Public Key Podcast

Everything You Need To Know About Smart Contract Audits: Podcast Ep. 47

Episode 47 of the Public Key podcast is here! In this episode, we talk with David Schwed (Chief Operating Officer of Halborn), where he explains smart contract security audits, crypto project vulnerabilities, and bridge hacks. 

You can listen or subscribe now on Spotify, Apple, or Audible. Keep reading for a full preview of episode 47.

Public Key Episode 47 preview: Where does cyber security fit into the cryptocurrency and DeFi industry

Chainalysis recently reported that 2022 was the biggest year ever for crypto hacking, with $3.8 billion stolen with the majority of the funds coming from DeFi (decentralized finance) protocols, and it begs the question, why isn’t there better cyber security for these projects?

This is the exact reason why we brought in our next guest, David Schwed (Chief Operating Officer of Halborn), who sat down with Ian Andrews (Chief Marketing Officer, Chainalysis) and explained everything we need to know about smart contract audits and why blockchain projects shouldn’t solely be relying on these audits as part of their cyber security functions. 

David gives us expert insights into proper key management and explains the security vulnerabilities of bridge hacks and the need for DeFi projects to prioritize cyber security instead of making it a second thought, especially with escalating crypto hacks. 

Quote of the episode

“A lot of the hacks that we’re seeing aren’t necessarily web3-focused, key exfiltration attacks. They’re traditional web2 attacks that have web3 implications.” –  David Schwed (Chief Operating Officer, Halborn)

Minute-by-minute episode breakdown

  • (2:05) – What is Halborn, and why should security be built into projects foundationally from the beginning?
  • (5:35) – The Origin Story of David Schwed: From Technologist to Law to CISO
  • (8:45) – The importance of smart contract audits and prioritizing security
  • (17:25) – What role does key management play for projects that are protecting digital assets
  • (24:45) – Creating simulated environments to test smart contract code
  • (29:25)) – Are the vulnerabilities of bridge hacks and cross-chain exploits solvable?
  • (33:55) – Web2 infrastructure vulnerabilities in DeFi and what projects are doing it right?
  • (37:25) – What are TWAP oracles, and what are the vulnerabilities with projects using them

Related resources

Check out more resources provided by Chainalysis that perfectly complement this episode of the Public Key.

Speakers on today’s episode


This website may contain links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.

Our podcasts are for informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material.

Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in any particular podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material. 

Unless stated otherwise, reference to any specific product or entity does not constitute an endorsement or recommendation by Chainalysis. The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Views and opinions expressed by Chainalysis employees are those of the employees and do not necessarily reflect the views of the company.