Back to Security from Day One
Assigned Reading
Every lesson references real sources: whitepapers, governance proposals, research papers, and protocol documentation. These are the materials our content is built from. Tap any link to verify or go deeper.
Chapter 1 | Lesson 1
Threat Modeling for Protocol Founders
SEAL 911 Security Frameworks
Security Alliance (SEAL)
https://frameworks.securityalliance.org
Building Secure Contracts
Trail of Bits
https://github.com/crytic/building-secure-contracts
War and Peace: The Story of Euler
Euler Finance
https://www.euler.finance/blog/war-and-peace
How a Flash Loan Attack Drained $182M from Beanstalk
Immunefi
https://medium.com/immunefi/hack-analysis-beanstalk-governance-attack-feb-2022-3f17e3b86904
Chainalysis 2024 Crypto Crime Report
Chainalysis
https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2025/
Chapter 1 | Lesson 2
The Security Budget
Crypto Hacking: Stolen Funds 2025
Chainalysis
https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2025/
Aave V4 Security Budget Proposal
Aave DAO
https://governance.aave.com/t/arfc-aave-v4-development-engagement/18759
Uniswap V4 Bug Bounty and Security Competition
Uniswap Labs
https://blog.uniswap.org/uniswap-v4-bug-bounty
Immunefi Annual Crypto Losses Report 2024
Immunefi
https://immunefi.com/research/
Halborn Top 100 DeFi Hack Report
Halborn
https://www.halborn.com/blog/post/top-100-defi-hacks
Ronin Bridge Hack Post-Mortem
Ronin Network
https://roninblockchain.substack.com/p/community-alert-ronin-validators
Chapter 1 | Lesson 3
Design-Level Vulnerabilities
War and Peace: The Story of Euler
Euler Finance
https://www.euler.finance/blog/war-and-peace
How Mango Markets Was Exploited
Chainalysis
https://www.chainalysis.com/blog/oracle-manipulation-attacks-rising/
Hack Analysis: Beanstalk Governance Attack
Immunefi
https://medium.com/immunefi/hack-analysis-beanstalk-governance-attack-feb-2022-3f17e3b86904
DeFi Security: Lessons from $12B in Hacks
Halborn
https://www.halborn.com/blog/post/top-100-defi-hacks
Chapter 1 | Lesson 4
The Audit Paradox
State of Smart Contract Security 2024
Olympix
https://www.olympix.ai/blog/state-of-smart-contract-security-2024
Smart Contract Auditing: An Empirical Study
AnChain.ai
https://www.anchain.ai/blog/smart-contract-auditing-study
Top 100 DeFi Hacks Analysis
Halborn
https://www.halborn.com/blog/post/top-100-defi-hacks
Smart Contract Security: Are Audits Enough?
QuillAudits
https://www.quillaudits.com/blog/are-smart-contract-audits-enough
War and Peace: The Story of Euler
Euler Finance
https://www.euler.finance/blog/war-and-peace
Chapter 2 | Lesson 1
Choosing and Managing Auditors
Top 10 Blockchain Security Audit Companies in 2024
Sherlock
https://www.sherlock.xyz/blog/top-10-blockchain-security-audit-companies
Top Smart Contract Auditors (2024 Updated)
Cyfrin
https://www.cyfrin.io/blog/top-smart-contract-auditors-tools
Sherlock Pricing and Coverage
Sherlock Docs
https://docs.sherlock.xyz/audits/pricing
Building Secure Smart Contracts
Trail of Bits
https://github.com/crytic/building-secure-contracts
Code4rena Documentation
Code4rena
https://docs.code4rena.com/
Euler Finance: War and Peace Post-Mortem
Euler Labs
https://blog.euler.finance/euler-finance-attack-post-mortem-b9cd9f22dfa9
Chapter 2 | Lesson 2
Bug Bounty Program Design
Immunefi: Protecting the Future of DeFi
Immunefi
https://immunefi.com/
Immunefi Surpasses $100 Million in Total Bug Bounty Payouts
The Block
https://www.theblock.co/post/301460/immunefi-surpasses-100-million-in-total-bug-bounty-payouts
Bug Bounty Program Is Law
Immunefi
https://immunefi.com/blog/bug-bounty-program-is-law/
Primacy of Impact: A New Standard for Bug Bounties
Immunefi
https://immunefi.com/blog/primacy-of-impact/
Polygon Bug Bounty: $2M Payout
Polygon
https://blog.polygon.technology/polygon-bug-bounty-2-million/
Cantina: $15.5M Uniswap V4 Security Review
Cantina
https://cantina.xyz/competitions/uniswap-v4
Chapter 2 | Lesson 3
Post-Deployment Monitoring
Forta Network Documentation
Forta Foundation
https://docs.forta.network/
OpenZeppelin Defender Documentation
OpenZeppelin
https://docs.openzeppelin.com/defender/
Tenderly Platform Documentation
Tenderly
https://docs.tenderly.co/
Olympix: Circuit Breakers in Smart Contracts
Olympix
https://www.olympix.ai/blog/circuit-breakers-smart-contracts
Ronin Network Post-Mortem
Ronin Network
https://roninblockchain.substack.com/p/community-alert-ronin-validators
Forta Annual Report 2023
Forta Foundation
https://forta.org/blog/forta-2023-year-in-review/
Chapter 2 | Lesson 4
Incident Response
Euler Finance: War and Peace
Euler Labs
https://blog.euler.finance/euler-finance-attack-post-mortem-b9cd9f22dfa9
Jump Crypto Backstops Wormhole Exploit
CoinDesk
https://www.coindesk.com/tech/2022/02/03/jump-crypto-backstops-wormhole-exploit/
Ronin Network Post-Mortem
Ronin Network
https://roninblockchain.substack.com/p/community-alert-ronin-validators
SEAL 911: Emergency Security Response
SEAL 911
https://seal911.org/
Euler: How We Recovered $240M
Euler Labs
https://blog.euler.finance/how-euler-recovered-240m-1875e94c8fc0
Chapter 3 | Lesson 1
Team OpSec and Key Management
Top 100 DeFi Hacks: Off-Chain Analysis
Halborn
https://www.halborn.com/blog/post/top-100-defi-hacks
Bybit Incident Analysis: Supply Chain Attack via Safe{Wallet}
NCC Group
https://www.nccgroup.com/us/research-blog/bybit-incident-analysis/
SEAL Security Frameworks: Multisig Best Practices
Security Alliance (SEAL)
https://frameworks.securityalliance.org
Three Sigma: The Complete Crypto Security Guide
Three Sigma
https://threesigma.xyz/blog/crypto-security-guide
How a Fake Job Offer Took Down the World's Most Popular Cryptocurrency Exchange
Hacker News (Drift Protocol discussion)
https://news.ycombinator.com/item?id=43263592
Chainalysis: 2025 Crypto Crime Report - DPRK Theft
Chainalysis
https://www.chainalysis.com/blog/crypto-crime-report-2025/
Chapter 3 | Lesson 2
From Audit to Continuous Security
Aave V4: Security by Design
Aave
https://aave.com/blog/aave-v4-security-by-design
Certora Prover Goes Open Source
Certora
https://www.certora.com/blog/certora-prover-goes-open-source
Compound Governance Forum: Ongoing Security Budget
Compound Governance
https://www.comp.xyz/
MakerDAO: Formal Verification and DAI Stability
MakerDAO
https://makerdao.com/en/
Sherlock: Audit and Coverage Platform
Sherlock
https://docs.sherlock.xyz/
Chapter 3 | Lesson 3
The Regulatory Security Landscape
Tornado Cash Sanctions: Fifth Circuit Decision and Implications
Mayer Brown
https://www.mayerbrown.com/en/insights/publications/2024/12/tornado-cash-and-ofac-the-fifth-circuits-decision-and-its-implications
OFAC Lifts Tornado Cash Sanctions After Court Ruling
Venable LLP
https://www.venable.com/insights/publications/2025/03/ofac-lifts-tornado-cash-sanctions
Chainalysis: Tornado Cash Sanctions and Compliance
Chainalysis
https://www.chainalysis.com/blog/tornado-cash-ofac-designation-update/
Nexus Mutual: DeFi Insurance and Claims Data
Nexus Mutual
https://nexusmutual.io/
Sherlock: Audit and Smart Contract Coverage
Sherlock
https://docs.sherlock.xyz/
OpenCover: DeFi Insurance Comparison Guide
OpenCover
https://opencover.com/
Immunefi: Bug Bounty Program Is Law
Immunefi
https://immunefi.com/
Chapter 3 | Lesson 4
Module Capstone: Security Audit of Alex's Protocol
Halborn Top 100 DeFi Hacks
Halborn
https://www.halborn.com/blog/post/top-100-defi-hacks
Aave V4: Security by Design
Aave
https://aave.com/blog/aave-v4-security-by-design
SEAL Security Frameworks
Security Alliance (SEAL)
https://frameworks.securityalliance.org
Immunefi: Crypto Losses 2024
Immunefi
https://immunefi.com/
Chainalysis: 2025 Crypto Crime Report
Chainalysis
https://www.chainalysis.com/blog/crypto-crime-report-2025/
Sources are updated as lessons are revised. If a link breaks, tap the feedback button in any lesson.