Biography
I’m Sujith, a security researcher at Spearbit (Cantina) and trusted CISO/Security Advisor for protocols including Superform and LI.FI. With over a decade in Web3 engineering and 3 years specializing in security research, I’ve partnered with 60+ protocols spanning consensus clients, cross-chain bridges, and complex DeFi systems.
As part of Cantina’s incident response team, I bring real-time experience handling live Web3 exploits and crisis recovery — from pre-deployment threat modeling to post-incident forensics and remediation planning.
I’ve helped secure some of the most critical ecosystems in crypto: Sonic, Berachain, Optimism Interop, LayerZero, Monad, zkSync, Blast, Relay Protocol, LI.FI, and many others. Most of this work remains private, but my ability to find high-impact vulnerabilities consistently shows up in open competition:
- 🩸 First Blood at Paradigm CTF 2023 (enterprise blockchains), 6th overall
- 🥇 1st Place at Surge CTF 2023 – broke Socket protocol’s data layer, $27,000 prize
- 🥈 2nd Place at Remedy CTF 2025 – solved four problems under pressure
- 🏆 1st Place at the Cork Protocol audit contest (Cantina)
Before Spearbit, I was a founding engineer at Superform ($180M+ TVL) and Streams, giving me the rare perspective of both a builder shipping at scale and a security lead defending production code under attack surfaces measured in billions.
I also contribute to the future of secure infrastructure:
- ✍️ Co-author of EIP-6170, defining the bridge interface standard
- 🔧 Contributor to Uniswap MMA (multi-message aggregation) and Pigeon (cross-chain test suite)
- 🛡️ Reported 6+ vulnerabilities to Hyperlane and multiple bridge protocols as a part of my bug bounty journey
Whether it’s Solidity, Rust, Go, or protocol architecture, I combine builder intuition with an adversarial mindset. My mission is simple: to ensure your protocol doesn’t just pass an audit, but is battle-tested to withstand nation-state-level adversaries and real-world exploits.
Explore my portfolio: sujithsomraaj.xyz/security-work
Top competitions
View allContest | Position | Date | Payout |
|---|---|---|---|
incentive-contracts | 5 / 152 | January 2024 | $5,468 |
curvance | 24 / 224 | February 2024 | $2,724 |
opal-contracts | 14 / 183 | February 2024 | $1,018 |
zetachain-protocol | 30 / 342 | August 2024 | $492 |
Soon | 11 / 452 | December 2024 | $438 |
Private reviews
View allEngagement | Project title | Timeframe | Researchers |
|---|---|---|---|
LayerZero | LayerZero Ovault | Jul 2025 - Jul 2025 | |
Eco Foundation | Eco Routes | May 2025 - May 2025 | |
Horizen Labs | Horizen Migration Smart Contract Audit | Apr 2025 - May 2025 | |
Botanix | botanix-stBTC | Apr 2025 - Apr 2025 | |
Puffer Finance | puffer-contracts | Apr 2025 - Apr 2025 |
Security portfolio
Title | Description |
|---|---|
| Li.Fi Protocol | Private audit reports |
| Relay Protocol | Invalid message hash issue |
| Hyperlane | Permanent DoS |
| Hyperlane [Immunefi] | Relayer overpaying gas |
| Hyperlane [Immunefi] | Relayer ignoring acknowledgement cost |
| Hyperlane [Immunefi] | 32-length tree depth DoS issue |
| Socket.tech | Permanent DoS Of Data Layer |
| Socket.tech | Random packet signing issue |