// Our Story

From 0-days to
zero-tolerance security.

TrustSec was forged in the world's most demanding offensive security environments. This is the story of how a solo researcher became the trusted security partner for web3's most critical infrastructure.

Chapter I - The Web2 Years

Before blockchain, before smart contracts - Trust spent nearly a decade breaking the most hardened systems in traditional security. Military intelligence, IoT exploitation, and mobile zero-day research built the offensive instincts that would later define TrustSec's approach to web3.

Military-grade cyber workstation with IoT devices and exploit analysis

// Web2 Security

2014 – 2018

Vulnerability research in Israel's exclusive 8200 cyber unit

Four years of offensive security research inside one of the world's most elite intelligence units, building a deep foundation in low-level systems exploitation.

2018 – 2019

IoT vulnerability research

Hacked Amazon's Ring doorbell on stage, achieved RCE on Comcast routers, and compromised smart locks - demonstrating that no device is safe from a determined researcher.

2019 – 2021

Dozens of iOS 0-days for Israel's leading offensive security firm

Discovered and weaponised dozens of iOS zero-day vulnerabilities, operating at the highest tier of mobile exploitation research.

Chapter II - The Web3 Ascent

In 2022, Trust entered web3 security - and the trajectory was immediate. Within months, a record-breaking contest run, six-figure bounties, and the formation of a handpicked team transformed a solo career into an institution.

Meteoric rise through blockchain security milestones

// Web3 Security

2022

Entered web3

Transitioned a decade of offensive security expertise into blockchain and smart contract security.

June 2022

First paid bounty

August 2022

First critical issue discovered

September 2022

First C4 contest

October 2022

Best public contest run in history

8 first-place finishes in 2 months - an unprecedented streak that announced Trust's arrival to the web3 security scene.

November 2022

Joined C4 judging team

December 2022

First private audit

December 2022

First 6-figure bounty

Chainlink $300K - discovered a vulnerability that could rig the random output of Chainlink VRF.

January 2023

First Sherlock contest - 1st place

Won the largest Sherlock contest at the time ($720k), and by a wide margin.

January 2023

First team audit

The beginning of TrustSec as a team - Trust handpicked the first auditors to scale impact beyond solo work.

Chapter III - Ecosystem Impact

As TrustSec grew, so did the scale of its impact. From shaping industry standards to disclosing vulnerabilities that protected entire ecosystems, the team moved beyond individual protocols to influence the security posture of web3 itself.

Vast network of secured blockchain protocols

// Ecosystem Impact

August 2023

Ecosystem-wide permit() DoS disclosed

Identified a denial-of-service vector affecting the entire ERC-20 permit ecosystem. 14 separate bounties received.

November 2023

Standardised bounty severities at inaugural C4 Supreme Court

Helped establish the severity framework that the entire competitive audit ecosystem now follows.

December 2023

First retainer client

October 2024

First ecosystem partnership

January 2025

100th audit

May 2025

40th bug bounty

September 2025

Account freeze vector disclosed to Ethereum Foundation

Disclosed a critical account freeze vector affecting hundreds of protocols supporting Account Abstraction - one of the most impactful disclosures in Ethereum's recent history.

Educating the Community

Throughout the years we've educated the community through blog series and posts on X. We've covered everything from hunting methodologies, to live war room stories, disclosures, and thought leadership on the state of web3 security.

We've maintained a persona of neutral authority respected by both leading white hats as well as tier-1 protocols and infrastructure. Our voice carries weight because it's earned - through consistent, honest, public work.

Intentionally Small. Exceptionally Trusted.

We intentionally choose to remain small, boutique, and tightly controlled. Trust handpicks the most talented hunters and supervises all audit and bounty campaigns. Every engagement receives the full weight of the team's attention - no assembly lines, no junior handoffs, no diluted quality.

// What We Stand For

Core Values

Transparency

We publish our findings, share our methodologies, and never hide behind NDAs when the community's safety is at stake.

Accountability

Every report carries our name. We stand behind our work and take responsibility for the security posture of every protocol we clear.

Truth-Seeking

We follow the evidence wherever it leads. Our loyalty is to the truth - not to the client's preferred narrative.

Meritocracy

Every auditor on the team earned their seat through demonstrated skill. No politics, no nepotism - only results.

Ready to work with us?

Get in touch to discuss your security needs. We'll match you with the right approach for your protocol.

Start a Conversation

From 0-days tozero-tolerance security.