About Me

Co-Founder of DeepProof, Security Researcher, and Cyber Security Master's Student at ETH Zürich

DeepProof

DeepProof

Founder

Co-Founder of DeepProof, a blockchain security company leveraging AI to fully automate the formal verification of smart contracts.

Smart contracts are critical pieces of software, making formal verification—a method that mathematically proves their security or finds bugs—highly valued in the blockchain space. Yet, due to its reputation as elitist and overly complex, this technology remains out of reach for most projects.

DeepProof's mission is to radically change that and finally make formal verification mainstream, as it should be.

Education

ETH Zürich

Master's in Cyber Security

EPFL

Bachelor in Communication Systems

Security Researcher / Bug Bounty Hunter

Independently discovering and reporting security vulnerabilities in major bug bounty programs since 2020.

Hacking into smart contracts, blockchain nodes, web applications, and AI applications.

Swisscom

Security Vulnerabilities Discovered

60+ valid vulnerabilities reported and resolved
Invited to give an internal talk to Swisscom security department (February 2024)
Ranked as the 3rd and 5th top hacker in 2022 and 2021, respectively

X (Twitter)

Security Vulnerabilities Discovered

10+ vulnerabilities identified (most still in remediation)
Security issues affecting features like:
End-to-end encrypted messages
Spaces
Communities
Creator subscriptions

Chainlink

Security Vulnerabilities Discovered

High-impact smart contract vulnerability
High-impact node software vulnerability

OpenAI

Security Vulnerabilities Discovered

Medium-severity security issue in ChatGPT
Issue facilitating user data exfiltration

Anthropic

Security Vulnerabilities Discovered

Medium-severity security issue in Claude.ai
Issue leading to user data exfiltration

Responsible Disclosure

Responsibly disclosing vulnerabilities to various companies, organizations and institutions.

•

Project Jupyter - High-severity security issue in JupyterHub[CVE-2024-28233]

•

EPFL - 25+ reported vulnerabilities. Issues affected almost all EPFL's popular and critical services.

•

•

•

•

•

•

•

Talks

Swisscom Security Department

February 2024

Exploiting the Unexploitable: Self-XSS

Zurich, Switzerland

Area41 Security Conference

June 2024

Did you Say Out of Scope? Reconsidering Self-XSS and Exploring Novel Attacks with Cookie Tossing

Zurich, Switzerland

Slides Recording

GOhack2024

November 2024

Practical Self XSS Exploitation and Novel Attacks with Cookie Tossing

Zurich, Switzerland

Slides Recording

Security Tools

Automated SSRF vulnerability scanner

300+ GitHub stars
Widely shared on X, LinkedIn and Telegram by security professionals
Featured in many security blogs and platforms

Automated Web Cache Poisoning vulnerability scanner

50+ GitHub stars
Featured in many security blogs and platforms

autoSSRF

autoPoisoner