Biography
Iโm Sujith, a security researcher at Spearbit (Cantina) and trusted CISO/Security Advisor for protocols including Superform and LI.FI. With over a decade in Web3 engineering and 3 years specializing in security research, Iโve partnered with 60+ protocols spanning consensus clients, cross-chain bridges, and complex DeFi systems.
As part of Cantinaโs incident response team, I bring real-time experience handling live Web3 exploits and crisis recovery โ from pre-deployment threat modeling to post-incident forensics and remediation planning.
Iโve helped secure some of the most critical ecosystems in crypto: Sonic, Berachain, Optimism Interop, LayerZero, Monad, zkSync, Blast, Relay Protocol, LI.FI, and many others. Most of this work remains private, but my ability to find high-impact vulnerabilities consistently shows up in open competition:
- ๐ฉธ First Blood at Paradigm CTF 2023 (enterprise blockchains), 6th overall
- ๐ฅ 1st Place at Surge CTF 2023 โ broke Socket protocolโs data layer, $27,000 prize
- ๐ฅ 2nd Place at Remedy CTF 2025 โ solved four problems under pressure
- ๐ 1st Place at the Cork Protocol audit contest (Cantina)
Before Spearbit, I was a founding engineer at Superform ($180M+ TVL) and Streams, giving me the rare perspective of both a builder shipping at scale and a security lead defending production code under attack surfaces measured in billions.
I also contribute to the future of secure infrastructure:
- โ๏ธ Co-author of EIP-6170, defining the bridge interface standard
- ๐ง Contributor to Uniswap MMA (multi-message aggregation) and Pigeon (cross-chain test suite)
- ๐ก๏ธ Reported 6+ vulnerabilities to Hyperlane and multiple bridge protocols as a part of my bug bounty journey
Whether itโs Solidity, Rust, Go, or protocol architecture, I combine builder intuition with an adversarial mindset. My mission is simple: to ensure your protocol doesnโt just pass an audit, but is battle-tested to withstand nation-state-level adversaries and real-world exploits.
Explore my portfolio: sujithsomraaj.xyz/security-work
Top competitions
View allContest | Position | Date | Payout |
|---|---|---|---|
incentive-contracts | 5 / 41 | January 2024 | $5,468 |
curvance | 24 / 58 | February 2024 | $2,724 |
opal-contracts | 14 / 42 | February 2024 | $1,018 |
zetachain-protocol | 30 / 94 | August 2024 | $492 |
Soon | 11 / 19 | December 2024 | $438 |
Private reviews
View allEngagement | Project title | Timeframe | Researchers |
|---|---|---|---|
Uniswap Labs | Uniswap: Protocol Fees | Nov 2025 - Nov 2025 | |
OP Labs | Optimism: Custom Gas Token | Nov 2025 - Nov 2025 | |
Euler | Euler - PR111 | Oct 2025 - Oct 2025 | |
Coinbase | Coinbase: Base Bridge | Sep 2025 - Sep 2025 | |
Coinbase | Coinbase: Base Bridge | Aug 2025 - Sep 2025 |
Security portfolio
Title | Description |
|---|---|
| Li.Fi Protocol | Private audit reports |
| Relay Protocol | Invalid message hash issue |
| Hyperlane | Permanent DoS |
| Hyperlane [Immunefi] | Relayer overpaying gas |
| Hyperlane [Immunefi] | Relayer ignoring acknowledgement cost |
| Hyperlane [Immunefi] | 32-length tree depth DoS issue |
| Socket.tech | Permanent DoS Of Data Layer |
| Socket.tech | Random packet signing issue |