers:
Bhargav Bhatt, Researcher, Web3 Foundation
Duration:
20 min
17:00
09:00 AM
Insecurity Through Obscurity: Veiled Vulnerabilities in Closed-Source Contracts
To conceal proprietary business logic and to potentially deter attacks, many smart contracts are closed-source and employ layers of obfuscation. However, we demonstrate that such obfuscation can obscure critical vulnerabilities rather than enhance security. To systematically analyze these risks on a large scale, we present SKANF, a novel EVM bytecode analysis tool tailored for closed-source and obfuscated contracts.
Speakers:
Sen Yang, PhD Student, Yale University
Duration:
20 min
17:20
09:00 AM
Governance as an Attack Vector
Most relevant DeFi protocols today have governance in one way or another, and the lack of attention towards its security has led to more and more governance attacks over the last few years. We’re going to explore recent governance attacks and their characteristics
Speakers:
Zeugh Ion, Head of Research, Blockful.io
Duration:
20 min
17:40
09:00 AM
When One Dependency Breaks Everything: Securing the Web3 Toolchain
A single library, package, or IDE extension can undermine even well-written smart contracts. This talk shows how to triage toolchain risk fast and shares real cases from npm and VS Code that put Web3 projects at risk, with practical ways to reduce exposure.
Speakers:
Ray Orlev, Security Researcher Team Leader, Certora
Duration:
20 min
Workshop Stage
10:00
09:00 AM
The Art of Manually Guided Fuzzing
Manually Guided Fuzzing represents a paradigm shift in testing. Unlike random/property-based fuzzing, this approach puts testing back under your control, directing the process toward vulnerabilities with surgical precision.
Speakers:
Jan Kalivoda, Tech Lead, Ackee Blockchain
Duration:
60 min
11:00
09:00 AM
OpSec Fundamentals in Web3: Hands-On Tools and Recommendations for Everyday Security
Individual OpSec is vital in Web3 to counter phishing and exploits. This workshop builds awareness and explores a variety of tools/techniques as examples, such as QubesOS for isolation, DangerZone for document interactions, secure multisig handling, and more. Practice mitigations for real-world personal security.
Speakers:
Sven Igl, Security Researcher, Sherlock
Duration:
60 min
12:00 - 13:00 Lunch Break
13:00
09:00 AM
Formal Verification of Uniswap v4 Hooks
In this talk you will learn the basics of formal verification and how to apply this to Uniswap hooks. We will show how we can formally model the Uniswap v4 infrastructure, particularly the PoolManager, to find bugs in the interaction between the hook and the pool and protect against unexpected attack vectors.
Speakers:
Jochen Hoenicke, Formal Verification Researcher, Certora
Duration:
60 min
14:00
09:00 AM
What We Talk About When We Talk About DeFi in Europe
As the EU’s MiCA regulation begins to bite, questions of liability, governance and security in DeFi are no longer theoretical. This workshop probes how legal risk attaches to code—through smart contract design, MEV dynamics, and decentralised architecture.
Speakers:
Vyara Savova, Policy Strategist, EUCI
Duration:
60 min
15:00
09:00 AM
Streamlining Security Audits with AuditHub
Security audits are complex and obscure processes that involve many critical decisions. AuditHub streamlines audits by introducing transparency and automation. The result? Efficient and better documented security audits for analysts and developers.
Speakers:
Kostas Ferles, CTO, Veridise
Duration:
60 min
16:00
09:00 AM
Demystifying MPC for coSNARKs: How to Collaboratively Prove Sumthing
We present Sumthing, a toy SNARK protocol designed to illustrate how multiple parties can collaboratively generate a proof of knowledge using MPC. With worked-out Sumcheck-based examples, we demystify MPC's role in coSNARKs and verifiable outsourced computation.
Speakers:
Vesselin Velichkov, ZK Cryptography Researcher, OpenZeppelin
Duration:
60 min
17:00
09:00 AM
Security Agents, Not Alerts: A New Metalanguage for Live Threat Detection in DeFi
Build real-time monitoring agents that catch rugpulls, hacks, and invariant violations as they happen. This workshop introduces a novel metalanguage for expressing protocol logic and generating relational queries over live blockchain data with zero delay.
Speakers:
Sifis Lagouvardos, Dedaub
Duration:
60 min
.png)
Coming Soon!
Our detailed agenda is being finalized. Leave your email below and we’ll notify you as soon as the schedule goes live.
Oops! Something went wrong while submitting the form.
When?
NOV 21, 2025
Where?
La Rural, Buenos Aires, Argentina
Auditorium Stage
Session 6A - Incident Response
9:30
09:00 AM
Real-Time War Rooms: Building Proactive DeFi Security Operations Centers
We’ve moved from “you up” – SamczSun to researchers running their own detections. Most security stops post-audit & launch, meanwhile protocol devs feel if they get hacked, their users will report it for them on Twitter. This talk aims to flip the script from reactive to proactive detection, citing past exploit examples & sharing actionable learnings.
Speakers:
Samridh Saluja, Founder/CEO, Guardrail
Duration:
20 min
9:50
09:00 AM
Building the War Room Before the War: Proactive Incident Response for DeFi Protocols
Learn how DeFi teams can structure war rooms, minimize fund loss during active exploits, and turn chaos into coordination. A deep dive into incident response strategies based on the real exploits.
Speakers:
Uladzislau Yarashuk, Security Auditor, Consensys DiIligence
Duration:
20 min
10:10
09:00 AM
Dealing With a Hundred Million Dollar Live Vulnerability
What do you do when you get a seemingly valid whitehat report during a Friday evening?
What do you do when the bug is confirmed, it affects 100M+ in user funds, and governance has limited options to control the affected contracts?
What do you do when the bug is confirmed, it affects 100M+ in user funds, and governance has limited options to control the affected contracts?
Speakers:
Juan Ignacio Ubeira, Smart Contracts Lead, Balancer
Duration:
20 min
10:30
09:00 AM
Layered Defense at Work: Story of the Protocol Upgrade Saved by the Last Security Measure in the Toolbox
It's one thing to know that "no amount of prep makes the code 100% safe" and another to see it play out in practice. This is the story of a big release employing an extra-layered approach to security: how the team spent months in preparation and hundreds of thousands of dollars on security measures and was saved from the mainnet vulnerability with a bug bounty report —and how that's a good thing.
Speakers:
Kate Zueva, DAO Operations Lead
Duration:
20 min
10:50
09:00 AM
Storage Proofs Done Wrong: a Case Study
A critical vulnerability was discovered in an open-source library for MPT proof verification, which was used by a few large protocols to operate on L2s.
Millions of user funds were at risk, but it was patched before it could be exploited.
Millions of user funds were at risk, but it was patched before it could be exploited.
Speakers:
Elia Anzuoni, Smart Contract Auditor, ChainSecurity
Duration:
20 min
11:10
09:00 AM
War Room Chronicles: Stories, Scars, and Survival
TODO
Speakers:
TODO
Duration:
45 min
12:00 - 13:00 Lunch Break
Session 7A - Core Security I
13:00
09:00 AM
Future of Smart Contract Security: Neither Smart Nor Secure?
TODO
Speakers:
TODO
Duration:
45 min
13:45
09:00 AM
Ethereum: Trillion Dollar Security
Ethereum aims to upgrade its already leading security to "Trillion Dollar Security" - an ecosystem capable of safely securing trillions in value onchain for individuals, institutions, and governments. This talk shares key updates and insights.
Speakers:
Fredrik Svantes, Protocol Security Lead, Ethereum Foundation
Duration:
20 min
14:05
09:00 AM
The State of DeFi Security - 2025
Returning for a third year, this session delivers a compact, data driven overview of the current state of DeFi security, highlighting how attackers are adapting and how defenders must respond. The session concludes with a look ahead at countermeasures, tools, and incident response practices DeFi teams will need to stay ahead of tomorrow’s threats.
Speakers:
Peter Kacherginsky, Blockchain Threat Researcher, BlockThreat
Duration:
20 min
14:25
09:00 AM
Moving Access Control Away From Smart Contracts' Code
The industry standard today is to hardwire the access control policy directly into the code of the smart contracts. I will present an alternative to avoid this, making *deployed* access control rules easily observable (and auditable).
Speakers:
Guillermo Narvaja, Co-founder CTO, Ensuro
Duration:
20 min
14:45
09:00 AM
Full Web3 Security Stack - A Blue Team Perspective
See how Kiln is pushing the security standards for its validators on 50+ protocols (+$10b AUS, 5% of ETH staked), 4 smart contract protocols (+$3.5b TVL), 3 dApps and APIs used by the best wallets. A unique blue team full stack web3 security perspective.
Speakers:
Loïc TITREN, Senior Blockchain Security Engineer, Kiln
Duration:
20 min
15:05
09:00 AM
Ethereum Forks And Their Impact On Smart Contract Security
Ethereum's regular hard forks often introduce changes that fundamentally
alter smart contract security assumptions and functionality. This talk examines the key EIPs in the recent and upcoming hard forks and their implications on smart contracts. Understanding Ethereum's trajectory is crucial for both developers and security researchers to build resilient applications that can maintain security guarantees across protocol changes
alter smart contract security assumptions and functionality. This talk examines the key EIPs in the recent and upcoming hard forks and their implications on smart contracts. Understanding Ethereum's trajectory is crucial for both developers and security researchers to build resilient applications that can maintain security guarantees across protocol changes
Speakers:
Toon Van Hove, Security Engineer, Sigma Prime
Duration:
20 min
Session 8A - Core Security II
15:40
09:00 AM
Can Standards Really Make Blockchain More Secure?
Crypto lost $2.17B in early 2025 alone, emphasizing urgent security challenges. Leaders from Coinbase, Figment, and OpenZeppelin share how emerging blockchain security standards are building trust, driving adoption, and shaping industry practices.
Speakers:
Moderator: Adam Rak, Executive Director, Blockchain Security Standards Council
Panelists:
Joel Kerr, Head of DeFi Security, Coinbase
Jota Carpanelli, Head of Security Services, OpenZeppelin
Max Courchesne-Mackie, Security Architect and Red Team Lead, Figment
Panelists:
Joel Kerr, Head of DeFi Security, Coinbase
Jota Carpanelli, Head of Security Services, OpenZeppelin
Max Courchesne-Mackie, Security Architect and Red Team Lead, Figment
Duration:
45 min
16:25
09:00 AM
Stopping Multisig MEV with Harbour
Multisig transactions today are stored in public offchain queues which are subject to MEV (Multisig Extractable Value) and frontrunning. This talk introduces a new private, e2e encrypted transaction queue to address this problem.
Speakers:
John Ennis, R&D, Safe
Duration:
20 min
16:45
09:00 AM
Security at Scale: Solving Audit Procurement for Builders
Security audits are essential, yet the current process is broken, slow, expensive, and opaque.
Areta Market is flipping this on its head with a builder-first audit marketplace that offers cost savings, competitive quotes, and rapid turnaround across ecosystems like Uniswap, Base, and Scroll.
Areta Market is flipping this on its head with a builder-first audit marketplace that offers cost savings, competitive quotes, and rapid turnaround across ecosystems like Uniswap, Base, and Scroll.
Speakers:
Bernard Schmid, Founder / CEO, Areta Market
Duration:
20 min
17:15
09:00 AM
Are We Creating More Blackhats Than Whitehats?
TODO
Speakers:
TODO
Duration:
45 min
Nogal Stage
Session 6B - AI
9:30
09:00 AM
From Description to Exploit: AI Agents for Smarter Audits
Security audits are vital for blockchain protocols but often time-consuming. Because findings require proof-of-concept exploits, we present an AI-driven agentic framework that automatically generates them from natural language descriptions, easing the work of security researchers.
Speakers:
Sofia Bobadilla, PhD Student, KTH
Duration:
20 min
9:50
09:00 AM
Verifiable Bug Bounties in the Age of AI slop
If you have run a bug bounty program or an audit competition, you have had the pleasure of spending hours going down this rabbithole of this really cool looking bug, but it indeed turned out to be an AI generated report with no real value. We are fixing that with cryptographically verifiable bug reports using zkTLS and zkVM's. We envision a future where these technologies get integrated to Security Vulnerability Disclosure platforms and there by save on researcher time and capital spent.
Speakers:
Anto Joseph, Principal Security Engineer, Eigen Labs
Duration:
20 min
10:10
09:00 AM
AI Changing the Security Game
Artificial Intelligence is no longer a peripheral tool in cybersecurity, it is rapidly becoming the central nervous system for both defensive and offensive operations. In this talk I will explore with the audience practical applications of using AI driven workflows and agents in web3 security.
Speakers:
Pablo Misirov, Solutions Engineer, Spearbit
Duration:
20 min
10:30
09:00 AM
Shipping AI-Generated Code That Won't Hurt You (Much)
AI accelerates development but often compromises safety. We will showcase how structured workflows combining vibecoding with AI-generated specifications, tests, and even formal verification helps deliver both speed and security for critical systems.
Speakers:
Everett Hildenbrandt, CEO, Runtime Verification
Duration:
20 min
10:50
09:00 AM
Providing Ground Truth for LLM-Based Bug Detection Tools Using Slither MCP
LLM-based bug detection is the new hotness;however, it can be challenging for LLMs to reason based on source code alone. Slither's new MCP can help provide alternate representations & ground truth for your bug-hunting models.
Speakers:
Benjamin Samuels, Director of Engineering, Trail of Bits
Duration:
20 min
Session 7B - Automation & Stablecoins
11:20
09:00 AM
Beyond the Cron Job: Eliminating Single Points of Failure With Automation
Most protocols rely on a cron job triggering transactions from a server for critical transactions. We explore vulnerabilities and present a resilient, decentralized execution architecture to avoid single points of failure on the server side.
Speakers:
Facu Spagnuolo, CTO, Mimic
Duration:
20 min
11:40
09:00 AM
Designing Resilient Stablecoins: Best Security and Stability Practices
This talk explores best practices for designing resilient stablecoins, covering key security risks, stability challenges, and governance trade-offs, and offering a clear framework to strengthen trust in stablecoin issuance and liquidity delivery networks.
Speakers:
Antonina Norair, CTO, M0 labs
Duration:
20 min
12:00 - 13:00 Lunch Break
Session 8B - Wallets
13:00
09:00 AM
Common Security Issues in Crypto Wallets
Crypto wallets are critical gateways for DeFi users but remain prone to recurring weaknesses. This talk outlines common security issues across browser, mobile, and web wallets, illustrated with real audit findings, and provides guidance on effective mitigations.
Speakers:
Jahyun Koo, Senior Security Researcher, Hexens
Duration:
20 min
13:20
09:00 AM
Beyond Multisig: Designing the Future of Secure Self-Custody
Multisig has been foundational — but it’s no longer enough. This talk explores real-world patterns for modern self-custody security, from on-chain coordination to programmable guards and mobile-native approvals.
Speakers:
Rahul Rumalla, CEO, Safe
Duration:
20 min
13:40
09:00 AM
Secure if True: Proving Security with TEE Attestations
Improper key management has caused many of crypto’s largest exploits. This talk shows how TEEs, attestations, and reproducible builds power verifiable security – highlighting real-world deployments from Turnkey and Anchorage.
Speakers:
Jack Kearney, CTO & Co-founder, Turnkey
Duration:
20 min
14:00
09:00 AM
ERC-7702: Ephemeral Accounts and the New Security Paradigm for Ethereum Wallets
ERC-7702 enables EOAs to function as smart contract wallets. This talk examines the standard’s security implications, highlights potential attack vectors, and outlines defensive patterns for developers and wallet providers.
Speakers:
Ofir Eliasi, Chief Blockchain Officer, Kerberus
Duration:
20 min
14:30 - 15:30 Lightning Session III
Session 9B - Operational Security
15:30
09:00 AM
Beyond Smart Contracts: How Web2 Gaps Trigger Web3 Collapse
Web3 faces billion-dollar losses not from smart contracts, but from overlooked Web2 gaps. This talk highlights recent hacks, attack vectors, and practical steps for teams to build a true security-first mindset.
Speakers:
Maya Dotan, Proving and Privacy PM, StarkWare
Duration:
20 min
15:50
09:00 AM
Signals & Secrets: A Web3 OPSec Wake-Up Call
What is something that every web3 project uses but is never discussed? Wireless networks. Sure, authentication and encryption may be locked down, but what about beaconing? As mobile devices hop between personal and professional networks, they may acquire and publicly disseminate identifying information.
Speakers:
Benjamin Speckien, Head of Security, Celo
Duration:
20 min
16:10
09:00 AM
Defunding North Korea - Onchain OpSec 101
DeFi is eating TradFi, yet each year DeFi users lose billions to simple phishing and increasingly sophisticated targeted attacks. It's possible to stem this flow, but it won't be easy. This talk will teach users everything they need to know about how to safely operationalize their wallets onchain.
Speakers:
Elliot Friedman, Founder, Solidity Labs LLC
Duration:
20 min
16:30
09:00 AM
The One Click
We have seen hundreds of new techniques recently, all with the same goal: to execute malicious code on your device. What scares me the most? Supply chain attacks: malicious extensions, library collusion, etc.
I want to present, during this talk, recent cases that happened in Web3 (and beyond), to be able to better identify them in the future.
I want to present, during this talk, recent cases that happened in Web3 (and beyond), to be able to better identify them in the future.
Speakers:
Louis Marquenet, Head of Operations, Opsek
Duration:
20 min
17:00
09:00 AM
Lightning Session IV
Todo
Speakers:
ToDo
Duration:
60 min
17:00 - 18:00 Lightning Session IV
Workshop Stage
10:00
09:00 AM
Introducing Sensei, a Safety-First Smart Contract Language for the EVM
In this workshop, we introduce Sensei, a new EVM smart contract language. By easing type-driven development and supporting zero-cost abstraction, Sensei makes development more secure and ergonomic compared to Solidity.
Speakers:
Philippe Dumonet, Lead Developer, Sensei Lang
Duration:
60 min
11:00
09:00 AM
Hunting DeFi Predators: Real-World Forensic Analysis of Multi-Million Dollar Hacks
Master blockchain forensics through hands-on analysis of 2024's biggest DeFi hacks. Learn to use Tenderly, Etherscan & advanced tools to trace attacks, identify vulnerable patterns & build post-mortem reports using real $100M+ exploit cases.
Speakers:
Jawy Romero, cybersecurity, mantishield
Duration:
60 min
12:00 - 13:00 Lunch Break
13:00
09:00 AM
Equivalence Checker and AI - Concordance
TBA
Speakers:
John Toman
Duration:
60 min
14:00
09:00 AM
TBA
Todo
Speakers:
ToDo
Duration:
60 min
15:00
09:00 AM
The Last Line of Defense: Locking Down Safe Smart Contract Deployments with Key Management Policies
This workshop shows how programmable key-management policies can prevent deployment mistakes and exploits in DeFi. Using CubeSigner, we’ll build policies that require multi-party approvals and enforce that only audited, reviewed code reaches the chain.
Speakers:
Deian Stefan, Co-Founder & Chief Scientist, Cubist
Duration:
60 min
16:00
09:00 AM
TBA
Todo
Speakers:
ToDo
Duration:
60 min
17:00
09:00 AM
TBA
Todo
Speakers:
ToDo
Duration:
60 min
