The unexpected path from curious developers to blockchain security specialists
Back in early 2022, three of us were sitting in a small café in Buôn Ma Thuột. We'd just finished reviewing a smart contract that had a vulnerability so obvious it hurt to look at. The thing is, the team who built it wasn't inexperienced or careless—they just didn't know what to look for.
That conversation changed everything. We realized the blockchain space was moving faster than security knowledge could spread. Projects were launching with millions at stake, but proper security audits felt like an afterthought or a checkbox exercise.
So we made a decision. Instead of just pointing out problems, we'd build something better. A security practice that actually explains what we find, why it matters, and how to prevent similar issues down the road.
We didn't follow a standard playbook because there wasn't one. Every project taught us something new about where vulnerabilities hide and how teams actually work.
Our initial client was a DeFi protocol launching on Ethereum. We found 23 issues, including three critical vulnerabilities that could have drained the entire liquidity pool. They fixed everything before launch. That project is still running today with zero security incidents.
A marketplace platform hired us after they'd already been audited twice. We discovered a race condition in their minting logic that previous audits missed. This taught us that surface-level testing isn't enough—you need to understand how users actually interact with smart contracts under real conditions.
After dozens of audits, we noticed patterns. Certain vulnerability types kept appearing in predictable places. We built custom testing tools that could catch these issues automatically, freeing us to focus on the complex logic flaws that require human thinking.
We've audited over 180 smart contracts and helped secure more than two billion dollars worth of digital assets. Teams from Singapore to Seoul reach out because they've heard we explain security in ways developers actually understand and can apply.
We're not consultants who talk about security from a distance. Every person on our team has shipped production code and dealt with the consequences of bugs in the wild. That experience shapes how we approach audits.
Lead Security Auditor
Spent five years building decentralized applications before switching to security. He's the person who catches the subtle reentrancy issues that automated tools miss. Outside of work, he contributes to open-source security libraries and occasionally speaks at developer meetups about secure coding practices.
Testing Lead
Former penetration tester who got frustrated with how many blockchain projects ignored basic security principles. She designs our testing scenarios and has an uncanny ability to think like an attacker. Her background in traditional security brings a perspective that pure blockchain developers often miss.
Every audit starts with understanding what your smart contract is supposed to do, not just what the code says. We test against real attack scenarios, explain findings in plain language, and stick around after delivery to answer questions. Security isn't a document you receive and file away—it's an ongoing conversation about protecting your users and your project.