What a year it was for Hexens in 2023! We filled up to the brim with amazing achievements to shake up the Web3 space and to bring you the very best in cybersecurity. In one year alone, we:

1. Secured top emerging technologies in Web3, including zkEVM and zkVM blockchains, liquid staking and restaking solutions, and more, uncovering a median 2.5 critical and high vulnerabilities per audit and safeguarding a whooping $55b in assets in the process.
2. Announced Remedy, our one-stop shop for all things Web3 security that promises to change the game by addressing the entire security life cycle of any project in the space.
3. Grew a robust community of security experts, helping them expand their knowledge base with online workshops, ask me anythings (AMAs), fun challenges and more.
4. Launched Vulnerapedia, a community-led initiative that looks to build the most comprehensive library on security vulnerabilities in Web3.
5. Attended every major Web3 event out there to spread awareness about the company and learn first-hand about the many amazing things happening in the industry.
6. Expanded our team across virtually every continent on the globe, involving some of the brightest minds in the space to bring you even more in the new year.

Let’s dive in.

Achieving Security Excellence

In 2023 alone, Hexens conducted just under 40 smart contract security reviews for industry giants ranging from Polygon zkEVM and EigenLayer to Lido, 1inch and others, achieving a perfect 1:1 ratio for the number of smart contract audit reports submitted and critical vulnerabilities found.

A further 70+ high and hundreds of other flaws of varying criticality were identified throughout the year, safeguarding a whooping $55b in assets in the process.

Working outside its regular auditing flow, Hexens responsibly disclosed over 20 critical and high vulnerabilities to projects already deployed in the space free of charge as a symbol of its commitment to making Web3 a safer place for all.

Announcing Remedy

In June, Hexens announced Remedy, a revolutionary, full-service Web3 security platform designed to remedy the devastating security shortcomings decimating the space by addressing every aspect of the security life cycle of a project in the ecosystem.

Destined for white-hats, ecosystems, DeFi and other blockchain applications, Remedy is equipped with cutting-edge features, including a flagship, EVM-native query engine, an easy-to-onboard bug bounty hosting service offering superior UI/UX that's predicated on the principle of fairness, and a zero-knowledge proof-backed proof of duplicate.

The engine was recently battle-tested during a major industry breach that hit thousands of smart contracts across multiple projects and had the best and brightest scrambling for days. Meanwhile, Remedy’s engine detected the vulnerability at the heart of the attack in an astonishing 10 minutes.

Remedy also offers high-quality triage services for reports submitted in the framework of a bug bounty flow free of charge. The infamously tedious task will be carried out by Hexens’ expert team of security professionals for the time benefit of projects.

Predicated on the principle of fairness, the Remedy bug bounty service is designed to address key shortcomings of existing bug bounties by:

1. Providing hunters irrefutable proof of the duplicacy of a security finding through Remedy’s zero-knowledge duplicate prover.
2. Securing fair and impartial mediation between hunters and protocols through Remedy’s legal and tech teams to work towards the just and timely compensation of hunters for the ethical disclosure of a security finding through the Remedy platform.

Remedy is presently onboarding projects in anticipation of its grand launch among the global community of ethical hunters. The platform endgame is to elevate security in Web3 above and beyond existing security services for Web2 and Web3 by safeguarding every project in the space.

Growing a Community

In an effort to grow its fledgling community of security experts and dabblers, Hexens launched several community-driven events, including ask me anythings (AMAs) with the upper echelons of the company’s senior executives, and X Spaces with prominent members of the Web3 community.

Crucial to this effort was Hexens’ partnership with Secureum, a self-described “effort towards education and evaluation of Ethereum security.”

The announcement of RACE-24, a 12-question smart contract security quiz designed by Hexens co-founder and CTO and Secureum mentor Vahe Karapetyan, mobilized just under 140 runners.

The top 32 contenders, joined by 16 more researchers who successfully completed the Remedy closed beta challenge organized internally by Hexens prior to RACE-24, were invited to attend an online workshop for a chance to pilot the closed beta of the platform. The workshop featured insightful talks about static analysis and other related topics, as well as gave its top attendants a chance to access a monetary prize pool.

RACE-24 was promptly followed by Secureum Bootcamp, its flagship event dedicated to educating and onboarding security enthusiasts into smart contract security auditing.

Upon attending a series of talks about writing advanced queries, edge cases in auditing and more, hosted by various members of the Hexens team, the attendants were invited to complete two query tasks.

The three security researchers who submitted the most advanced and original queries received monetary prizes for their contributions.

Hexens also launched Vulnerapedia, a comprehensive library on security vulnerabilities in Web3 to encourage learning in the budding field of Web3.

A community-driven effort, the wiki-style page has enjoyed massive growth thanks to a steady stream of contributions from community members eager to share their extensive knowledge of basic and complex Web3 concepts. The site currently features over 300 in-depth articles, with more added on a daily basis.

Looking to have an impact? Join our growing community of security experts on Discord and leave your mark on Web3 adoption by shining a light on the technology and its underlying principles.

Going Global

Looking to stay on top of industry developments and to expand its reach in the global Web3 community, Hexens appeared at every major international Web3 event spanning Token2049 in Singapore, EthCC 6 in Paris, Permissionless II in Austin, TX and more.

The company set up booths and hosted happy hours to bring people together with a beer in hand to keep things light and informal while keeping them up to speed on Hexens’ products and success, and building a loyal following around its brand.

Hexens heads of audits Kasper Zwijsen was also there to talk about common vulnerabilities and attack surfaces in liquid stacking protocols at the IOSG Old Friends Reunion event happening on the sidelines of Token2049 in Singapore.

Of special note is Hexens co-founder and CTO Vahe Karapetyan’s talk about securing Polygon zkEVM during its mainnet beta launch event in Barcelona. The online event was attended by industry giants like Ethereum co-founder Vitalik Buterin who was there to perform the symbolic first transaction on the network.

The Hexens team tripled in size, stretching across the U.S., the U.K., France, Spain, the Netherlands, all the way to distant Australia, even as it harnessed homegrown talent in Armenia to attract some of the brightest minds in the space to bring you even more in the new year.

Want to join the team? Check out our Careers page and apply for a chance to become part of one of the leading cybersecurity companies in the Web3 space.

Looking Ahead

In less than a month’s time, the Hexens team will be at ETH Denver 2024 to unveil Remedy to the global Web3 community with the promise to shake up the space with its unique features and usher in the age of A.R. - anno Remedy.

Follow us at hexens.io and on X at @hexensio and @xyz_remedy, and stay up to date on the latest on the waves Hexens will be making at ETH Denver 2024.

In a bid to up the stake on its commitment to blue-ribbon security reviews, Hexens also launched earlier this month a $10,000 white-hat appreciation award for the responsible disclosure of critical vulnerabilities discovered in bug bounty programs with assets in the same scope as those formerly audited by Hexens.

Stay tuned for more at hexens.io and on X at @hexensio and @xyz_remedy!