Auditing Cryptographic Protocols with Nadim Kobeissi

SEAL Certifications with Isaac Patka

In this episode of CypherTalk, Isaac Patka, co-founder of Shield3 and certification lead at the Security Alliance (SEAL), joins Jade Doherty and Stefan Beyer to discuss the human, operational, and governance risks shaping Web3 security. From early smart contract bug hunting to incident response wargames, SEAL 911, Safe Harbor, and the launch of SEAL certifications, Isaac explains why security is no longer just about audits and code. The conversation explores how DeFi protocols can prepare for real incidents, why operational controls matter as much as smart contract reviews, and how AI is changing the threat landscape for both attackers and defenders. Isaac also shares practical insights on slowing down dangerous protocol actions, designing better incident response processes, and building a more mature security culture across crypto. Enjoyed the episode and want to get SEAL certified? Oak Security is a SEAL-approved provider, and can review and certify your protocol to make sure your operational security is as good as your smart contracts. Get in touch via https://oaksecurity.io/ [https://oaksecurity.io/]  Key topics Isaac’s path from electrical engineering and semiconductors to Web3 security How smart contract security has changed since the early Ethereum days The difference between audits, war games, threat modeling, and incident response How SEAL 911 helps coordinate emergency response across the crypto ecosystem SEAL certifications and why operational security needs its own standard Why SOC 2 and ISO do not fully capture Web3-specific risks Multisig operations, treasury controls, DNS security, DevOps, and identity management The rise of social engineering, insider threats, and operational attacks North Korea, Lazarus Group, and state-sponsored crypto threats How AI is expanding the attack surface for smaller protocols Why protocols should build in slowness, circuit breakers, and operational controls Sound Bites “An audit tries to prevent an incident and the war game tries to help you deal with an incident.” “Social engineering works for a reason. Humans are fallible.” “What is the slowest I can possibly make this and have it still be functional?” “People don’t think during the design process about where they should build slowness into the protocol.” “The core smart contracts have gotten a lot better, which has pushed the security risks to different parts.” “If more people would care from day one about operational controls or circuit breakers, that’s what I would want.” Resources Isaac Patka X https://x.com/isaacpatka [https://x.com/isaacpatka]Security Alliance / SEAL https://securityalliance.org/ [https://securityalliance.org/]SEAL Frameworks https://securityalliance.org/frameworks [https://securityalliance.org/frameworks]SEAL Incident Response Template https://frameworks.securityalliance.org/incident-management/incident-response-template/overview/ [https://frameworks.securityalliance.org/incident-management/incident-response-template/overview/] SEAL Certifications https://frameworks.securityalliance.org/certs/overview/ [https://frameworks.securityalliance.org/certs/overview/] Shield3 https://www.shield3.com/ [https://www.shield3.com/] Oak Security’s State of Web3 Security Report https://research.oaksecurity.io/ [https://research.oaksecurity.io/]

Bug Bounties with Joran Honig

Summary In this in-depth interview, Joran Honig, a renowned bug bounty hunter and security researcher, shares insights into finding crazy bugs, the differences between audits and bug bounties, and the role of AI in security workflows. Discover practical tips, mental models, and future trends in Web3 security and bug hunting. Key topics Edge case bugs and how to find them Differences between audits, bug bounties, and contest models The role of AI and automation in security research Tools and workflows for effective bug hunting Responsible disclosure and handling uncooperative projects   Sound Bites "AI can increase duplicates." "Grimoire guides audit tasks." "Flows help map complex code."   Resources Joran Honig X https://x.com/joranhonig Grimoire https://github.com/JoranHonig/grimoire Joran’s website https://joranhonig.nl/

Censorship Resistance with Shayan Eskandari

Summary In this in-depth interview, Shayan Eskandari shares his journey from security expert to privacy innovator, discussing censorship resistance, Web3 security, and the future of decentralized internet infrastructure. Discover how his project MoaV aims to empower users in restrictive environments and explore the role of blockchain in privacy and decentralization.   Soundbites "My belief in information being free drives everything." "My wife’s experience in Iran inspired Moav." "Privacy in blockchain is a complex, layered issue."   Resources The DAO Security Fund: https://qf.giveth.io/project/cyphertalk-podcast:-security-education-for-ethereum?roundId=16 [https://qf.giveth.io/project/cyphertalk-podcast:-security-education-for-ethereum?roundId=16] MoaV https://moav.sh/ [https://moav.sh/]  Shayan’s website https://shayan.es/ [https://shayan.es/] Shayan’s X https://x.com/sbetamc [https://x.com/sbetamc]

The State of Web3 Security with Diogo Patão from rekt.news

Summary This episode features a deep dive into two newly released reports on Web3 security by rekt.news and Oak Security, insights from industry experts, and discussions on the future of blockchain security. We explore recent hacks, the role of AI, and how the community can enhance security practices.   Soundbites "AI is here to help us, not just to attack." "Human attack vectors dominate the security issues." "Diversify your assets and protocols to stay safe."   Links The DAO Security Fund CypherTalk: https://qf.giveth.io/project/cyphertalk-podcast:-security-education-for-ethereum?roundId=16 [https://qf.giveth.io/project/cyphertalk-podcast:-security-education-for-ethereum?roundId=16] Rekt News: https://qf.giveth.io/project/rekt-news-ethereums-security-intelligence-layer?roundId=16 [https://qf.giveth.io/project/rekt-news-ethereums-security-intelligence-layer?roundId=16]   The Reports: Oak Security’s State of Web3 Security: https://research.oaksecurity.io/ [https://research.oaksecurity.io/]  Rekt News’ War Room Report: https://github.com/RektHQ/Reports/blob/main/Rekt_Security_Summit_War_Room_Report.pdf [https://github.com/RektHQ/Reports/blob/main/Rekt_Security_Summit_War_Room_Report.pdf]

Auditing Cryptographic Protocols with Nadim Kobeissi

Summary In this in-depth interview, Nadim Kobeissi shares his extensive experience in cryptography audits, the limitations of formal verification, responsible disclosure practices, and the future of cryptography and security, including post-quantum cryptography and AI's impact on cybersecurity.   Keywords cryptography, security audits, formal verification, post-quantum cryptography, zero-knowledge proofs, responsible disclosure, cryptographic protocols, AI cybersecurity, cryptography research, software security   Key Topics * Cryptography audit process and focus areas * Limitations of formal verification tools * Responsible disclosure methodology * Future threats in cryptography including AI and quantum computing * Educational tools for understanding cryptographic protocols   Sound Bites "Cryptography is about designing systems that are mathematically sound." "Claims of formal verification being bug-free are often exaggerated." "AI will be used to stockpile vulnerabilities and exploits."   Links Nadim’s website: https://nadim.computer/ [https://nadim.computer/] Nadim’s LinkedIn: https://www.linkedin.com/in/nadimkobeissi [https://www.linkedin.com/in/nadimkobeissi] https://symbolic.software/ [https://symbolic.software/] https://cure53.de/ [https://cure53.de/]