CypherTalk

Summary This episode features a deep dive into two newly released reports on Web3 security by rekt.news and Oak Security, insights from industry experts, and discussions on the future of blockchain security. We explore recent hacks, the role of AI, and how the community can enhance security practices.   Soundbites "AI is here to help us, not just to attack." "Human attack vectors dominate the security issues." "Diversify your assets and protocols to stay safe."   Links The DAO Security Fund CypherTalk: https://qf.giveth.io/project/cyphertalk-podcast:-security-education-for-ethereum?roundId=16 Rekt News: https://qf.giveth.io/project/rekt-news-ethereums-security-intelligence-layer?roundId=16   The Reports: Oak Security’s State of Web3 Security: https://research.oaksecurity.io/  Rekt News’ War Room Report: https://github.com/RektHQ/Reports/blob/main/Rekt_Security_Summit_War_Room_Report.pdf 

Summary In this in-depth interview, Nadim Kobeissi shares his extensive experience in cryptography audits, the limitations of formal verification, responsible disclosure practices, and the future of cryptography and security, including post-quantum cryptography and AI's impact on cybersecurity.   Keywords cryptography, security audits, formal verification, post-quantum cryptography, zero-knowledge proofs, responsible disclosure, cryptographic protocols, AI cybersecurity, cryptography research, software security   Key Topics Cryptography audit process and focus areas Limitations of formal verification tools Responsible disclosure methodology Future threats in cryptography including AI and quantum computing Educational tools for understanding cryptographic protocols   Sound Bites "Cryptography is about designing systems that are mathematically sound." "Claims of formal verification being bug-free are often exaggerated." "AI will be used to stockpile vulnerabilities and exploits."   Links Nadim’s website: https://nadim.computer/ Nadim’s LinkedIn: https://www.linkedin.com/in/nadimkobeissi https://symbolic.software/ https://cure53.de/

Summary In this in-depth interview, cryptography researcher Matilda Backendal discusses applied cryptography, end-to-end encryption vulnerabilities, password manager security flaws, and the future of cryptographic research. Gain insights into real-world security challenges and best practices for protecting digital data. Keywords cryptography, end-to-end encryption, cloud storage security, password managers, cryptographic research, privacy, zero-knowledge proofs, digital identity, homomorphic encryption Key topics Applied cryptography and real-world applications Vulnerabilities in end-to-end encryption systems Security flaws in cloud storage and password managers Cryptographic research and formal verification Future trends and challenges in cryptography    Sound bites "Crypto is all around us in daily life." "Most cloud storage isn't end-to-end encrypted by default." "User-chosen passwords are a major security factor." Links Matilda's Website - https://mbackendal.github.io/ Paper - Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers - https://eprint.iacr.org/2026/058 

Summary In this in-depth interview, Griff Green shares insights from the historic DAO hack, the evolution of Ethereum security, and TheDAO Security Fund. Discover how security practices have transformed over the years and explore new models for funding and coordinating security efforts in the crypto space. Keywords Ethereum, DAO hack, security, smart contracts, DAO Security Fund, crypto security, auditing, quadratic funding, white hats, blockchain security key topics: TheDAO hack and its impact on Ethereum security Evolution of smart contract auditing and security practices TheDAO Security Fund and its role in community-led security funding Innovative models like quadratic funding for supporting security projects The importance of community, diversity, and AI in securing crypto ecosystems Sound Bites "It was an existential threat for Ethereum." "Funding security is a systemic problem in crypto." "The industry needs to communicate more openly." Links https://x.com/Giveth  https://thedao.fund/  https://x.com/thedaofund  https://giveth.io/  https://x.com/griffgreen

Summary In this episode of CypherTalk, Peter Kacherginsky, the founder of BlockThreat, joins us to discuss the evolution of his newsletter into a comprehensive source of actionable intelligence in the cybersecurity landscape, particularly focusing on Web3. He emphasizes the importance of understanding attack patterns, the role of operational security, and the impact of AI on security practices. The conversation also touches on the implications of privacy-preserving technologies and the need for teams to prepare for future security challenges. Peter shares insights on common misassumptions in security practices and the correlation between market conditions and security incidents, concluding with advice for security teams to foster a culture of awareness and proactive measures.

In this episode of CypherTalk, we are joined by Jordi Baylina, founder of Zisk, and Stefan Beyer to explore the intricate world of privacy technology, particularly focusing on zero-knowledge proofs and their implications for security and privacy in the blockchain space. The conversation delves into the definitions of privacy, the evolution of zero-knowledge technology, the role of developers, regulatory challenges, and the future of privacy technology beyond blockchain. Takeaways Privacy means having control over what information you reveal. Selective disclosure allows for privacy without sacrificing security. Zero-knowledge technology enables privacy while maintaining compliance. Developers need to adopt a privacy-first mindset in their applications. Regulations like GDPR highlight the importance of privacy in technology. Privacy coins face scrutiny from governments concerned about security. The future of privacy technology may involve obfuscation techniques. Understanding zero-knowledge proofs is crucial for developers. Auditing privacy protocols requires specialized knowledge in cryptography. The balance between privacy and security is evolving with new technologies.

In this episode of CypherTalk, Jade Doherty and Stefan Beyer delve into the intricacies of operational security, particularly in the context of modern tech organizations and distributed teams. They discuss the definition of operational security, the emerging challenges faced by organizations, and the importance of implementing a zero-trust architecture. Stefan highlights the vulnerabilities of different departments, the evolving landscape of phishing attacks, and the significance of securing communication channels. He emphasizes the need for awareness and proactive measures in operational security, especially for startups and web3 teams managing significant value. The episode concludes with practical advice on securing GitHub access and the best practices for communication in a professional setting. A must-listen if you are running a distributed team! Topics Operational security encompasses the security of business operations, not just products Zero-trust architecture means assuming every communication is suspicious Everyone in an organization is a potential target for attacks Phishing attacks have evolved to become more sophisticated and harder to detect Social engineering exploits human vulnerabilities, making training essential Supply chain attacks are a growing threat, especially in software development

Welcome to the first episode of CypherTalk — a new podcast exploring the real-world intersection of cybersecurity, privacy, and the human side of staying safe online. In this inaugural episode, host Jade Doherty is joined by co-host Stefan Beyer, co-founder of Oak Security, to introduce what the show is about and why security in 2026 looks different from what it did even a few years ago. They unpack why the human attack vector is now the easiest way into most systems, how remote work and “always-on” device habits changed the threat landscape, and why modern attacks increasingly target social engineering, phishing, and supply chains rather than just code. You’ll also hear how the rise of AI is accelerating both attacks and defenses, why zero-knowledge (ZK) and privacy tech introduce new implementation risks (including the danger of “proving the wrong thing”), and how composability and cross-protocol dependencies continue to reshape blockchain security. Stefan shares a personal story of a highly targeted “podcast invite” scam that nearly turned into a credential-stealing attack — a perfect example of why, in 2026, it’s less about never making mistakes and more about designing systems that limit blast radius when mistakes happen. Next up: an episode fully focused on operational security (OpSec) — practical steps you can take to protect yourself and your organization. In this episode What CypherTalk will cover (cybersecurity + privacy, with rotating guests/co-hosts) Why humans are the #1 target: phishing, social engineering, supply chain attacks Remote work, context switching, and why “always-on” makes mistakes more likely AI as an arms race: scaling attacks vs improving defenses ZK/privacy tech maturity: new opportunities and new failure modes Why “zero trust” is about reducing impact, not paranoia Institutional security expectations and how crypto security is (slowly) evolving Call to action If you enjoyed the episode, follow/subscribe, leave a review, and send topic suggestions (or corrections!) — the team wants this podcast to be shaped by what listeners actually want to learn.