Shows
The Web3 Security PodcastEthereum Foundation's path to 10,000 TPS and Bitcoin's 51% attack risk | Justin DrakeJustin Drake reveals Ethereum's infrastructure path to 1 gigagas per second—equivalent to 10,000 TPS and 10x Solana's current user transaction throughput—while operating validators on consumer hardware. As researcher on Ethereum Foundation's protocol architecture team, he details how ZK-EVM proof systems will eliminate the validator bottleneck within six years, enabling state verification on Raspberry Pis while scaling capacity 500x through annual 3x gas limit increases.
The technical requirements are crystallizing rapidly. Real-time proving now achieves sub-12 second latencies (one Ethereum slot) with under 10kW power consumption—accessible in standard home electrical systems rather than data center infrastructure. Drake frames...
2025-11-051h 23
The Web3 Security PodcastCosmos Labs' 3 pivots in 6 months: Timeboxing experiments to find PMF | Barry PlunkettWhen the Interchain Foundation acquired Skip Protocol in 2024, Cosmos Labs inherited a 200-chain ecosystem with no commercial strategy and a massive security backlog. Barry Plunkett, co-CEO, explains how they systematically tested three strategic pivots in six months, killed two based on hard metrics, and found enterprise product-market fit by following "accidental traction" signals they'd initially ignored.
First pivot: ZK-based IBC bridging to Ethereum paired with Skip Go's interop API. They timeboxed three months to the Babylon Bitcoin LST launch as a forcing function. Volume data post-launch killed the thesis—existing bridges were "pretty good" and marginal improvements do...
2025-10-211h 14
The Web3 Security PodcastCentrifuge's serial audits: 6 security reviews that reshaped RWA architecture | Jeroen OfferijnsMaker's core accounting contract—the vat—has remained immutable for six years while processing tens of billions in TVL. Centrifuge is proving this isn't legacy thinking; it's the only approach that survives institutional custody requirements where protocol upgrades introduce unacceptable counterparty risk.
Jeroen Offerijns, CTO of Centrifuge, explains why their $750M TVL RWA protocol runs 6-7 serial audits rather than parallel reviews on a final commit hash. The goal isn't redundant coverage—it's forcing architectural iteration between audits. Low-severity findings don't get dismissed; they trigger contract redesigns before issues compound. This matters when tokenizing Apollo's private credit or S&P...
2025-10-141h 05
The Web3 Security PodcastSafe's $60B security stack: Formal verification, audits, and $1M bounties | Richard MeissnerSafe's smart account infrastructure secures $60B+ in TVL while handling over $1 trillion in cumulative transaction volume. Co-founder, Richard Meissner reveals how Safe is rebuilding its collaboration layer from scratch—replacing centralized transaction services with encrypted on-chain queues while preparing smart accounts for post-quantum cryptography through deterministic deployment standards.
Topics discussed:
Safe Harbor's permissionless transaction queue migrating from contract storage to event-based and blob storage to reduce costs while maintaining consensus-layer availability guarantees
Validator network architecture in frictionless queues performing spam protection and integrity checks on encrypted payloads before paymaster-sponsored on-chain submission
Asymmetric encryption implementation using shared ke...
2025-10-081h 10
The Web3 Security PodcastGnosis validator sniping attacks: How to harvest MEV through IP mapping | Sebastian BürgelSebastian Bürgel's modified Lighthouse client can map any Ethereum validator's public key to their IP address by collecting attestation signatures and tracking their network origin points. Once mapped, attackers can launch precisely-timed DDoS attacks during that validator's block production slot, forcing them offline and redirecting their MEV opportunities to the next validator in sequence.
This network-layer exploit operates entirely outside the smart contract security model that most teams focus on, yet threatens the economic assumptions underlying Ethereum's consensus mechanism. As VP of Technology at Gnosis and founder of HOPR's privacy infrastructure, Sebastian demonstrates how current validator s...
2025-09-241h 07
The Web3 Security PodcastEigen Labs' 3-person team securing $23B in crypto: Restaking security at scale | Anto JosephWhen you discover someone who found a way to decrypt every WhatsApp message through symmetric key reuse, then later designed Coinbase's ETH staking architecture that has never experienced a slashing event, you're looking at a rare breed of security engineer who bridges the exploit and defense mindsets perfectly.
Anto Joseph, Principal Security Engineer at Eigen Labs, walks through his unconventional path from exploiting Need for Speed CD keys in fourth grade to architecting some of crypto's most critical infrastructure. His work spans Intel's hardware security for retinal laser displays, Tinder's location privacy systems handling millions of users...
2025-09-101h 10
The Web3 Security PodcastHow to secure $70 billion in DeFi: Aave's approach to Web3 security at scale | Ernesto Boado (BGD Labs)What happens when you're responsible for $70 billion in user funds and every code change requires approval from hundreds of token holders? Ernesto Boado discovered that managing AAVE's security feels identical whether it's $10 million or $70 billion at stake—the key is abstract thinking that prevents paralysis while maintaining rigorous procedures.
As co-founder of BGD Labs and former CTO of Aave, Ernesto reveals how they've kept the world's largest DeFi protocol secure through systematic auditor evaluation, strategic upgrade decisions, and a hands-on approach to security research relationships. His contrarian take on bug bounties and practical insights into decentralized governance of...
2025-09-031h 18
The Web3 Security PodcastPolygon's 13-step multisig securing billions: Advanced governance security | Chris von HessertWhat happens when a veteran Web2 security executive turns multisig ceremony coordinator at Polygon? The result: a crash course in how Web3 security demands both old-school fundamentals and bleeding-edge vigilance in protecting billions of dollars locked on-chain.
Christopher von Hessert, VP of Security at Polygon, reveals how traditional security expertise from companies like IBM and ServiceNow translates into defending against everything from North Korean IT workers to AI-generated phishing campaigns. His journey from managing ServiceNow's global security team to orchestrating multisig upgrades from Amsterdam studios highlights the evolving demands of Web3 security leadership.
But von...
2025-08-261h 08
The Web3 Security PodcastEthereum Foundation's 10-year bug bounty program: Security lessons | Fredrik SvantesFredrik Svantes evolved from hunting World of Warcraft gold farmers to securing Ethereum's trillion-dollar ecosystem as the foundation's Security Research Lead. Running the world's oldest blockchain bug bounty program while spearheading initiatives to make Ethereum safe for both billion-user adoption and institutional trillion-dollar deployments, he offers rare insights into the security challenges of protecting critical infrastructure at unprecedented scale.
His contrarian stance on replacing reactive blacklists with protocol-level whitelists, combined with hard-won lessons from coordinating the merge and subsequent upgrades, reveals how Ethereum balances decentralization with protection. From managing AI spam in bug reports to designing crowdsourced...
2025-08-191h 02