Independent coverage
At least two researchers review each engagement, splitting coverage by subsystem, risk class, and protocol flow.
Independent / adversarial / source-level
Incubated by DeFiHackLabs and formed by core white-hat members, Taichi brings the habits of public contests, CTFs, exploit reconstruction, and long-form code research into focused security engagements for production systems.
We want clients to see the thinking before they share a repository. That is why research and adversarial practice are part of the operating model, not a marketing layer.
Contest placements, CTF results, and public reports provide a harder signal than a list of claimed specialties.
Our research walks through code paths, state transitions, and math—not only vulnerability taxonomies.
A finding is not finished when it is reported. The patch and adjacent behavior need another adversarial pass.
At least two researchers review each engagement, splitting coverage by subsystem, risk class, and protocol flow.
Production incidents become concrete review questions for callbacks, accounting, oracle use, and integration assumptions.
LLMs and static analysis widen coverage. Researchers own threat models, exploitability, and final conclusions.
Patched code receives a focused pass against the root cause and nearby paths—without treating remediation as an add-on.
We focus on state transitions, accounting invariants, proof verification, and the off-chain assumptions that generic checklists often flatten.
Share a scopeLending, vaults, DEXs, bridges, wrappers, upgradeable systems
Anchor constraints, PDAs, CPI flows, Token and Token2022 behavior
Aptos and Sui resources, capabilities, objects, packages, upgrades
Message routing, state machines, account flows, protocol integrations
Verifier wiring, proof-dependent state changes, circuit assumptions
Exchange APIs, wallets, signing boundaries, backends, custody-adjacent flows
Shares, liquidity, rounding, rates, solvency, economic invariants
Callbacks, adapters, oracles, tokens, cross-protocol assumptions
Real exploit reproductions inform the questions we ask during review.
ExploreExploit construction and challenge writeups keep adversarial execution in the review loop.
ExploreLong-form source notes show the shape of the analysis behind each engagement.
Read research