.svg)
NOV 20-21, 2025 - Buenos Aires, Argentina
DeFi Security
Summit
La Rural,
Buenos Aires, Argentina
Buenos Aires, Argentina
Smart Contract Security
.avif)
Bug Bounties
Web3 Security
Fuzzing
Contests
.avif)
WhiteHats
OpSec
Formal Verification
ZK
What is DSS
The DeFi Security Summit (DSS) is one of the most important global gatherings focused on the intersection of decentralized finance and cybersecurity. It's more than just a conference — it's where the future of secure Web3 infrastructure is being shaped.
Every year, DSS brings together top minds in blockchain, auditing, and security — from white-hat hackers and protocol developers to academic researchers and industry leaders. The goal? To tackle the most pressing issues in DeFi security head-on — from smart contract exploits and cross-chain vulnerabilities to governance threats and beyond.
.avif)
What is DSS
The DeFi Security Summit (DSS) is one of the most important global gatherings focused on the intersection of decentralized finance and cybersecurity. It's more than just a conference — it's where the future of secure Web3 infrastructure is being shaped.
smart contracts
DeFi stacks
cryptographers
cryptographers
Every year, DSS brings together top minds in blockchain, auditing, and security — from white-hat hackers and protocol developers to academic researchers and industry leaders. The goal? To tackle the most pressing issues in DeFi security head-on — from smart contract exploits and cross-chain vulnerabilities to governance threats and beyond.
cryptographers
threat modeling
builders
The Venue
DSS 2025 will be hosted at La Rural in Buenos Aires, Argentina — the same venue as Devconnect.
Address: Av. Sarmiento 2704, C1425 Cdad. Autónoma de Buenos Aires
Speakers
Tech Lead at Sky
CEO and Lead Security Researcher at VulSight
Senior Blockchain Engineer at Concordium
Security Auditor and Researcher at Diligence Security (formerly Consensys Diligence)
Founder, Blockaid
Security Researcher & Triage Lead at Immunefi
CoFounder at Dedaub
Solution Engineer, Blockaid
Security Researcher at Certora
Co-Founder, Head of Investigations at zeroShadow
Security Engineer at ChainSecurity
Blockchain Security Researcher at OpenZeppelin
Head of Operations at Opsek
Auditing Engineer II at Quantstamp
Core Team: Solutions Engineer, Security Ops, AI R&D at Spearbit
Tech Lead (Ethereum Team) at Ackee Blockchain
ZK Cryptography Researcher at OpenZeppelin
Chief Security Officer at Veridise
CTO at M0 Labs
Security researcher at Hexens
Research Scientist at Offchain Labs
Proving and Privacy PM at StarkWare
Head of Solutions Engineering at Turnkey
Co-Founder at Silence Laboratories
Founder / CEO at Areta.Market
Founder at Solidity Labs LLC
CTO & Co-founder at Turnkey
CEO at Ackee Blockchain Security
Senior Security Researcher at Hexens
Senior Security Engineer, Quantstamp
Head of Research at blockful.io
CEO at Safe
CEO at ChainPatrol
Security Researcher at OpenZeppelin
Security Research Manager at CyCraft Technology
Co-Founder and CTO, Gearbox Protocol
CTO at Runtime Verification
Project Lead at OpenVino
Staff Software Engineer at Webacy
Co-Founder & Chief Scientist at Cubist
CEO at Eureka Labs
Security Researcher at QuillAudits
Co-founder CTO at Ensuro
Founder & CEO at Olympix
Founder at Sherlock
Head of Security, Celo
CIO at 1inch
CTO at Polygon Labs
Software Architect at Dedaub
Chief Blockchain Officer, Kerberus
Smart Contract Engineer at AAVE
CEO, Runtime Verification
CISO at Ensuro
Blockchain Security Engineer at Trail of Bits
Principal Engineer at Fireblocks
PhD Student at KTH, Royal Institute of Technology
Protocol Security Lead at Ethereum Foundation
Staff Security Engineer, Arbitrum
Head of DeFi Engineering at Lido
Founder/CEO at Guardrail.ai
CLO at 1inch
Head of BD at Sherlock
Security Researcher at OpenZeppelin
PhD student at Yale
Managing Director at Oak Security
R&D at Safe
Founder at Recon
Executive Director at Sigma Prime
Lead Developer for Quint at Informal Systems
CEO at Accretion
CTO at IPOR Labs
Security Researcher Team Leader at Certora
Blockchain Security Engineer at ChainSecurity
Security Engineer at ChainSecuirty
Co-founder at Forta
CEO at ImmuneFi
CGO at Trustblock
Security Researcher Team Leader at Secureum
Engineer at Sherlock
Lead Developer at Sensei Lang
Lead Developer, Vyper
Formal Verification Engineer at Runtime Verification
Director of Engineering at Trail of Bits
Senior Blockchain Security Engineer at Kiln
PR Specialist at Blockchain Security Standards Council
Policy Strategist at EUCI
Sr. Smart Contract Engineer at Camp Network
Senior Research Engineer at Safe Research
Founder at ipsprotocol
Security Researcher at OpenZeppelin
Blockchain Threat Researcher, BlockThreat
Blockchain Security Researcher at OpenZeppelin
Formal Verification Researcher at Certora
CTO at Veridise
Founder at RareSkills
Principal Security Engineer at Eigen Labs
Smart Contracts Lead at Balancer
CEO at CredShields
DAO Operations Lead at Lido
MITACS Fellow at University of Alberta
Sponsors
Diamond
Gold
Silver
Bronze
DSS 101
DeFi Security 101 is a one-day intensive course specifically designed for builders who wish to deepen their understanding of web3 security.
DSS 101 provides a strong foundation, equipping participants with the necessary knowledge and skills to engage effectively with DSS main conference and the broader web3 security space.
Whether you’re new to security or looking to sharpen your skills, this hands-on technical event is the perfect start to your web3 security journey.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Schedule
.svg){kind=icon}
.svg){kind=icon}
When?
NOV 20, 2025
Where?
La Rural, Buenos Aires, Argentina
Auditorium Stage
Session 1A - Core DeFi
09:30
Secure Protocol Upgrades: Lido V3
Approaching protocol upgrades with security at the core: from design principles to testing and audits, the Lido V3 experience and insights for the wider DeFi ecosystem.
Speaker:
Iurii Tkachenko, Head of DeFi Engineering, Lido DAO
Duration:
20 min
09:50
Permissionless Governance with Institutional-Grade Security: The Gearbox Approach
Gearbox Protocol introduces a novel governance design based on architecture that provides institutions and counterparties with guarantees of safety and long-term resilience while enabling flexibility through modularity and extensibility.
Speaker:
Mikael Lazarev, Co-founder and CTO, Gearbox Protocol
Duration:
20 min
10:10
Horizontally Scaling the Sky Ecosystem Through Incentive Alignment & Best Practices
Learn more about how domain experts in DeFi security, governance operations and game theoretic mechanism design are building the framework that will enable Sky’s scaling strategy to dozens of SubDAOs.
Speaker:
Deniz Yilmaz, Tech Lead, Sky
Duration:
20 min
10:30
Designing DeFi Resilience: Inside Aave V4’s Security Blueprint
Explore how Aave V4 secures DeFi by design. We unpack key architectural choices, their threat models, and tradeoffs, and show how formal verification with the Certora Prover ensures resilience and reliability.
Speakers:
Dhairya Sethi, Smart Contract Engineer, Aave
Tomer Ganor, Security Research Tech Leader, Certora
Tomer Ganor, Security Research Tech Leader, Certora
Duration:
20 min
10:50
From Manipulation to Mitigation: Rethinking Oracle Security in 2025
Oracles power every DeFi protocol but remain prime attack targets. This talk analyzes real-world exploits and provides actionable strategies to ensure data integrity, freshness, and resilient security for safer onchain applications.
Speaker:
Bianca Buzea, Head of DevRel, Chronicle Labs
Duration:
20 min
11:10
Financial Security Risks of DeFi
As DeFi scales, so do the risks. From market volatility to smart contract exposure, managing financial risk has become one of the biggest challenges in decentralized finance. Who should be responsible for risk management? Curators or Protocol Governance?
Moderator:
Ayham, Cofounder, Silo
Panelists:
Sebastian Derivaux, Co-founder, Steakhouse Financial
Gytis Trilikauskis, General Partner, MEV Capital
monetsupply, Head of Strategy, Spark
Omer Goldberg, Founder, Chaos Labs
Yaron Velner, Co-Founder, B.Protocol
Ayham, Cofounder, Silo
Panelists:
Sebastian Derivaux, Co-founder, Steakhouse Financial
Gytis Trilikauskis, General Partner, MEV Capital
monetsupply, Head of Strategy, Spark
Omer Goldberg, Founder, Chaos Labs
Yaron Velner, Co-Founder, B.Protocol
Duration:
45 min
12:00 - 13:00 Lunch Break
Session 2A - Infrastructure
13:00
Security of L1 vs L2s
Over the last year, we have seen chains launch or announce upcoming launches as L1s, while other chains, which have operated as L1s for many years, have chosen to migrate and become Ethereum's L2s. In this panel, we will ask experts what the security tradeoffs are of launching a chain as L1 vs L2. Is this really true that L2s "inherit" security from Ethereum, and how does this decision impact DeFi protocols and users?
Moderator:
Bartek Kiepuszewski, Founder, L2BEAT
Panelists:
Usmann Khan, Head of Protocol Security, Plasma
Jan Gorzny, Co-Founder, Zircuit
Vlad Bochok, Head of Protocol Security, Matter Labs
Daniel Lumi, Senior Product Manager, Arbitrum
Bartek Kiepuszewski, Founder, L2BEAT
Panelists:
Usmann Khan, Head of Protocol Security, Plasma
Jan Gorzny, Co-Founder, Zircuit
Vlad Bochok, Head of Protocol Security, Matter Labs
Daniel Lumi, Senior Product Manager, Arbitrum
Duration:
45 min
13:45
DeFi Security Starts at the Chain Level
Security audits aren't enough. True DeFi security demands assessing risks at the chain level. Join me to explore how L2BEAT's risk framework evaluates Layer-2 chains, ensuring robust protection beyond smart contracts and protocols.
Speaker:
Maciej Zygmunt, Software Engineer, L2BEAT
Duration:
20 min
14:05
Off-Chain But Not Off Radar: Securing Crypto Infrastructure Beyond Smart Contracts
Smart contract audits are the industry standard, but what about the massive node implementations and custom VMs running them? This talk will discuss practical approaches for securing critical infrastructure where traditional audit methods fall short.
Speaker:
Palina Tolmach, CTO, Runtime Verification
Duration:
20 min
14:25
Solana: The Bugs You're Missing
Everyone knows the same top 10 Solana vulnerabilities, but there's a whole class of bugs that even experienced developers write and auditors often miss. In this talk, I'll share advanced vulnerabilities we've found over the past year in production protocols: runtime nuances, account validation edge cases, and account lifecycle quirks. If you're a security researcher who wants to go beyond the standard bug lists, this will give you new angles to think about when hunting for vulnerabilities on Solana.
Speaker:
Robert Reith, CEO, Accretion
Duration:
20 min
14:45
Security vs. Censorship-Resistance: Can We Optimize for Both?
The crypto community wants security and censorship resistance, but can we truly optimize for both? This talk explores the next frontier of security tools like firewalls, and the trade-offs to balance robust cybersecurity and censorship resistance.
Speaker:
Andy Beal, Co-Founder, Forta
Duration:
20 min
15:05
Economic Censorship Games in Fraud Proofs
This talk considers economic censorship attacks, where an attacker censors the defender's transactions by bribing block proposers.
We analyze three game theoretic models of these dynamics and determine the challenge period length required to ensure the defender's success, as a function of the number of required protocol moves and the players' available budgets.
We analyze three game theoretic models of these dynamics and determine the challenge period length required to ensure the defender's success, as a function of the number of required protocol moves and the players' available budgets.
Speaker:
Ben Berger, Research Scientist, Offchain Labs
Duration:
20 min
15:25 - 16:25 Lightning Talks Session I
15:25
Security in Multi-Modal Architecture of DeFi Protocols
How to secure multi-actor DeFi protocols? A case study of IPOR Fusion, presenting a security model that uses on-chain permissions to protect Liquidity Providers' capital, even from the vault owner.
Speaker:
Mariusz Szpiler, CTO, IPOR Labs
Duration:
5 min
15:30
Auditing DeFi in the Era of IntraBlock Loans: Preparing for the Next Wave of Exploits
A forward-looking guide for security researchers on how IntraBlock loans and MEV-sensitive bundles are creating entirely new attack surfaces in DeFi - and what auditors need to do to stay ahead.
Speaker:
Nir Magenheim, CEO, Eureka Labs
Duration:
5 min
15:35
How Can You Tell Whether a Token Is Trustworthy?
Determining if a new token is a scam or legit is key to Web3 scale. This talk explores the tech behind a token intelligence API: how static/dynamic analysis, liquidity, provenance, and behavioral markers help assess ERC20 token trustworthiness.
Speaker:
George Loukovitis, Software Architect, Dedaub
Duration:
5 min
15:40
A New Way to Visualize Crypto Transactions
Billions have been stolen by compromising web applications and crypto wallets haven't been as effective as they should be. The weakest link is the visualization of transactions. Anchorage Digital and TurnKey have a solution.
Speaker:
Prasanna Gautam, Research Lead, Anchorage Digital
Duration:
5 min
15:45
Economic Attacks Due to Diamond's Paradox and Coverage Markets in DeFi
Our upcoming paper explores how Diamond’s Paradox, which demonstrates that even minimal search frictions can lead to monopoly pricing, as well as insurance cause attack vectors in DeFi.
Speaker:
Abhimanyu Nag, MITACS Fellow, University of Alberta
Duration:
5 min
15:50
Auditing ERC-4337 Paymasters: Little Code, Big Risk
Paymasters often look safe due to minimal code, but subtle issues emerge from their interaction with other ERC-4337 entities. This talk explores the role of Paymasters in Account Abstraction, design patterns, and recurring vulnerabilities in Paymaster audits.
Speaker:
Ruben Koch, Senior Security Engineer, Quantstamp
Duration:
5 min
15:55
AI Won’t Replace Auditors, But It Will Replace the Lazy Ones
Channi demystifies AI’s role in Web3 security with examples from static analysis, symbolic execution, and mutation-based fuzzing. She’ll also highlight where AI fails, like inferring protocol-specific logic or understanding governance nuance.
Speaker:
Channi Greenwall, Founder & CEO, Olympix
Duration:
5 min
16:05
Rust-Proofing Your Chains: A Deep Dive into Secure Rust Development Workflows
Rust's growing blockchain role demands secure dev workflows. We’ll cover critical security for contracts and infra: design, methodologies, and tooling. Learn practical tools to harden Rust code with our practical Solana and Stellar-Soroban experience
Speaker:
Aellison Cassimiro, Formal Verification Engineer, Runtime Verification
Duration:
5 min
16:10
Security in Privacy Applications
So far we've typically thought of security as 'preventing unauthorized access' or 'ensuring no loss of funds'. In privacy-first applications however, this must be extended to avoiding leakage of sensitive data and allowing selectively revealing secrets. This talk provides basic intuition on this front.
Speaker:
Nicolás Venturo, Engineering Team Lead, Aztec Labs
Duration:
5 min
16:15
Rethinking Censorship Resistance: A Rateless Sharding Txs Approach
Censorship in DeFi forces users to pay a hidden “censorship tax.” This talk presents a new approach using rateless erasure codes to shard transactions across validators, enabling censorship resistance without costly replication and cutting network overhead by an order of magnitude.
Speaker:
Alejandro Ranchal-Pedrosa, Protocol Researcher, SEI
Duration:
5 min
16:25 - 18:00 Panels
16:25
AI-Powered Auditing: Hype, Reality, and the Future of Web3 Security
A panel exploring how AI is reshaping security audits. What’s working, what’s still experimental, and how AI will fit alongside human expertise and formal methods.
Moderator:
Anto Joseph, Principal Security Engineer, EigenLabs
Panelists:
Channi Greenwall, FOunder & CEO, Olympix
Kirill Balakhonov, Head of AI Products, Nethermind
Jack Sanford, Founder, Sherlock
Nico Waisman, Head of Security, Xbow
Anto Joseph, Principal Security Engineer, EigenLabs
Panelists:
Channi Greenwall, FOunder & CEO, Olympix
Kirill Balakhonov, Head of AI Products, Nethermind
Jack Sanford, Founder, Sherlock
Nico Waisman, Head of Security, Xbow
Duration:
45 min
17:10
Crypto Startups Say They Take Security Seriously… But Do They?
Many crypto startups lack dedicated cybersecurity leadership. This panel will explore the risks of that gap and outline the benefits of building a formal security program—before a breach forces the conversation.
Moderator:
Tiago Assumpcao, Technical Director, Crypto ISAC
Panelists:
Ryan Wegner, Head of Security, Gauntlet Networks
Joe Dobson, Threat Intelligence Analyst, Mandiant
CvH, Security, Polygon
Ido Ben-Natan, Founder and CEO, Blockaid
Tiago Assumpcao, Technical Director, Crypto ISAC
Panelists:
Ryan Wegner, Head of Security, Gauntlet Networks
Joe Dobson, Threat Intelligence Analyst, Mandiant
CvH, Security, Polygon
Ido Ben-Natan, Founder and CEO, Blockaid
Duration:
45 min
Nogal Stage
Session 1B - Compilers and VMs
9:30
Solidity Optimizer Under the Hood
Solidity’s optimizer is often a black box. This talk explains what it really does under the hood, how via-IR changes the game. When to guide or override code with Yul, and how to write contracts the optimizer can truly optimize.
Speaker:
Vladimir Kumalagov, Security Researcher, OpenZeppelin
Duration:
20 min
9:50
Building Crosschain Bridge across VMs
Bridges between L1 to “EVM-compatible” / “EVM-equivalent” L2 chains have their security consideration due to subtle but impactful differences such as opcodes, precompiles, gas accounting, and execution semantics, which can introduce bugs invisible to unit tests. This talk unpacks those differences with an eye toward practical engineering risks and security design.
Speaker:
Joseph Olutimehin, Blockchain Security Engineer, Coinbase
Duration:
20 min
10:10
The CPIMP Backdoor: Anatomy of a Multi-Chain Proxy Attack
A deep dive into the CPIMP vulnerability—how a stealthy proxy-in-the-middle infected dozens of DeFi protocols, and how Dedaub and SEAL 911 raced to neutralize it before widespread exploitation.
Speaker::
Yannis Smaragadakis, Co-Founder, Dedaub
Duration:
20 min
10:30
Differential Fuzzing of the Vyper Compiler
This talk introduces problems in compiler security. Further, it showcases a differential fuzzer of the Vyper language utilizing an AST interpreter as the correctness oracle.
Ivy, a new Vyper interpreter, executes Vyper AST in a custom EVM and enables Csmith-style semantic equivalence testing against the compiler's bytecode. AST-aware, type-safe contract generator enables wide language coverage: generate contract → execute traces → compare semantics.
Ivy, a new Vyper interpreter, executes Vyper AST in a custom EVM and enables Csmith-style semantic equivalence testing against the compiler's bytecode. AST-aware, type-safe contract generator enables wide language coverage: generate contract → execute traces → compare semantics.
Speaker:
Charles Cooper, Lead Developer, Vyper
Duration:
20 min
Session 2B - Testing and Fuzzing
11:00
Going Beyond 100% Coverage
This talk is about Logical Coverage, meaningful combinations of function calls which seems to lack words to describe them.
We'll define Coverage Classes, and from there give a structured definition and an algorithm to enumerate an over approximation of feasible Logical Combinations, with the goal of making auditors and developers know when they have actually reviewed 100% of the code.
We'll define Coverage Classes, and from there give a structured definition and an algorithm to enumerate an over approximation of feasible Logical Combinations, with the goal of making auditors and developers know when they have actually reviewed 100% of the code.
Speaker::
Alex The Entreprenerd, Founder, Recon
Duration:
20 min
11:20
State of Fuzzing: Closing the Circle From Machine to Human and Back
Smart contract state spaces are massive. Coverage-guided heuristics struggle to explore them effectively. Manually guided fuzzing changed this - auditors direct testing through flows and invariants. Now, LLMs start to generate these automatically.
Speaker:
Josef Gattermayer, CEO, Ackee Blockchain Security
Duration:
20 min
11:40
Smart Contracts Fuzzing: Current Problems and Proposed Solutions
Smart contract fuzzers are ineffective. I decipher the problem with 2-step approach with function selection and parameter mutations in details with some real-world examples. I then propose my ideal 3-layer solution: LLMs for semantic understanding, state-based fuzzing with mutation strategies, and GPU acceleration to facilitate discussions.
Speaker:
Andy M. Lee, Founder & CEO, Mamori
Duration:
20 min
12:00 - 13:00 Lunch Break
Session 3B - Math and ZK
13:00
Understanding Math-Heavy Code
Stop treating math code as a black-box.
This talk gives a survey of the common knowledge gaps that block understanding of mathematical code, then reverse-engineers Uniswap V3's getTickAtSqrtPrice() function as an example.
This talk gives a survey of the common knowledge gaps that block understanding of mathematical code, then reverse-engineers Uniswap V3's getTickAtSqrtPrice() function as an example.
Speaker:
Jeffrey Scholz, Founder, Rareskills
Duration:
20 min
13:20
Bounding Rounding Errors in Integer Maths
In this session we will explore lesser-known facts around rounding error bounds in DeFi math and how to reason about them rigorously.
An infamous example for rounding errors are ERC-4626 vaults. Hence, we dissect the ERC-4626 conversion formula that OpenZeppelin came up with in defense. We will show how this virtual liquidity works and the absolute and relative error bounds that can be observed compared to the real-valued formula.
An infamous example for rounding errors are ERC-4626 vaults. Hence, we dissect the ERC-4626 conversion formula that OpenZeppelin came up with in defense. We will show how this virtual liquidity works and the absolute and relative error bounds that can be observed compared to the real-valued formula.
Speaker:
Yanis De Busschere, Security Engineer, ChainSecurity
Duration:
20 min
13:40
Bulletproof Protocol for Set/Not-Set Membership Proofs: Security and Implementation Considerations
This talk presents how the Bulletproof protocol can be extended to support set/non-set membership proofs and takes a deep dive into common implementation-level security pitfalls, including missing inputs in the Fiat–Shamir heuristic (such as the `Frozen Heart` vulnerability and the `Last Challenge` attack).
Speaker:
Doris Benda, Senior Blockchain Engineer, Concordium
Duration:
20 min
14:00
RISC Zero Security Deep Dive: Architecture, Risks, and Review Methodology
What is risc0? How does it work? What do you need to look for as a security engineer reviewing risc0 code.
Speaker:
Kirk Baird, Executive Director, Sigma Prime
Duration:
20 min
Session 4B - Institutional
14:30
How dApps Can Stop Money Laundering
North Korea pushed $1B of Bybit hacked funds through DeFi rails. Protocols turning a blind eye invite growing law enforcement attention. This talk presents concrete technical tools and case studies showing how disruption can actually work.
Speaker:
Julia Hardy, Co-Founder, Head of Investigations, zeroShadow
Orest Gavryliak, CLO, 1inch
Orest Gavryliak, CLO, 1inch
Duration:
20 min
14:50
Lessons Learned After ISO27001 / SOC2 Certification: Bridging DeFi Culture and Enterprise Standards
DeFi thrives on hackathon energy, but certifications demand discipline. This talk shares 1inch’s journey through ISO27001/SOC2, the cultural clashes we faced, and how we married startup speed with enterprise rigor to achieve compliance.
Speaker:
Ilya Naryzhnyy, CIO, 1inch
Duration:
20 min
15:20 - 16:20 Lightning Talk Session II
15:20
Raising the Bar: Security Leadership for Mass Adoption
Security leadership in Web3 is about more than preventing hacks—it’s about building and communicating trust. Learn how to balance security investments, model proven strategies from real‑world examples, and communicate your posture credibly for traditional finance and mass adoption.
Speaker:
Michael Lewellen, Head of Solutions Engineering, Turnkey
Duration:
5 min
15:25
Institutional Adoption Requires Institutional Security
Our industry is changing. Degen capital is what supported the price from 2019 until 2025, but not anymore. Mainstream adoption means that the capital is now more risk averse. It has different attributes and security expectations.
This is a quick dive into the various security externalities of what mainstream adoption means for things like tokenization, DATs, RWAs, etc.
This is a quick dive into the various security externalities of what mainstream adoption means for things like tokenization, DATs, RWAs, etc.
Speaker:
Odysseas Lamtzidis, CEO, Phylax
Duration:
5 min
15:30
Secure Governance for DeFi Companies
A secure, human-friendly governance toolkit for DeFi companies: YAML changesets + fork testing + Safe UI integration to eliminate blind multisig signing in DeFi.
Speakers:
Gabriel Parrondo, CISO, Ensuro
Duration:
5 min
15:35
Statically Safe: Proving Security with Semantic Queries
Security reviewers spend valuable time on monotonous checks for project-specific properties, while static analyzers focus only on generic bugs. Semantic queries bridge this gap by making static analysis customizable to each project.
Speaker:
Benjamin Sepanski, Chief Security Officer, Veridise
Duration:
5 min
15:40
Scale Your DeFi Research with Static Analysis
We examine the current state of EIP-7702 delegation contracts on Ethereum mainnet starting at Pectra's release. Using Glider, a Solidity static analyzer, we uncover adoption trends, recurring patterns, and potential vulnerabilities in this new class of delegation contracts.
Speaker:
Jason Tanner, Security Researcher, Hexens
Duration:
5 min
15:50
Universal Vulnerabilities: Hunting the Same Bugs Across EVM and Solana
Same bugs, different chains. Checklist of vulnerabilities that plague both EVM and Solana. Learn to spot and exploit these patterns regardless of Solidity or Rust syntax.
Speaker:
Lilian Cariou, Security Researcher, Certora
Duration:
5 min
15:55
Try to Catch This: Try-Catch in Solidity Reviewed
Solidity’s try/catch works very differently from traditional languages: it only applies to external calls and contract creation, and its behavior depends on how the EVM encodes error data. This talk explains the three catch types—Error(string), Panic(uint), and raw bytes—and shows when each is triggered. We’ll cover edge cases like out-of-gas failures, malformed revert data, and nesting, giving developers a clear mental model and practical patterns for handling external call failures safely.
Speaker:
Marc Egli, Blockchain Security Engineer, ChainSecurity
Duration:
5 min
16:00
EIP-7702: Empowering EOA's, Expanding Attack Surfaces
In the brief history of account abstract, EIP 7702 has been a revolution, it has introduced a lot of cool ux friendly usecases around it so the talk is gonna cover all that.
Also In this talk, we’ll explore the new attack surfaces introduced by EIP-7702, and it's implications for users, wallet providers etc
We'll also dive into ERC 4337 as part of the history of account abstraction.
Also In this talk, we’ll explore the new attack surfaces introduced by EIP-7702, and it's implications for users, wallet providers etc
We'll also dive into ERC 4337 as part of the history of account abstraction.
Speaker:
Viraz Malhotra, Sr. Smart Contract Engineer, Camp Network
Duration:
5 min
16:05
ARGUZZ: Testing zkVMs for Soundness and Completeness Bugs
Arguzz is the first fuzzer for testing zero-knowledge virtual machines (zkVMs). It uses metamorphic testing and adversarial execution to find soundness and completeness bugs. The fuzzer found 11 critical bugs across three major zkVMs.
Speaker:
Valentin Wüstholz, Principal Researcher and Co-founder, Diligence Security
Duration:
5 min
16:10
ARGUZZ: Testing zkVMs for Soundness and Completeness Bugs
ZisK is a zero-knowledge virtual machine with a modular architecture. It was designed for fast proofs, but it also supports concentrated security reviews. This is a quick summary of the main security patterns and bugs uncovered in our recent review, along with advice and requests for the security community.
Speaker:
Nikesh Nazareth, Principal Security Researcher, OpenZeppelin
Duration:
5 min
Session 5B - Vulnerabilities
16:20
Adversarial ERC-4626: How Vault-Share Manipulation Still Bypasses Listing Screens in 2025
LST/LRT wrappers, points-tokens, and restaked derivatives are exploding. ERC-4626 is the default envelope. Attack surface is bigger now than before.
Oracle teams and risk committees rely on previewDeposit/previewMint as if they were binding promises. They aren’t.
Many “checks” are unit-tests that don’t model donations, flash liquidity, or time-dependent exchange rates.
Oracle teams and risk committees rely on previewDeposit/previewMint as if they were binding promises. They aren’t.
Many “checks” are unit-tests that don’t model donations, flash liquidity, or time-dependent exchange rates.
Speaker:
0xmonsoon, Security Researcher, OpenZeppelin
Duration:
20 min
16:40
When Trust Gets Tricky: The State of TEE Security Today
Trusted Execution Environments like Intel TDX and AMD SEV promise hardware-enforced isolation, but their real-world guarantees are far from absolute. This talk introduces how TEEs work, what they actually protect against, and where their trust boundaries fail under modern cloud and supply-chain threats.
Speaker:
Anup, Staff Security Engineer, Eigen Labs
Duration:
20 min
17:00
Insecurity Through Obscurity: Veiled Vulnerabilities in Closed-Source Contracts
To conceal proprietary business logic and to potentially deter attacks, many smart contracts are closed-source and employ layers of obfuscation. However, we demonstrate that such obfuscation can obscure critical vulnerabilities rather than enhance security. To systematically analyze these risks on a large scale, we present SKANF, a novel EVM bytecode analysis tool tailored for closed-source and obfuscated contracts.
Speakers:
Sen Yang, PhD Student, Yale University
Duration:
20 min
17:20
Governance as an Attack Vector
Most relevant DeFi protocols today have governance in one way or another, and the lack of attention towards its security has led to more and more governance attacks over the last few years. We’re going to explore recent governance attacks and their characteristics
Speaker:
Zeugh Ion, Head of Research, Blockful.io
Duration:
20 min
17:40
When One Dependency Breaks Everything: Securing the Web3 Toolchain
A single library, package, or IDE extension can undermine even well-written smart contracts. This talk shows how to triage toolchain risk fast and shares real cases from npm and VS Code that put Web3 projects at risk, with practical ways to reduce exposure.
Speaker:
Ray Orlev, Security Researcher Team Leader, Certora
Duration:
20 min
Workshop Stage
10:00
The Art of Manually Guided Fuzzing
Manually Guided Fuzzing represents a paradigm shift in testing. Unlike random/property-based fuzzing, this approach puts testing back under your control, directing the process toward vulnerabilities with surgical precision.
Speaker:
Jan Kalivoda, Tech Lead, Ackee Blockchain
Duration:
60 min
11:00
OpSec Fundamentals in Web3: Hands-On Tools and Recommendations for Everyday Security
Individual OpSec is vital in Web3 to counter phishing and exploits. This workshop builds awareness and explores a variety of tools/techniques as examples, such as QubesOS for isolation, DangerZone for document interactions, secure multisig handling, and more. Practice mitigations for real-world personal security.
Speaker:
Sven Igl, Security Researcher, Sherlock
Duration:
60 min
12:00 - 13:00 Lunch Break
13:00
Formal Verification of Uniswap v4 Hooks
In this talk you will learn the basics of formal verification and how to apply this to Uniswap hooks. We will show how we can formally model the Uniswap v4 infrastructure, particularly the PoolManager, to find bugs in the interaction between the hook and the pool and protect against unexpected attack vectors.
Speaker:
Jochen Hoenicke, Formal Verification Researcher, Certora
Duration:
60 min
14:00
What We Talk About When We Talk About DeFi in Europe
As the EU’s MiCA regulation begins to bite, questions of liability, governance and security in DeFi are no longer theoretical. This workshop probes how legal risk attaches to code—through smart contract design, MEV dynamics, and decentralised architecture.
Speaker:
Vyara Savova, Policy Strategist, EUCI
Duration:
60 min
15:00
Streamlining Security Audits with AuditHub
Security audits are complex and obscure processes that involve many critical decisions. AuditHub streamlines audits by introducing transparency and automation. The result? Efficient and better documented security audits for analysts and developers.
Speaker:
Kostas Ferles, CTO, Veridise
Duration:
60 min
16:00
Demystifying MPC for coSNARKs: How to Collaboratively Prove Sumthing
We present Sumthing, a toy SNARK protocol designed to illustrate how multiple parties can collaboratively generate a proof of knowledge using MPC. With worked-out Sumcheck-based examples, we demystify MPC's role in coSNARKs and verifiable outsourced computation.
Speaker:
Vesselin Velichkov, ZK Cryptography Researcher, OpenZeppelin
Duration:
60 min
17:00
Security Agents, Not Alerts: A New Metalanguage for Live Threat Detection in DeFi
Build real-time monitoring agents that catch rugpulls, hacks, and invariant violations as they happen. This workshop introduces a novel metalanguage for expressing protocol logic and generating relational queries over live blockchain data with zero delay.
Speaker:
Neville Grech, Co-founder, Dedaub
Duration:
60 min
.png)
Coming Soon!
Our detailed agenda is being finalized. Leave your email below and we’ll notify you as soon as the schedule goes live.
Oops! Something went wrong while submitting the form.
When?
NOV 21, 2025
Where?
La Rural, Buenos Aires, Argentina
Auditorium Stage
Session 6A - Incident Response
9:30
Real-Time War Rooms: Building Proactive DeFi Security Operations Centers
We’ve moved from “you up” – SamczSun to researchers running their own detections. Most security stops post-audit & launch, meanwhile protocol devs feel if they get hacked, their users will report it for them on Twitter. This talk aims to flip the script from reactive to proactive detection, citing past exploit examples & sharing actionable learnings.
Speaker:
Samridh Saluja, Founder/CEO, Guardrail
Duration:
20 min
9:50
Building the War Room Before the War: Proactive Incident Response for DeFi Protocols
Learn how DeFi teams can structure war rooms, minimize fund loss during active exploits, and turn chaos into coordination. A deep dive into incident response strategies based on the real exploits.
Speaker:
Uladzislau Yarashuk, Security Auditor, Consensys DiIligence
Duration:
20 min
10:10
Dealing With a Hundred Million Dollar Live Vulnerability
What do you do when you get a seemingly valid whitehat report during a Friday evening?
What do you do when the bug is confirmed, it affects 100M+ in user funds, and governance has limited options to control the affected contracts?
What do you do when the bug is confirmed, it affects 100M+ in user funds, and governance has limited options to control the affected contracts?
Speaker:
Juan Ignacio Ubeira, Smart Contracts Lead, Balancer
Duration:
20 min
10:30
Layered Defense at Work: Story of the Protocol Upgrade Saved by the Last Security Measure in the Toolbox
It's one thing to know that "no amount of prep makes the code 100% safe" and another to see it play out in practice. This is the story of a big release employing an extra-layered approach to security: how the team spent months in preparation and hundreds of thousands of dollars on security measures and was saved from the mainnet vulnerability with a bug bounty report —and how that's a good thing.
Speaker:
Kate Zueva, DAO Operations Lead
Duration:
20 min
10:50
Storage Proofs Done Wrong: a Case Study
A critical vulnerability was discovered in an open-source library for MPT proof verification, which was used by a few large protocols to operate on L2s.
Millions of user funds were at risk, but it was patched before it could be exploited.
Millions of user funds were at risk, but it was patched before it could be exploited.
Speaker:
Elia Anzuoni, Smart Contract Auditor, ChainSecurity
Duration:
20 min
11:10
War Room Chronicles: Stories, Scars, and Survival
Step inside the war room. In this candid, no-filters conversation, leaders share real stories from their toughest moments—crises that tested their teams, judgment, and resilience. From high-stakes incidents to near-misses and hard-earned recoveries, this panel dives into what really happens when everything’s on the line—and how those scars became lessons in leadership, teamwork, and survival.
Moderator:
Mudit Gupta, CTO, Polygon Labs
Panelists:
Joe Dobson, Threat Intelligence Analyst, mandiant
Julia Hardy, Co-Founder, Head of Investgations, zeroShadow
Anna Stone, COO, Cork
Mudit Gupta, CTO, Polygon Labs
Panelists:
Joe Dobson, Threat Intelligence Analyst, mandiant
Julia Hardy, Co-Founder, Head of Investgations, zeroShadow
Anna Stone, COO, Cork
Duration:
45 min
12:00 - 13:00 Lunch Break
Session 7A - Core Security I
13:00
Future of Smart Contract Security: Neither Smart Nor Secure?
Smart contract security has evolved over the last decade with improvements in programming best practices, battle tested contracts, auditing approaches, validation/verification techniques, bug bounties, monitoring tools and incident response orchestration. However, protocols and users continue to get exploited. This panel will surface the toughest questions on how we can do a better job in securing the future of finance and beyond.
Moderator:
Rajeev, Founder, Secureum
Panelists:
Seth Hallem, CEO, Certora
Hari Mulackal, CEO, Spearbit
Mehdi Zerouali, Co-founder & Director, Sigma Prime
Benjamin Samuels, Director of Engineering, Trail of Bits
Alice Henshaw, Protocol Engineer, Uniswap
Rajeev, Founder, Secureum
Panelists:
Seth Hallem, CEO, Certora
Hari Mulackal, CEO, Spearbit
Mehdi Zerouali, Co-founder & Director, Sigma Prime
Benjamin Samuels, Director of Engineering, Trail of Bits
Alice Henshaw, Protocol Engineer, Uniswap
Duration:
45 min
13:45
Ethereum: Trillion Dollar Security
Ethereum aims to upgrade its already leading security to "Trillion Dollar Security" - an ecosystem capable of safely securing trillions in value onchain for individuals, institutions, and governments. This talk shares key updates and insights.
Speaker:
Fredrik Svantes, Protocol Security Lead, Ethereum Foundation
Duration:
20 min
14:05
The State of DeFi Security - 2025
Returning for a third year, this session delivers a compact, data driven overview of the current state of DeFi security, highlighting how attackers are adapting and how defenders must respond. The session concludes with a look ahead at countermeasures, tools, and incident response practices DeFi teams will need to stay ahead of tomorrow’s threats.
Speaker:
Peter Kacherginsky, Blockchain Threat Researcher, BlockThreat
Duration:
20 min
14:25
Moving Access Control Away From Smart Contracts' Code
The industry standard today is to hardwire the access control policy directly into the code of the smart contracts. I will present an alternative to avoid this, making *deployed* access control rules easily observable (and auditable).
Speaker:
Guillermo Narvaja, Co-founder CTO, Ensuro
Duration:
20 min
14:45
Full Web3 Security Stack - A Blue Team Perspective
See how Kiln is pushing the security standards for its validators on 50+ protocols (+$10b AUS, 5% of ETH staked), 4 smart contract protocols (+$3.5b TVL), 3 dApps and APIs used by the best wallets. A unique blue team full stack web3 security perspective.
Speaker:
Loïc TITREN, Senior Blockchain Security Engineer, Kiln
Duration:
20 min
15:05
Ethereum Forks And Their Impact On Smart Contract Security
Ethereum's regular hard forks often introduce changes that fundamentally
alter smart contract security assumptions and functionality. This talk examines the key EIPs in the recent and upcoming hard forks and their implications on smart contracts. Understanding Ethereum's trajectory is crucial for both developers and security researchers to build resilient applications that can maintain security guarantees across protocol changes
alter smart contract security assumptions and functionality. This talk examines the key EIPs in the recent and upcoming hard forks and their implications on smart contracts. Understanding Ethereum's trajectory is crucial for both developers and security researchers to build resilient applications that can maintain security guarantees across protocol changes
Speaker:
Toon Van Hove, Security Engineer, Sigma Prime
Duration:
20 min
Session 8A - Core Security II
15:40
Can Standards Really Make Blockchain More Secure?
Crypto lost $2.17B in early 2025 alone, emphasizing urgent security challenges. Leaders from Coinbase, Figment, and OpenZeppelin share how emerging blockchain security standards are building trust, driving adoption, and shaping industry practices.
Moderator:
Adam Rak, Executive Director, Blockchain Security Standards Council
Panelists:
Jota Carpanelli, Head of Security Services, OpenZeppelin
Max Courchesne-Mackie, Security Architect and Red Team Lead, Figment
Joel Kerr, Head of DeFi Security, Coinbase
Adam Rak, Executive Director, Blockchain Security Standards Council
Panelists:
Jota Carpanelli, Head of Security Services, OpenZeppelin
Max Courchesne-Mackie, Security Architect and Red Team Lead, Figment
Joel Kerr, Head of DeFi Security, Coinbase
Duration:
45 min
16:25
Stopping Multisig MEV with Harbour
Multisig transactions today are stored in public offchain queues which are subject to MEV (Multisig Extractable Value) and frontrunning. This talk introduces a new private, e2e encrypted transaction queue to address this problem.
Speaker:
John Ennis, R&D, Safe
Duration:
20 min
16:45
Security at Scale: Solving Audit Procurement for Builders
Security audits are essential, yet the current process is broken, slow, expensive, and opaque.
Areta Market is flipping this on its head with a builder-first audit marketplace that offers cost savings, competitive quotes, and rapid turnaround across ecosystems like Uniswap, Base, and Scroll.
Areta Market is flipping this on its head with a builder-first audit marketplace that offers cost savings, competitive quotes, and rapid turnaround across ecosystems like Uniswap, Base, and Scroll.
Speaker:
Bernard Schmid, Founder / CEO, Areta Market
Duration:
20 min
17:15
Are We Creating More Blackhats Than Whitehats?
As bug bounties scale down while TVL grows, researchers debate whether current incentive structures and economic models push talent toward exploitation rather than vulnerability disclosure.
Moderator:
Michael Lewellen, Head of Solutions Engineering, Turnkey
Panelists:
Mitchell Amador, CEO, ImmuneFi
Umar Ahmed, CTO, Co-founder, Chainpatrol
Ari Medvinsky, CTO, Co-founder, Failsafe
Neville Grech, CoFounder, Dedaub
Michal Knapkiewicz, Executive Director, Sigma Prime
Michael Lewellen, Head of Solutions Engineering, Turnkey
Panelists:
Mitchell Amador, CEO, ImmuneFi
Umar Ahmed, CTO, Co-founder, Chainpatrol
Ari Medvinsky, CTO, Co-founder, Failsafe
Neville Grech, CoFounder, Dedaub
Michal Knapkiewicz, Executive Director, Sigma Prime
Duration:
45 min
Nogal Stage
Session 6B - AI
9:30
From Description to Exploit: AI Agents for Smarter Audits
Security audits are vital for blockchain protocols but often time-consuming. Because findings require proof-of-concept exploits, we present an AI-driven agentic framework that automatically generates them from natural language descriptions, easing the work of security researchers.
Speaker:
Sofia Bobadilla, PhD Student, KTH
Duration:
20 min
9:50
Verifiable Bug Bounties in the Age of AI slop
If you have run a bug bounty program or an audit competition, you have had the pleasure of spending hours going down this rabbithole of this really cool looking bug, but it indeed turned out to be an AI generated report with no real value. We are fixing that with cryptographically verifiable bug reports using zkTLS and zkVM's. We envision a future where these technologies get integrated to Security Vulnerability Disclosure platforms and there by save on researcher time and capital spent.
Speaker:
Anto Joseph, Principal Security Engineer, Eigen Labs
Duration:
20 min
10:10
AI Changing the Security Game
Artificial Intelligence is no longer a peripheral tool in cybersecurity, it is rapidly becoming the central nervous system for both defensive and offensive operations. In this talk I will explore with the audience practical applications of using AI driven workflows and agents in web3 security.
Speaker:
Pablo Misirov, Solutions Engineer, Spearbit
Duration:
20 min
10:30
Shipping AI-Generated Code That Won't Hurt You (Much)
AI accelerates development but often compromises safety. We will showcase how structured workflows combining vibecoding with AI-generated specifications, tests, and even formal verification helps deliver both speed and security for critical systems.
Speaker:
Everett Hildenbrandt, CEO, Runtime Verification
Duration:
20 min
10:50
Providing Ground Truth for LLM-Based Bug Detection Tools Using Slither MCP
LLM-based bug detection is the new hotness;however, it can be challenging for LLMs to reason based on source code alone. Slither's new MCP can help provide alternate representations & ground truth for your bug-hunting models.
Speaker:
Benjamin Samuels, Director of Engineering, Trail of Bits
Duration:
20 min
Session 7B - Automation & Stablecoins
11:20
Beyond the Cron Job: Eliminating Single Points of Failure With Automation
Most protocols rely on a cron job triggering transactions from a server for critical transactions. We explore vulnerabilities and present a resilient, decentralized execution architecture to avoid single points of failure on the server side.
Speaker:
Facu Spagnuolo, CTO, Mimic
Duration:
20 min
11:40
Designing Resilient Stablecoins: Best Security and Stability Practices
This talk explores best practices for designing resilient stablecoins, covering key security risks, stability challenges, and governance trade-offs, and offering a clear framework to strengthen trust in stablecoin issuance and liquidity delivery networks.
Speaker:
Antonina Norair, CTO, M0 labs
Duration:
20 min
12:00 - 13:00 Lunch Break
Session 8B - Wallets
Session Chair: Yoav Weiss
Session Chair: Yoav Weiss
13:00
Common Security Issues in Crypto Wallets
Crypto wallets are critical gateways for DeFi users but remain prone to recurring weaknesses. This talk outlines common security issues across browser, mobile, and web wallets, illustrated with real audit findings, and provides guidance on effective mitigations.
Speaker:
Jahyun Koo, Senior Security Researcher, Hexens
Duration:
20 min
13:20
Beyond Multisig: Designing the Future of Secure Self-Custody
Multisig has been foundational — but it’s no longer enough. This talk explores real-world patterns for modern self-custody security, from on-chain coordination to programmable guards and mobile-native approvals.
Speaker:
Rahul Rumalla, CEO, Safe
Duration:
20 min
13:40
Secure if True: Proving Security with TEE Attestations
Improper key management has caused many of crypto’s largest exploits. This talk shows how TEEs, attestations, and reproducible builds power verifiable security – highlighting real-world deployments from Turnkey and Anchorage.
Speaker:
Jack Kearney, CTO & Co-founder, Turnkey
Duration:
20 min
14:00
EIP-7702: Ephemeral Accounts and the New Security Paradigm for Ethereum Wallets
EIP-7702 enables EOAs to function as smart contract wallets. This talk examines the standard’s security implications, highlights potential attack vectors, and outlines defensive patterns for developers and wallet providers.
Speaker:
Ofir Eliasi, Chief Blockchain Officer, Kerberus
Duration:
20 min
14:30 - 15:30 Lightning Session III
14:30
Beyond Smart Contracts: How Web2 Gaps Trigger Web3 Collapse
As AI agents begin to transact and collaborate autonomously, privacy must be built into orchestration. This talk explores cryptographic tools—MPC, ZKPs, and programmable consent—for enabling secure, accountable, and privacy-preserving agentic workflows.
Speaker:
Jay Prakash, Co-Founder, Silence Laboratories
Duration:
5 min
14:35
AI and the Future of On-Chain Trust & Safety: Building Security Detection at Scale for Web3
DeFi faces evolving risks in both security and trading domains, including fake tokens, rug-pulls, hidden taxes, bundling, sniper bots, address poisoning, and illicit fund flows. This talk introduces state-of-the-art detection techniques built on scalable machine learning and blockchain/financial analytics.
Speaker:
Rodrigo Lajous, Staff Software Engineer, Webacy
Duration:
5 min
14:40
Prompts Aren’t (Good) Specs: Correctness in the LLM Era
More AI code often means more prompts, but prompts carry all the problems of natural language. Instead, we should center the work on executable specs and correctness properties as the source of truth to design safer, clearer, auditable systems.
Speaker:
Gabriela Moreira, Lead Developer for Quint, Informal Systems
Duration:
5 min
14:45
Exploring AI's Frontier in DeFi: From Vulnerability Simulations to Secure Protocol Design
In this talk, I will explore how artificial intelligence is pushing the boundaries in decentralized finance security. DeFi has grown fast, but it faces big risks like smart contract bugs, flash loan attacks, and governance hacks. AI can help by simulating vulnerabilities before they happen, letting developers test protocols in safe ways.
Speaker:
Rares Stanciu, Engineer, Sherlock
Duration:
5 min
14:50
Enhancing Large Language Models for Smart Contract Security via Dependency-Aware Context and Auditor-Labeled Corpora
Smart contracts lose billions annually due to hidden bugs. This talk shows how dependency-aware AI and auditor-labeled datasets reduce false positives and uncover complex vulnerabilities, enabling scalable Web3 security.
Speaker:
Shashank, CEO, CredShields
Duration:
5 min
14:55
AI in Bug Reports: When to Use LLMs and When Not To
Large Language Models are quickly becoming part of the security researcher’s toolkit, but their value in bug bounty reporting is often misunderstood. While LLMs can speed up writing, clarify technical explanations, and even help spot inconsistencies, they can just as easily generate noise, false positives, or overconfident nonsense that wastes everyone’s time. This talk explores where AI can genuinely improve the quality and clarity of bug reports and where it actively hurts both researchers and triage teams.
Speaker:
Alejandro Munoz-McDonald, Security Researcher & Triage Lead, Immunefi
Duration:
5 min
15:00
Security Considerations of DeFAI
DeFAI, where DeFi meets AI, offers powerful innovation but expands the attack surface. This talk presents a 3-layer framework to secure data, models, and usage, preventing exploits and building trust in the future of web3 finance.
Speaker:
Victor Okafor, Security Researcher, QuillAudits
Duration:
5 min
15:05
Auditing with Machines: A Practical Exploration of AI-Augmented Security Work
As the Web3 security landscape diversifies, auditors are exposed to more infrastructure codebases such as blockchain nodes or cross-chain messaging software. This talk offers a comparative analysis of common and emergent bug classes between auditing smart contracts and infrastructure projects.
Speaker:
Ionut-Viorel Gingu, Blockchain Security Researcher, OpenZeppelin
Duration:
5 min
15:25
Open-Source Security Orchestration: Building Automated Response Systems for DeFi
Why DeFi needs vendor-agnostic, open-source security orchestration. Lessons from war rooms, designing automated response protocols, and building unified dashboards that any protocol can deploy without lock-in.
Speaker:
Mitchell Amador, CEO, ImmuneFi
Duration:
5 min
Session 9B - Operational Security
15:30
Beyond Smart Contracts: How Web2 Gaps Trigger Web3 Collapse
Web3 faces billion-dollar losses not from smart contracts, but from overlooked Web2 gaps. This talk highlights recent hacks, attack vectors, and practical steps for teams to build a true security-first mindset.
Speaker:
Maya Dotan, Proving and Privacy PM, StarkWare
Duration:
20 min
15:50
Signals & Secrets: A Web3 OPSec Wake-Up Call
What is something that every web3 project uses but is never discussed? Wireless networks. Sure, authentication and encryption may be locked down, but what about beaconing? As mobile devices hop between personal and professional networks, they may acquire and publicly disseminate identifying information.
Speaker:
Benjamin Speckien, Head of Security, Celo
Duration:
20 min
16:10
Defunding North Korea - Onchain OpSec 101
DeFi is eating TradFi, yet each year DeFi users lose billions to simple phishing and increasingly sophisticated targeted attacks. It's possible to stem this flow, but it won't be easy. This talk will teach users everything they need to know about how to safely operationalize their wallets onchain.
Speaker:
Elliot Friedman, Founder, Solidity Labs LLC
Duration:
20 min
16:30
The One Click
We have seen hundreds of new techniques recently, all with the same goal: to execute malicious code on your device. What scares me the most? Supply chain attacks: malicious extensions, library collusion, etc.
I want to present, during this talk, recent cases that happened in Web3 (and beyond), to be able to better identify them in the future.
I want to present, during this talk, recent cases that happened in Web3 (and beyond), to be able to better identify them in the future.
Speaker:
Louis Marquenet, Head of Operations, Opsek
Duration:
20 min
17:00 - 18:00 Lightning Session IV
17:00
Beyond the PDF: Building the Data Layer for On-Chain Trust
Web3 security is trapped in static PDFs. This talk unveils how aggregating data from 60+ audit firms into a live oracle creates a composable, verifiable trust layer for the entire ecosystem, moving security from a snapshot to a real-time state.
Speaker:
Bilel Seddik, CGO, Trustblock
Duration:
5 min
17:05
Beyond “Just Read the Code”: Auditing Strategies & Tactics
Saying top auditors “just read the code” is like saying Michael Phelps just swims, or Usain Bolt just runs. This talk breaks down exactly how the best audit: auditing strategies, tactics, and how to find bugs others miss.
Speaker:
Nisedo, Blockchain Security Engineer, Trail of Bits
Duration:
5 min
17:10
Common DeFi Invariants Every Protocol Must Respect
When kicking off a review, fuzzing, or formal verification campaign on a new DeFi project, the hardest part is often deciding what invariants to check. Deep, protocol-specific properties usually require a full understanding of the code, but you don't need to wait for that. This talk introduces a set of simple, universal “day-1 invariants” that apply to nearly every protocol.
Speaker:
Anton Permenev, Security Engineer, ChainSecuirty
Duration:
5 min
17:15
SCDS - Smart Contract Diagram Standard
Most protocol docs and audit reports contain smart contract diagrams. They describe flows (control, assets, data), actor and threat models, and they all do it a bit differently. The talk will present what could be a shared standard for diagrams.
Speaker:
George Kobakhidze, Security Auditor and Researcher, Diligence Security
Duration:
5 min
17:20
How to Infiltrate a Web3 Project: The Hitchhikers Guide for Aspiring Black Hats!
Exploits of Web3 projects are increasingly targeting the human threat vector. In this humorous but educational talk we explore the operational security risks project face from the attacker's viewpoint.
Speaker:
Dr. Jan Philipp Fritsche, Managing Director, Oak Security
Duration:
5 min
17:25
Modeling State Transitions to Find Unique Bugs
Finding obscure bugs by dissecting state transitions: how each sequential function call reads and writes to the state. This is a visual method that supports developing and validating bug hypotheses, and I'll show how I found unique issues with it.
Speaker:
Phil Bugcatcher, Security Researcher, Certora
Duration:
5 min
17:30
Beyond the Audit: Building an Always-On Security Culture for Web3
Audits are checkpoints, not finish lines. Learn a simple, always-on security model: embed security in dev, use AI, audits, fuzzing, formal methods, contests and bounties—what each catches, when to use them, and how to measure progress.
Speaker:
Dan Berbec, Head of BD, Sherlock
Duration:
5 min
17:35
The Rise of Phishing - How to Protect Your Team
Funds lost due to social engineering and phishing attacks on crypto teams are quickly rising. This talk will go over the latest developments in phishing attacks and a practical guide on how your team can stay safe.
Speaker:
Nikita Varabei, CEO, ChainPatrol
Duration:
5 min
17:40
Guarding the Safe - From Guardrail to Policy Engine
TBA
Speaker:
Shebin John
Duration:
5 min
17:45
Red-Teaming Crypto Wallet Operations
In this talk I am going to be presenting an open-source framework for organizations to use in red-teaming their crypto wallet operations. This talk will present a testing and evaluation framework for how any organization can comprehensively assess the security posture of their crypto wallet operations, and identify areas for improvement.
Speaker:
TJ Connolly, Principal Engineer, TJ C
Duration:
5 min
17:50
Transaction Simulation Spoofing (TSP): The Next Wave of Wallet Drains
Transaction Simulation Spoofing (TSP) introduction, a systemic attack class that affects wallets, users, and dApps. The talk will cover how TSP works, its impact, live demos, and potential solutions. Presenting the work done ESP Grant for the ETHRangers program.
Speaker:
Jean-Loïc Mugnier, Founder, ipsprotocol
Duration:
5 min
Workshop Stage
10:00
Introducing Sensei, a Safety-First Smart Contract Language for the EVM
In this workshop, we introduce Sensei, a new EVM smart contract language. By easing type-driven development and supporting zero-cost abstraction, Sensei makes development more secure and ergonomic compared to Solidity.
Speaker:
Philippe Dumonet, Lead Developer, Sensei Lang
Duration:
60 min
11:00
Hunting DeFi Predators: Real-World Forensic Analysis of Multi-Million Dollar Hacks
Master blockchain forensics through hands-on analysis of 2024's biggest DeFi hacks. Learn to use Tenderly, Etherscan & advanced tools to trace attacks, identify vulnerable patterns & build post-mortem reports using real $100M+ exploit cases.
Speaker:
Jawy Romero, cybersecurity, mantishield
Duration:
60 min
12:00 - 13:00 Lunch Break
13:00
Concord: Automatically Checking EVM Bytecode Equivalence
This workshop explores practical techniques for proving semantic equivalence between smart contracts and compiler outputs. Attendees will learn how program-level reasoning can detect behavioral divergences, validate compiler optimizations, and assess LLM-generated code for functional safety.
Speaker:
John Toman
Duration:
60 min
14:00
Beyond Private Key Security: Cosigners and Advanced Policy Engines
Private keys were meant to secure assets, but often do the opposite. Even multisig and MPC setups can leave signers blind to what they’re approving, leading to real breaches like the Bybit hack. This session examines how advanced policy engines and cosigners enable real-time validation and transparency in transaction security.
Speaker:
Ran Barth, Solution Engineer, Blockaid
Duration:
60 min
15:00
The Last Line of Defense: Locking Down Safe Smart Contract Deployments with Key Management Policies
This workshop shows how programmable key-management policies can prevent deployment mistakes and exploits in DeFi. Using CubeSigner, we’ll build policies that require multi-party approvals and enforce that only audited, reviewed code reaches the chain.
Speaker:
Deian Stefan, Co-Founder & Chief Scientist, Cubist
Duration:
60 min
16:00
TBA
TBA
Speakers:
TBA
Duration:
60 min
17:00
TBA
TBA
Speakers:
TBA
Duration:
60 min
