We are in

Web3 Securing Plan

Crowdsourced Penetration Testing for Web3

Web3 Security is
not only smart contract
auditing
Root Cause of Bybit $1.46B Lost:
Compromised developer infrastructure, not smart contracts.
Why Penetration Testing
Matters ?
Penetration testing is the key to uncovering these
hidden threats before they become headlines
Web3 Securing Plan
We will combine penetration testing, smart contract auditing, and blockchain security to build a 360-degree,
all-encompassing protection system for your Web3 infrastructure, leaving no security blind spots.
Who We Protect
We protect Web3 projects such as exchanges, wallets, GameFi, and SocialFi – any platform exposing APIs and infrastructure to potential threats.
How We Do
We will focus on smart contract auditing and blockchain security and place great emphasis on penetration testing to identify potential vulnerabilities and strengthen the security of off-chain infrastructure, thereby enhancing the overall security of Web3 projects.
How do we protect Web3 projects through the
Web3 Securing Plan ?

Open Recruitment

Publicly invite projects to join.

Proactive Discovery

Identify and test high-impact targets.

The world's top white-hat hackers collaborated to conduct
penetration testing on your project, proactively
identifying and mitigating vulnerabilities to
keep your project secure before
any threats materialize.
“We’re in Web3 Securing Plan”
balisong

Hall of Fame White Hat on the Butian Vulnerability Response Platform #1 Overall on the CNVD Crowdsourcing Platform Core White Hat on Alibaba Cloud Xianzhi

huodongzai

SRC Platforms: 2019 Ctrip Security Incident Response Center Annual Ranking – 2nd 2019 Beike Security Incident Response Center Annual Ranking – 2nd 2019 JD Security Incident Response Center Q3 JSRC Quarterly Hero 2019 Butian Crowdsourced Testing Elite White Hat 2020 Beike Security Incident Response Center Annual Ranking – 1st 2021 Beike Security Incident Response Center Annual Ranking – 1st 2021 Baidu Security Incident Response Center Annual Ranking – 5th 2022 Baidu Security Incident Response Center Annual Ranking – 2nd 2022 OPPO Security Incident Response Center Annual Ranking – 3rd 2023 Baidu Security Incident Response Center Annual Ranking – 1st 2024 Baidu Security Incident Response Center Annual Ranking – 3rd 2024 Didi Security Incident Response Center Annual Ranking – 3rd 2024 Xiaoman Security Incident Response Center Annual Ranking – 9th Event Rankings: Ali Security 2019 Double Eleven Security Defense Battle – Title: Division Commander Ali Security 2020 Double Eleven Security Defense Battle – Title: Division Commander Ali Security 2024 Double Eleven Security Defense Battle – Title: Commander-in-Chief

Jimu

Ping An Security Incident Response Center – 2022 Annual 1st Place SF Security Incident Response Center – 2019 Annual 4th Place Ping An Security Incident Response Center – 2021 Annual 2nd Place Kuaishou Security Incident Response Center – 2021 Annual 5th Place ByteDance Security Incident Response Center – 2020 Annual 4th Place ByteDance Security Incident Response Center – 2022 Annual 5th Place Vulbox – 2019 Annual MVPVulbox – 2020 Marathon MVPVulbox – 2020 Playoffs MVPCIS 2021 Cybersecurity Innovation Conference – White Hat LIVE Producer

D

Over 10 years of penetration testing experience; ranked 3rd on Tencent SRC's overall leaderboard and 28th on the Vulbox overall leaderboard.

upme4

Over 10 years of penetration testing experience; 3rd place in Tencent SRC overall ranking; 28th place in Vulnerability Box overall ranking

L07up

Former senior offensive and defensive engineer at Changting, now serving as an information security engineer at a top-tier financial institution, ranked in the top ten on Ping An SRC's overall leaderboard.

Kider

Co-founder of Fanghua Juedai and Linglong Security; ranked 5th in Huawei SRC 2023.

Yu

Co-founder of Yulin Security; ranked 6th in Alipay SRC 2019 and 21st on the Vulbox overall leaderboard.

a

In 2017, ranked 5th in Tongcheng SRC Annual Ranking. In 2018, ranked 2nd in Ping An SRC Annual Ranking. In 2019, ranked 3rd in Ping An SRC Annual Ranking. In 2020, ranked 1st in Ping An SRC Annual Ranking. In 2017, secured 1st place in the fourth season of Vulbox. In 2018, awarded MVP in the third season of Vulbox. In 2018, awarded MVP in the Shanghai Vulnerability Marathon. Overall ranked 11th on the Vulbox leaderboard. In 2019, ranked 2nd in Huawei SRC Annual Ranking and 6th overall.

Art3mis

Former Head of Offensive and Defensive Operations for the Central China region at Changting Technology, ranked in the top ten on the ASRC overall leaderboard, third on the TSRC 2021 leaderboard, and sixth on the TSRC 2024 leaderboard, as well as in the top ten on the BSRC overall leaderboard. He has repeatedly submitted high-severity vulnerabilities to major SRCs, with research primarily focused on public cloud security, conventional vulnerability discovery, and red-blue adversarial simulations.

Leverage unprecedented technological strengths to
comprehensively safeguard Web3
Crowdsourced Top Tier Expertise
We have assembled top white-hat hackers from platforms like HackerOne, Immunefi, Baidu SRC, Alibaba SRC, and Tencent SRC. They rank among the top and have reported hundreds of critical vulnerabilities to leading tech firms like Google, Alibaba, Tencent, and Baidu, as well as major exchanges like Binance, OKX, and Bitget.
Proven Track Record
As the leading security organization in Web3 field, BitsLab has 400+ security solutions, 40M+ lines of code audited, $8B+ assets protected, discovered critical vulnerabilities in leading projects: Sui, TON, Aptos, Move, Uniswap, and more.
Extensive Web3 Expertise
Specialized in emerging ecosystems audit: Sui, Aptos, TON, Starknet, MOVE, and more
Robust and comprehensive penetration
testing capabilities
Industry Recognition
We reported a data leak at a top exchange, protecting ~100K users;
Exposed an account takeover flaw at a major tech firm, securing confidential data;
Found a remote code execution bug at a domestic tech firm, blocking hacker intrusions;
Assisted an auto company in replicating a watering hole attack, averting losses.


BitsLab's TonBit is recognized by the TON blockchain as a Primary Security Assurance Provider (SAP)
The Aptos, Sui, and Movement teams have officially acknowledged and praised our work
through their official channels
Ready to Have Your Project Tested?
Open Recruitment Process
Proactive Testing for Leading Projects
Proactive Discovery Process