We believe that security is best achieved by delivering a consistent, methodical security auditing experience that’s designed to fit the specific characteristics of decentralized systems and the teams building them.

**************************************************

Let’s get started.

We value integrity, excellence, innovation, and evolution. Our mission is to manifest these core tenets in the work that we do.

We seek to provide rigorous and comprehensive security audits that are coherent and consistent in their methodology and approach.

This is the Defense Security Standard.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
thesis-defense-logo

What we offer

From design to post-deployment, we believe that robust security is realized only through the sum of its parts. Our goal is to raise the bar for security by elevating and refining everything we’ve already accomplished, in accordance with the Defense Security Standard.

We audit both on-chain and off-chain components across a variety of languages, ecosystems, and technologies.

  • Solidity
  • TypeScript
  • JavaScript
  • Rust
  • Go
  • Circom
  • Ethereum
  • Bitcoin
  • Polygon
  • Zcash
  • Cosmos
  • Mina
  • Smart Contracts
  • Wallets / Browser Extensions
  • Bridges
  • Consensus Mechanisms
  • Cryptographic Protocols
  • ZK Cryptography

Who we are

Our team is long-established in the crypto space, demonstrating a breadth of knowledge and experience. This is combined with an ability to conduct a methodical, rigorous security analysis and assessment approach that adheres to security best practices and industry standards.

We bring a wealth and diversity of expertise and unsurpassed experience, across a broad spectrum of languages and ecosystems.

Team
Hind Kurhan
Hind Kurhan
Co-Founder

Hind is a security auditing veteran who has held senior leadership roles at Consensys Diligence and Least Authority. She moved into Web3 after building a career in Web2 operations and project management and humanitarian work. Her commitment to using decentralized technology to lay the groundwork for a world where justice prevails over power stems from her experience in technology and international development, coupled with direct exposure to people disenfranchised by the inequitable distribution of income, goods, and resources.

By applying the core tenets of web3, Hind hopes we can together resolve some of the world’s most challenging issues:from gender inequity and the exploitation of personal information, to global disparities in global wealth and income and the outsized impact of climate change on the impoverished.

Bashir Abu-Amr
Bashir Abu-Amr
Head of Delivery

Bashir is an economist by training, with a financial analysis and business management background. Although he was first attracted to the Web3 space by cryptocurrency and decentralized finance, he has since discovered that decentralized technology has many powerful and promising applications that have the potential to be an agent of positive change, fostering the betterment of our global community.

Bashir has been working with security research teams as a senior project manager and technical writer for more than three years, over the course of which he has worked on 100+ security audits.

Shane Farrell
Shane Farrell
Marketing Manager

Shane moved into web3 after a decade working as a journalist and humanitarian in the Middle East, and co-launching his own data security business. He worked as a Communications Specialist for Least Authority, an auditing firm, and as a Researcher/Script Writer for Coin Bureau, where he worked on over 50 videos for the channel (> 2 million subs).

Shane enjoys the challenge of bridging the communication gap between high-level technical experts and the broader public. As Marketing Manager, he hopes to showcase the auditing talent at Thesis Defense while promoting a broader understanding of security challenges and solutions in the crypto ecosystem.

Rawan Abusbeitan
Rawan Abusbeitan
Operations Mananger

Rawan comes from a TradFi background with over 11 years’ experience in banking, spanning multiple functions from financial analysis to corporate credit and customer relationship management. Fluent in Arabic and English, Rawan has worked in multiple markets across the Middle East and Europe and is particularly skilled at improving operational efficiencies and building synergies between colleagues.

Her passion for innovation and digital finance has drawn her to blockchain technology and the transformative potential of web3. Her extensive experience, strong work ethic and problem-solving mindset are key to maintaining the seamless operations at Thesis Defense.

Justin Regele
Justin Regele
Security Auditor & Engineer

Justin has been working as a penetration tester for 8 years and more broadly in cybersecurity for more than 11. He is OSCP- and OSWE-certified, has spoken at ShmooCon and TrustX conferences, and has practiced his penetration testing skills in real life in the past by climbing up trees to enter through unlocked back doors (his own).

Justin has worked on security audits for Cosmos, Mina, Tezos, Filecoin, and Ethereum, in addition to many wallet implementations. Justin has worked on projects including the MetaMask Snaps Extension Integration, Stacks Hiro Wallet, Tezos Kukai Wallet, Loopring’s Circuit Implementation, Mina Signer SDK + Staking Power Wallet, and more.

Languages: Javascript; Typescript; Solidity; C/C++; Rust; Go

Expertise: Penetration Testing; Wallets; Browser Extensions; Cryptography; MetaMask Snaps Implementations

Alpha
Alpha
Security Auditor and Engineer

Alpha has more than 15 years of experience in auditing, penetration testing, network security, applied cryptography, and application security. In 2019, while working as a blockchain ecosystem security researcher, Alpha realized there was a significant amount of work to be done in securing decentralized technology.

In addition to working as a Thesis Defense security researcher and auditor, Alpha participates in various contest platforms and firms, conducts private audits, and participates in bug bounties. He has contributed his skills to a wide range of ecosystems and projects including the Ethereum Beacon Chain, Althea Gravity Bridge, Tendermint Core, Cosmos SDK, Holochain’s Lair Keystore, Matrix vodozemac, Umee’s Peggo Orchestrator, Holochain’s Deterministic Integrity crate, Ava Labs Subnet EVM, and more.

Languages: Go; Rust; Solidity

Expertise: Secure Messaging; Consensus Protocols; Key Management; Access Control; Blockchain Communication Protocols; Distributed Systems

Ahmad Jawid Jamiulahmadi
Ahmad Jawid Jamiulahmadi
Security Auditor and Engineer

Jawid has been working as a software engineer since 2014 and has been an active Ethereum contributor since 2016. He has a passion for blockchain technology's transformative potential and is particularly interested in how decentralized systems can revolutionize security and data privacy for finance.

Jawid has worked on a variety of smart contract protocol security audits including Data Lake Token, Vesting, and Consent smart contracts, Sovryn’s Bi-directional FastBTC, PiSwap Protocol, FilFi smart contracts, Endaoment V2 smart contracts, Golem Foundation’s Octant smart contracts, Wordcoin’s Groth16 Verifier in the EVM smart contract, Cube3 Protocol, the Neokingdom DAO smart contracts, Ava Labs Teleporter Smart Contracts, and more.

Languages: Solidity; JavaScript; TypeScript; Java; C; C#

Expertise: Solidity Smart Contracts; DeFi Protocols; DAOs

Mukesh Jaiswal
Mukesh Jaiswal
Security Auditor & Engineer

Mukesh has a long track record in security auditing. He has worked with a number of firms including Sherlock, Spearbit, and Least Authority, has been a bug bounty hunter on platforms such as Immunefi and Code4rena, and has experience as a penetration tester. Mukesh, who holds a computer science degree, has been recognized with a Kernel Fellowship from Gitcoin and is on an unending quest to enhance his knowledge of cybersecurity.

Mukesh has worked on projects including Data Lake Token, Vesting, and Consent smart contracts, Keep Network Solana smart contracts, Neokingdom DAO smart contracts, FilFi smart contracts, Zest Protocol, Golem Foundation’s Octant smart contracts,Cube3 Protocol, Web3MQ MetaMask Snaps implementation, Ava Labs Teleporter Smart Contracts, and more.

Languages: Solidity; Javascript; Typescript; Clarity; Rust

Expertise: Solidity Smart Contracts; Clarity Smart Contracts; DeFi Protocols; DAOs; MetaMask Snaps Implementations

Jehad Baeth
Jehad Baeth
Security Auditor & Engineer

Jehad is a security auditor, software engineer, a PhD, and a published author. He is passionate about safeguarding internet freedom and seeks to improve information quality and data privacy through his contributions to securing decentralized technologies. Throughout his career, Jehad has navigated diverse professional landscapes, while continuously learning and adapting to different tech stacks with a particular focus on privacy and security.

Jehad has worked on security audits in multiple ecosystems including Ethereum, Cosmos, Mina, Tezos, Filecoin, and Stacks. Jehad has worked on projects including the Taho Wallet, MetaMask Snaps Extension Integration, multiple MetaMask Snaps implementations, Atomic Wallet, Sovryn’s Bi-directional FastBTC, Stacks Hiro Wallet, Stacks Alex Protocol, Dogecoin Core, Blox Staking Wallet, Clorio Wallet + Mina Ledger JS, Blank Browser Extension, ethdo, and more

Languages: JavaScript; Typescript; Java, Python Go; Clarity

Expertise: Smart Contracts; dApps; Wallets; Browser Extensions; Cryptography; Consensus Protocols; Bridges; MetaMask Snaps Implementations

Bernd Artmüller
Bernd Artmüller
Security Auditor & Engineer (Independent Contractor)

Bernd has been in the tech industry for 15+ years. His passion for Web3 security was ignited in 2021, when a DeFi hack put a personal investment at risk. Thanks to fast action and his growing understanding of Solidity and EVM tooling, Bernd was able to withdraw his capital before it was lost to the attackers.

Bernd joined Oak Security as an auditor in 2022. He simultaneously participated in Code4rena, which helped hone his Web3 security skills. Bernd has worked on 50+ audits and has identified numerous vulnerabilities across a wide range of Solidity and CosmWasm DeFi protocols, wallets, bridges, VMs, and Cosmos SDK chains. He has worked on projects including Filecoin, Evmos, Badger, Nym, Wormhole, Anoma, Router, Noble, Cypher, and many more.

Bernd’s extensive background in development made learning new languages and parsing code easy and he’s working to broaden his understanding of other ecosystems and languages.

Check out Bernd’s profile on Cantina and GitHub to find out more.

Languages: Solidity; CosmWasm; Go; Rust; Typescript

Expertise: DeFi Protocols; EVM; Cosmos SDK; NEAR ecosystem

j4x
J4X
Security Auditor & Engineer (Independent Contractor)

J4X, a computer science enthusiast, discovered a passion for smart contract security through competing in Capture The Flag events. As the former team captain of the best Austrian CTF Team LosFuzzys, J4X honed his cybersecurity skills while navigating the complexities of CTFs all over the world. Before delving into smart contract security, J4X specialized in Web2 penetration testing, gaining valuable insights into traditional cybersecurity practices.

J4X's expertise extends to focusing on DeFi protocols, particularly those on Substrate and in the EVM, where a meticulous approach to auditing ensures robust security measures. Beyond the technical realm, J4X harbors a strong interest in mathematics and finances, which enhances his understanding of the intricate mechanisms underpinning decentralized finance.

Check out J4X’s profile on Code4rena, Cantina, and his website to find out more.

Languages: Solidity; Yul; Rust; C; C++; Java; Python

Expertise: DeFi; Substrate; EVM

defsec
defsec
Security Auditor & Engineer (Independent Contractor)

With a solid foundation spanning over a decade in Web2 Security, and currently serving as the independent contractor for Web3 security firms, defsec's expertise is broad and multi-faceted. His portfolio boasts collaborations with leading projects in the realms of Decentralized Finance (DeFi), blockchain bridges, and Layer 1 (L1) chains. His proficiency in these domains has not only been acknowledged by industry peers but has also contributed significantly to the security and reliability of many projects.

defsec's prowess as a security expert is further underscored by his impressive record in bug bounty hunting. Through his meticulous assessments and unparalleled attention to detail, he has successfully identified and rectified vulnerabilities that have prevented potential asset losses amounting to over 10 million.

Driven by a passion for ensuring the security and integrity of complex protocols, defsec remains eager and committed to confronting and conquering the intricate challenges posed by the rapidly evolving world of Web3.

Check out defsec’s profile on Code4rena to find out more.

Languages: Solidity; CosmWasm; Rust; Typescript; Yul; Golang; Java

Expertise: DeFi; Cosmos SDK; EVM; NEAR Ecosystem

defsec
r0bert
Security Auditor & Engineer (Independent Contractor)

3 years ago, r0bert embarked on a specialized journey within the Web3 ecosystem and emerged as a pivotal security sentinel in the Decentralized Finance and blockchain domains. As a Security Researcher that has worked for multiple web3 security firms, r0bert has meticulously audited a wide spectrum of notable projects, including algorithmic stable coins, lending protocols, decentralized exchanges (DEXes), AMMs, DAOs, and blockchain games.

His adept skills in utilizing tools like Medusa, Echidna and Foundry for fuzzing smart contracts have fortified the security of all types of DeFi protocols. r0bert’s expertise is not confined to auditing; as a seasoned smart contract developer and an active participant in bug bounty platforms, he ensures a 360-degree approach to Web3 security. His journey, enriched with the exploration and securing of blockchain technologies, is not only a testament to his expertise but also a commitment to fortifying the decentralized world against evolving threats. For example, in September 2022, r0bert discovered a bug in a live protocol with 14 million TVL and he quickly informed the project to correct the issue before it could be exploited.

Check out r0bert’s profile on Cantina to find out more.

Languages: Solidity; Vyper; Circom; Python

Expertise: DeFi; EVM; Fuzzing

slowfi
slowfi
Security Auditor & Engineer (Independent Contractor)

Luis Buendia (slowfi) specialized in web penetration testing after studying computer science. After an early career marked by significant achievements in external intrusions and WAF bypass within the telecommunications and banking industries, Luis transitioned to the Web3 sector in 2021. He joined Halborn where his skill in uncovering hard-to-spot vulnerabilities came to the forefront before working as an independent contractor for top-tier security firms, engaging with a broad spectrum of projects. His portfolio includes work on advanced DeFi applications such as AMMs with both constant function market maker and concentrated liquidity models, lending and borrowing protocols, algorithmic stable coins, bridges, insurance protocols, strategies, liquidity staking, account abstraction projects, and DAOs. His efforts have been instrumental in safeguarding assets exceeding $400 million in TVL.

Currently, Luis focuses on EVM-compatible L1 and L2 infrastructures, in addition to ZK environments that integrate seamlessly with EVM systems. He leverages advanced fuzzing techniques using Foundry, while also exploring the Cairo and Rust ecosystems to enhance his capability in securing cutting-edge blockchain technologies.

Check out Luis' profile on Cantina and LinkedIn to find out more.

Languages: Solidity; Yul; Vyper; Python; Javascript/Typescript; Cairo

Expertise: AMMs (constant function and concentrated liquidity); Lending and Borrowing Protocols; Fuzzing; EVM-Compatible ZK Environments; Browser Wallets

Soltho
Solthodox
Security Auditor & Engineer (Independent Contractor)

Solthodox's passion for finance and blockchain technology led him to pursue a career as a Solidity smart contract engineer. With nearly two years of development experience, he has worked on various projects and startups within the blockchain space. His expertise lies in utilizing Solidity, Vyper, Foundry, Echidna, and other tools to build and secure the DeFi ecosystem. Additionally, he has mastered several DeFi protocols, such as AMMs and yield farming strategies.

Leveraging his strong foundation in Ethereum, Solthodox transitioned to security auditing. Solthodox participated in his first two contests at Cantina, achieving Top 10 and 13 placements. Building upon this success, Solthodox has conducted several private audits. Solthodox’s approach focuses on constructing custom testing environments to unearth hidden vulnerabilities and edge cases through fuzzing, invariant testing, and static analysis.

Driven by a continuous desire for learning and exploration, Solthodox remains dedicated to ongoing professional development. Currently in the process of mastering formal verification, a powerful and sophisticated approach that will elevate his work to the next level in terms of security and robustness.

Check out Solthodox’s profile on Twitter and GitHub, and his portfolio at his website.

Languages: Solidity; Yul; Vyper; Python; Javascript/Typescript; Rust

Expertise: EVM; Defi; Fuzzing; Yield Farming Strategies

thesis-defense-logo

**************************************************

Let’s get started.