TheWeb3SecurityPodcast

The Web3 Security Podcast

The Web3 Security Podcast explores the discipline of Web3 security through conversations with leaders at prominent crypto and Web3 companies. Each episode delivers practical insights into security philosophies, strategic approaches, and vendor evaluation processes. Our guests share hard-earned lessons from the field, without revealing sensitive implementation details or vulnerabilities. We dive deep into the thinking behind security decisions, the challenges of protecting decentralized systems, and the strategies that actually work. Whether you're a CTO, security leader, or technical decision-...

Author

TheWeb3SecurityPodcast

Category

Technology

Latest episode

Apr 14, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Web3 CISO Open Source Dilemma: Why AI May Force Code To Go Dark | Haim Krasniker 14.04.2026

StarkWare's CISO bootstrapped the Israeli Air Force's penetration testing team before spending years across mobile forensics at Cellebrite, email security at Proofpoint, and enterprise DevSecOps at Red Hat. That depth across offensive and defensive disciplines is rare in Web3, and it shows in how Haim Krasniker thinks about protocol security. In this episode, Haim gets specific about the tradeoffs...

Polygon Labs' two-team security structure: where most Web3 breaches actually start | Mudit Gupta 04.03.2026

Most Web3 security conversations focus on smart contracts. Mudit Gupta, CTO of Polygon Labs, thinks that's the wrong place to be worried. In this episode, he makes the case that ZK infrastructure carries significantly more bugs than the smart contract layer — the reason large-scale exploits haven't happened yet isn't that the bugs don't exist, it's that the expertise required t...

Sky's zero-finding audit framework: Six-month onboarding and process investigation | Deniz Yilmaz 04.02.2026

When Sky's audits return serious issues, they don't just fix bugs and ship—they pull the brake and investigate what failed in their internal review process. Deniz Yilmaz, CTO of Sky Frontier Foundation, walks through the defensive layers behind USDS (third-largest stablecoin globally): six-month engineer onboarding requirements, spellcrafting governance with mandatory execution delays, and...

Web3 Security Podcast: DC Builder, Research Engineer at World Foundation 27.01.2026

World Foundation's proof of personhood system defended against an iris spoofing attack where users verified multiple times by pairing their left eye with someone else's right eye—exploiting uniqueness checks that operated on eye pairs rather than individuals. DC Builder, Research Engineer at World Foundation, explains the multimodal defense they deployed: continuous 3D heat mapping, time-of-flight...

How Solana achieved 2 years uptime after launching with $3M | Matt Sorg (Solana Foundation) 14.01.2026

When Solana dropped to $8 during FTX, Matt Sorg watched Twitter erupt while his validator network stayed focused on the technical roadmap. The VP of Technology at Solana Foundation had built something that would prove more valuable than hype: a technically aligned community shipping performance improvements on a quarterly cadence. Matt explains why Solana's early instability wasn't architectural i...

Coinbase's auditing standards with Shashank Agrawal 18.11.2025

Coinbase's security process protecting over $7 billion in TVL rejects the single-audit model common in DeFi. Shashank Agrawal, Senior Engineering Manager, Protocol Security at Coinbase, explains their multi-round validation approach: internal security teams (separated from product engineering) audit first, then external firms audit, and rounds continue until external auditors surface only lows and...

Ethereum Foundation's path to 10,000 TPS and Bitcoin's 51% attack risk | Justin Drake 05.11.2025

Justin Drake reveals Ethereum's infrastructure path to 1 gigagas per second—equivalent to 10,000 TPS and 10x Solana's current user transaction throughput—while operating validators on consumer hardware. As researcher on Ethereum Foundation's protocol architecture team, he details how ZK-EVM proof systems will eliminate the validator bottleneck within six years, enabling state verification on Raspb...

Cosmos Labs' 3 pivots in 6 months: Timeboxing experiments to find PMF | Barry Plunkett 21.10.2025

When the Interchain Foundation acquired Skip Protocol in 2024, Cosmos Labs inherited a 200-chain ecosystem with no commercial strategy and a massive security backlog. Barry Plunkett, co-CEO, explains how they systematically tested three strategic pivots in six months, killed two based on hard metrics, and found enterprise product-market fit by following "accidental traction" signals they'd initial...

Centrifuge's serial audits: 6 security reviews that reshaped RWA architecture | Jeroen Offerijns 14.10.2025

Maker's core accounting contract—the vat—has remained immutable for six years while processing tens of billions in TVL. Centrifuge is proving this isn't legacy thinking; it's the only approach that survives institutional custody requirements where protocol upgrades introduce unacceptable counterparty risk. Jeroen Offerijns, CTO of Centrifuge, explains why their $750M TVL RWA protocol runs 6-7 seri...

Safe's $60B security stack: Formal verification, audits, and $1M bounties | Richard Meissner 08.10.2025

Safe's smart account infrastructure secures $60B+ in TVL while handling over $1 trillion in cumulative transaction volume. Co-founder, Richard Meissner reveals how Safe is rebuilding its collaboration layer from scratch—replacing centralized transaction services with encrypted on-chain queues while preparing smart accounts for post-quantum cryptography through deterministic deployment standards. T...

Gnosis validator sniping attacks: How to harvest MEV through IP mapping | Sebastian Bürgel 24.09.2025

Sebastian Bürgel's modified Lighthouse client can map any Ethereum validator's public key to their IP address by collecting attestation signatures and tracking their network origin points. Once mapped, attackers can launch precisely-timed DDoS attacks during that validator's block production slot, forcing them offline and redirecting their MEV opportunities to the next validator in sequence. This...

Eigen Labs' 3-person team securing $23B in crypto: Restaking security at scale | Anto Joseph 10.09.2025

When you discover someone who found a way to decrypt every WhatsApp message through symmetric key reuse, then later designed Coinbase's ETH staking architecture that has never experienced a slashing event, you're looking at a rare breed of security engineer who bridges the exploit and defense mindsets perfectly. Anto Joseph, Principal Security Engineer at Eigen Labs, walks through his unconvention...

How to secure $70 billion in DeFi: Aave's approach to Web3 security at scale | Ernesto Boado (BGD Labs) 03.09.2025

What happens when you're responsible for $70 billion in user funds and every code change requires approval from hundreds of token holders? Ernesto Boado discovered that managing AAVE's security feels identical whether it's $10 million or $70 billion at stake—the key is abstract thinking that prevents paralysis while maintaining rigorous procedures. As co-founder of BGD Labs and former CTO of Aave,...

Polygon's 13-step multisig securing billions: Advanced governance security | Chris von Hessert 26.08.2025

What happens when a veteran Web2 security executive turns multisig ceremony coordinator at Polygon? The result: a crash course in how Web3 security demands both old-school fundamentals and bleeding-edge vigilance in protecting billions of dollars locked on-chain. Christopher von Hessert , VP of Security at Polygon , reveals how traditional security expertise from companies like IBM and ServiceNow...

Ethereum Foundation's 10-year bug bounty program: Security lessons | Fredrik Svantes 19.08.2025

Fredrik Svantes evolved from hunting World of Warcraft gold farmers to securing Ethereum's trillion-dollar ecosystem as the foundation's Security Research Lead. Running the world's oldest blockchain bug bounty program while spearheading initiatives to make Ethereum safe for both billion-user adoption and institutional trillion-dollar deployments, he offers rare insights into the security challenge...

Listen to the The Web3 Security Podcast podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.