Kaihua Qin
@KaihuaQIN
Transparency, a cornerstone of #blockchain and #DeFi, can paradoxically enable malpractices like "copy-paste" attacks. In our latest blog post, we unravel these practices, termed as the imitation game, drawing insights from our groundbreaking paper "The Blockchain Imitation…
The submission deadline to the ACM CCS workshop on Decentralized Finance and Security has been extended to July 28, 2025 (AoE). Thanks to our incredible program committee & chairs. @yaish_aviv @christoftorres @alexcryptan @chendaLiu @PulpSpy @jgorzny @0xlf_ @manv_sc @pszalach…
The submission deadline for ACM CCS Workshop on Decentralized Finance and Security (DeFi'25) was extended to July 28th, 2025 (AoE). Submissions are welcome :) defiwork.shop
Back in grad school, when I realized how the “marketplace of ideas” actually works, it felt like I’d found the cheat codes to a research career. Today, this is the most important stuff I teach students, more than anything related to the substance of our research. A quick…
We made a smart move last year. Together with @KaihuaQIN , we launched the Best DeFi paper Award at DeFi'24, not just to spotlight great papers from the past year, but to make space for reflection. defiwork.shop
Join us at DeFi’25: Workshop on Decentralized Finance & Security, Co-located with ACM CCS 2025 on October 17, 2025. Submission deadline: July 21, 2025 (AoE) Thanks to our incredible program committee & chairs for making this happen: @yaish_aviv @christoftorres @alexcryptan…
🔓 99+% of Ethereum contracts are closed-source. We built an LLM that decompiles their bytecode — and exposes what’s inside. Readable. Auditable. Battle-tested. Not a toy. Try it now 👉 evmdecompiler.com 📄 arxiv.org/abs/2506.19624 w/ @mercuryheavens @lzhou1110…
1/ 🔥 AI agents are reaching a breakthrough moment in cybersecurity. In our latest work: 🔓 CyberGym: AI agents discovered 15 zero-days in major open-source projects 💰 BountyBench: AI agents solved real-world bug bounty tasks worth tens of thousands of dollars 🤖…
Many sophisticated MEV bot contracts use control flow obfuscation techniques to protect their logic. However, this also causes existing tools to struggle with analyzing obfuscated smart contracts, leaving critical vulnerabilities hidden. Excited to share our solution: SKANF (1/n)
One of the top arbitrage bots was drained yesterday with a total loss of 22 Eth by a token called Destroyer Inu. Attacker even made his contract open source on etherscan lol. Not a huge event but didn't see any attacks on MEV bots for quite a long time.
So, I tried something new today. I explicitly told AI to use me as a tool... The result? A deep dive into a recent DeFi exploit that drained ~$285K, in just 10 mins. Here is how it went: (1/8)
Privacy wins. Today the Fifth Circuit held that @USTreasury’s sanctions against Tornado Cash smart contracts are unlawful. This is a historic win for crypto and all who cares about defending liberty. @coinbase is proud to have helped lead this important challenge. 1/6
We've got a new Website with a new App domain! Check it out to simplify any transaction, fuzz contracts or get a deep audit.
⚠️ New Ethereum attack alert: Contract 0x62f250cf7021e1cf76c765dec8ec623fe173a1b5 allows anyone to add liquidity to veth/vtoken pool via the 0x6c0472da function with the money borrowed from takeLoan function. Our analysis tool has discovered and simplified (by 88%!) the…
Looking forward to the keynote “Modern Blockchains for the Modern Security Engineer” by @GDanezis from @Mysten_Labs at the @acm_ccs DeFi Workshop! Happening Oct 18th in Salt Lake City—don’t miss it 😀. More at defi.security.
Proud to welcome SlowMist as a Silver Sponsor for DeFi.security! SlowMist specializes in blockchain security and Anti-Money Laundering (AML) solutions. Learn more: slowmist.com
Thrilled to have BlockSec as a Silver Sponsor for DeFi.security! BlockSec provides full-stack blockchain security, from audits to real-time threat monitoring. Learn more: blocksec.com.
Excited to announce Quantstamp as the Gold Sponsor for the CCS DeFi Security Workshop (DeFi.security)! Since 2017, Quantstamp has secured billions in digital assets, working with top names in web3. Learn more: quantstamp.com.
🗣️ New Speakers 🗣️ Curious about the latest advancements? 🤔 These experts will share insights that are sure to level up your knowledge! - Giacomo Giuliari, @Mysten_Labs - @yapignolet, @dfinity - @dsalvh, @DuneAnalytics - @AndBracciali, @unito - @KaihuaQIN, @d23e_AG -…
My talk at Princeton Decenter about DoS attacks on Ethereum. tinyurl.com/3uxru72s Paper link: eprint.iacr.org/2023/956 Joint work with @yaish_aviv @HatforceSec @KaihuaQIN @lzhou1110