m4rio

I started my career as a Web2 solution-oriented builder, helping over 20 startups go from idea to scalable products beyond MVP. My early work covered full-stack development and DevOps, eventually leading to architectural roles where I designed and scaled production infrastructure.

Web2: Focus on High-Risk Platforms

In the later years of my Web2 journey, I specialized in high-risk, fiat-facing platforms, collaborating closely with cybersecurity teams to build secure, compliance-ready systems. This experience gave me deep exposure to real-world threat models and operational security.

Transition to Web3

I moved into Web3 in 2019, starting with Bitcoin and the UTXO model before shifting to the EVM ecosystem. With a strong background in architecture, I focused on building secure and scalable smart contract systems from the ground up.

By 2020, I was fully immersed in DeFi, helping projects adopt a "secure by design" approach. During this time, I joined the white-hat hacking community, contributing to several confidential security operations that deepened my commitment to security research.

Mentorship and Community Work

In 2021, I became part of the EthernautDAO council, aiming to onboard and mentor developers entering Web3. I brought a practical perspective shaped by years of real-world development and security experience, helping newcomers bridge the gap between Web2 and Web3.

Security Research and Protocol Work

Throughout my career, I've worked with various confidential protocols to design and secure their smart contract architecture—always blending Web2 stability with Web3 innovation.

After Devconnect Amsterdam in 2022, I joined Spearbit as a Security Researcher, where I contributed to:

• Protocol security reviews
• Threat modeling
• Architectural reviews
• Post-incident analysis and support
• Multi-sig system design and security reviews

Additionally, i help teams in the design, configuration, and security of multi-signature setups. My work includes evaluating threat models around multi-sig control, off-chain coordination risks, and operational best practices.

Deepening Rust Involvement

Over the past two years, I’ve increased my interest in the Rust ecosystem. My work includes:

• Private Rust codebase reviews
• Serving as a vCISO
• Giving technical security presentations at hackathons

Soldeer

I'm the creator of Soldeer – the first Solidity-centric package manager built in Rust, now integrated into Foundry. Soldeer simplifies and secures dependency management for smart contract developers.

Current Focus

Today, I focus on:

• Security research
• Rust client implementations
• Smart contract architecture across EVM and Solana
• Multi-sig security and operational hardening
• Continuing to support both Web2 and Web3 ecosystems through mentorship, secure system design, and open-source tooling