About Taichi

Research first. Audit delivery built around it.

Independent / adversarial / source-level

Incubated by DeFiHackLabs and formed by core white-hat members, Taichi brings the habits of public contests, CTFs, exploit reconstruction, and long-form code research into focused security engagements for production systems.

How to evaluate us

Built in public, judged on evidence.

We want clients to see the thinking before they share a repository. That is why research and adversarial practice are part of the operating model, not a marketing layer.

  1. 01

    Can the work be inspected?

    Contest placements, CTF results, and public reports provide a harder signal than a list of claimed specialties.

  2. 02

    Does the reasoning reach source level?

    Our research walks through code paths, state transitions, and math—not only vulnerability taxonomies.

  3. 03

    Does the process survive remediation?

    A finding is not finished when it is reported. The patch and adjacent behavior need another adversarial pass.

01

Independent coverage

At least two researchers review each engagement, splitting coverage by subsystem, risk class, and protocol flow.

02

Exploit-informed prompts

Production incidents become concrete review questions for callbacks, accounting, oracle use, and integration assumptions.

03

Tool-assisted judgment

LLMs and static analysis widen coverage. Researchers own threat models, exploitability, and final conclusions.

04

Fix review by default

Patched code receives a focused pass against the root cause and nearby paths—without treating remediation as an add-on.

Technical coverage

Most useful where protocol-specific logic matters.

We focus on state transitions, accounting invariants, proof verification, and the off-chain assumptions that generic checklists often flatten.

Share a scope

Solidity / EVM

Lending, vaults, DEXs, bridges, wrappers, upgradeable systems

Solana

Anchor constraints, PDAs, CPI flows, Token and Token2022 behavior

Move

Aptos and Sui resources, capabilities, objects, packages, upgrades

CosmWasm / Cairo

Message routing, state machines, account flows, protocol integrations

ZK systems

Verifier wiring, proof-dependent state changes, circuit assumptions

Hybrid products

Exchange APIs, wallets, signing boundaries, backends, custody-adjacent flows

Protocol math

Shares, liquidity, rounding, rates, solvency, economic invariants

Integration edges

Callbacks, adapters, oracles, tokens, cross-protocol assumptions