The traditional approach to blockchain security is broken. Projects wait until the end of development to think about security, rush through audits to meet launch deadlines, and still lose hundreds of millions to exploits. Even audited code gets hacked.
At TOKEN2049 Singapore, Veridise CEO Jon Stephens explained why this happens and how continuous Web3 security solves the problem.
TLDR
- Traditional security happens too late in development cycles
- $350M lost in 2024 despite audits on code
- ZK projects face twice the vulnerability risk as DeFi
- AuditHub integrates security tools throughout your entire workflow
- Tools find common bugs automatically without developer configuration
- Continuous feedback catches issues before you build on them
Why End of Cycle Security Fails
The numbers tell a stark story. In 2024, approximately $350 million was lost to smart contract exploits, and nearly a third of those projects had been audited. Another $80 million disappeared because critical code was modified after audits or left out of scope entirely. Then in 2025, a single exploit of an out of scope math library cost the ecosystem $223 million.
For zero knowledge circuits, the situation is even more concerning. Veridise’s internal analysis revealed that 55% of ZK projects audited had at least one critical vulnerability. Compare that to 27% for DeFi projects. ZK development brings powerful capabilities like scalability and privacy, but the complexity makes security errors twice as likely.
“Audits are expensive, which has caused projects to deploy unaudited and leave critical code out of scope,” Stephens explained during his presentation. The assumption that an audit will find everything creates false confidence. Audits report bugs they find, not the absence of bugs.
How Continuous Security Changes Everything
AuditHub addresses this by integrating security tools directly into your development workflow. Instead of waiting weeks for an audit report at the end, you get immediate feedback as you write code.
The platform includes four specialized tools that work together. Vanguard and ZK Vanguard are static analyzers for smart contracts and ZK circuits. OrCa fuzzes Solidity code to find violations of expected behavior. Picus formally verifies ZK circuits are deterministic, catching the vulnerability class responsible for 95% of critical ZK bugs.
All of these tools can find common bugs automatically. At least $120 million in 2024 hacks came from exploiting well known patterns like reentrancy. The tools detect these without requiring any configuration from your team. For project specific business logic, you can write custom detectors in Vanguard or define invariants for OrCa to test.
Stephens highlighted a key usability feature: guided issue triage. When you mark something as a false positive and explain why, AuditHub automatically filters out similar reports. You review root causes, not individual instances.
Security That Moves at Development Speed
The formal verification engine Picus verified RISC Zero’s Keccak ZK circuit in under eight minutes. That’s formal proof of correctness, not just testing, delivered faster than most CI/CD pipelines run.
Because everything integrates into a single platform, you configure once and run continuously. Set up AuditHub at the start of your project, connect it to your GitHub repository, and security scans run automatically on every pull request. No context switching between different tools with different setup requirements.
“Security can be integrated more tightly into the development process,” Stephens emphasized. Fix bugs early before you build additional features on top of them. Include your entire codebase without worrying about scope limitations. Get frequent, tailored feedback with mathematical guarantees.
Ready to shift security left in your development cycle?
Book a Demo → See how continuous security fits your workflow
Explore Documentation → Learn about each integrated tool
