We value integrity, excellence, innovation, and evolution. Our mission is to manifest these core tenets in the work that we do.
We seek to provide rigorous and comprehensive security audits that are coherent and consistent in their methodology and approach.
This is the Defense Security Standard.
From design to post-deployment, we believe that robust security is realized only through the sum of its parts. Our goal is to raise the bar for security by elevating and refining everything we’ve already accomplished, in accordance with the Defense Security Standard.
We audit both on-chain and off-chain components across a variety of languages, ecosystems, and technologies.
Our team is long-established in the crypto space, demonstrating a breadth of knowledge and experience. This is combined with an ability to conduct a methodical, rigorous security analysis and assessment approach that adheres to security best practices and industry standards.
We bring a wealth and diversity of expertise and unsurpassed experience, across a broad spectrum of languages and ecosystems.
Hind is a security auditing veteran who has held senior leadership roles at Consensys Diligence and Least Authority. She moved into Web3 after building a career in Web2 operations and project management and humanitarian work. Her commitment to using decentralized technology to lay the groundwork for a world where justice prevails over power stems from her experience in technology and international development, coupled with direct exposure to people disenfranchised by the inequitable distribution of income, goods, and resources.
By applying the core tenets of web3, Hind hopes we can together resolve some of the world’s most challenging issues:from gender inequity and the exploitation of personal information, to global disparities in global wealth and income and the outsized impact of climate change on the impoverished.
Bashir is an economist by training, with a financial analysis and business management background. Although he was first attracted to the Web3 space by cryptocurrency and decentralized finance, he has since discovered that decentralized technology has many powerful and promising applications that have the potential to be an agent of positive change, fostering the betterment of our global community.
Bashir has been working with security research teams as a senior project manager and technical writer for more than three years, over the course of which he has worked on 100+ security audits.
Justin has been working as a penetration tester for 8 years and more broadly in cybersecurity for more than 11. He is OSCP- and OSWE-certified, has spoken at ShmooCon and TrustX conferences, and has practiced his penetration testing skills in real life in the past by climbing up trees to enter through unlocked back doors (his own).
Justin has worked on security audits for Cosmos, Mina, Tezos, Filecoin, and Ethereum, in addition to many wallet implementations. Justin has worked on projects including the MetaMask Snaps Extension Integration, Stacks Hiro Wallet, Tezos Kukai Wallet, Loopring’s Circuit Implementation, Mina Signer SDK + Staking Power Wallet, and more.
Expertise: Penetration Testing; Wallets; Browser Extensions; Cryptography; MetaMask Snaps Implementations
Shareef is a full stack developer and security researcher with more than 7 years of experience, primarily focusing on mobile wallets and browser extensions. He’s enthusiastic about decentralized technology’s potential to introduce important social and economic changes, such as data privacy, equitable access to services, and user freedom.
Shareef has worked on security audits for a variety of projects and dApps, including wallets and browser extensions, and Clarity smart contract audits for the Stacks ecosystem. Shareef has worked on projects including Stacks Alex Protocol, Blox Staking Wallet, and more.
Expertise: Smart Contracts; dApps; Wallets and Browser Extensions; Frontend Implementations; React; NodeJS
Alpha has more than 15 years of experience in auditing, penetration testing, network security, applied cryptography, and application security. In 2019, while working as a blockchain ecosystem security researcher, Alpha realized there was a significant amount of work to be done in securing decentralized technology.
In addition to working as a Thesis Defense security researcher and auditor, Alpha participates in various contest platforms and firms, conducts private audits, and participates in bug bounties. He has contributed his skills to a wide range of ecosystems and projects including the Ethereum Beacon Chain, Althea Gravity Bridge, Tendermint Core, Cosmos SDK, Holochain’s Lair Keystore, Matrix vodozemac, Umee’s Peggo Orchestrator, Holochain’s Deterministic Integrity crate, Ava Labs Subnet EVM, and more.
Languages: Go; Rust; Solidity
Expertise: Secure Messaging; Consensus Protocols; Key Management; Access Control; Blockchain Communication Protocols; Distributed Systems
Jawid has been working as a software engineer since 2014 and has been an active Ethereum contributor since 2016. He has a passion for blockchain technology's transformative potential and is particularly interested in how decentralized systems can revolutionize security and data privacy for finance.
Jawid has worked on a variety of smart contract protocol security audits including Data Lake Token, Vesting, and Consent smart contracts, Sovryn’s Bi-directional FastBTC, PiSwap Protocol, FilFi smart contracts, Endaoment V2 smart contracts, Golem Foundation’s Octant smart contracts, Wordcoin’s Groth16 Verifier in the EVM smart contract, Cube3 Protocol, the Neokingdom DAO smart contracts, Ava Labs Teleporter Smart Contracts, and more.
Expertise: Solidity Smart Contracts; DeFi Protocols; DAOs
Mukesh has a long track record in security auditing. He has worked with a number of firms including Sherlock, Spearbit, and Least Authority, has been a bug bounty hunter on platforms such as Immunefi and Code4rena, and has experience as a penetration tester. Mukesh, who holds a computer science degree, has been recognized with a Kernel Fellowship from Gitcoin and is on an unending quest to enhance his knowledge of cybersecurity.
Mukesh has worked on projects including Data Lake Token, Vesting, and Consent smart contracts, Keep Network Solana smart contracts, Neokingdom DAO smart contracts, FilFi smart contracts, Zest Protocol, Golem Foundation’s Octant smart contracts,Cube3 Protocol, Web3MQ MetaMask Snaps implementation, Ava Labs Teleporter Smart Contracts, and more.
Expertise: Solidity Smart Contracts; Clarity Smart Contracts; DeFi Protocols; DAOs; MetaMask Snaps Implementations
Wanas is a polyglot software engineer with more than a decade of experience in multiple sectors. His interests include software architecture, the development and implementation of best practices, and their security implications for systems. Within the Web3 space, he is particularly interested in bridges and smart contracts within the Tezos, Stacks, and Ethereum ecosystems. In addition to analyzing Web3 code to discover security vulnerabilities, he likes to build software using both old and new technologies to maintain a balanced perspective.
Wanas has worked on security audits in multiple ecosystems, including Ethereum, Stacks, Tezos and others. Wanas has worked on projects including Alex Protocol, Althea Gravity Bridge, Trust Machine’s MultiSafe Wallet, Holochain’s Lair Keystore, Magic Protocol, Zest Protocol, Ava Labs Subnet EVM, and more.
Expertise: Smart Contracts; Consensus Protocols; Bridges; Cryptography
Jehad is a security auditor, software engineer, a PhD, and a published author. He is passionate about safeguarding internet freedom and seeks to improve information quality and data privacy through his contributions to securing decentralized technologies. Throughout his career, Jehad has navigated diverse professional landscapes, while continuously learning and adapting to different tech stacks with a particular focus on privacy and security.
Jehad has worked on security audits in multiple ecosystems including Ethereum, Cosmos, Mina, Tezos, Filecoin, and Stacks. Jehad has worked on projects including the Taho Wallet, MetaMask Snaps Extension Integration, multiple MetaMask Snaps implementations, Atomic Wallet, Sovryn’s Bi-directional FastBTC, Stacks Hiro Wallet, Stacks Alex Protocol, Dogecoin Core, Blox Staking Wallet, Clorio Wallet + Mina Ledger JS, Blank Browser Extension, ethdo, and more
Expertise: Smart Contracts; dApps; Wallets; Browser Extensions; Cryptography; Consensus Protocols; Bridges; MetaMask Snaps Implementations
Bernd has been in the tech industry for 15+ years. His passion for Web3 security was ignited in 2021, when a DeFi hack put a personal investment at risk. Thanks to fast action and his growing understanding of Solidity and EVM tooling, Bernd was able to withdraw his capital before it was lost to the attackers.
Bernd joined Oak Security as an auditor in 2022. He simultaneously participated in Code4rena, which helped hone his Web3 security skills. Bernd has worked on 50+ audits and has identified numerous vulnerabilities across a wide range of Solidity and CosmWasm DeFi protocols, wallets, bridges, VMs, and Cosmos SDK chains. He has worked on projects including Filecoin, Evmos, Badger, Nym, Wormhole, Anoma, Router, Noble, Cypher, and many more.
Bernd’s extensive background in development made learning new languages and parsing code easy and he’s working to broaden his understanding of other ecosystems and languages. Check out Bernd’s profile on Cantina and GitHub to find out more.
Languages: Solidity; CosmWasm; Go; Rust; Typescript
Expertise: DeFi Protocols; EVM; Cosmos SDK; NEAR ecosystem