Fuzzland: Web3 Security and Smart Contract Auditing

Fuzzland, a Web3 security firm, has prevented over $15 million in crypto theft from various exploits, co-founder Chaofan Shou shared at the Science of Blockchain conference in New York City.

Founded in early 2023, Fuzzland employs two main strategies for fund recovery: hijacking and backrunning.
– Hijacking involves using bots to take over exploitation efforts on blockchain contracts when identified.
– Backrunning aims to clear funds from potential victims before bad actors can access them.

The largest exploit disrupted by Fuzzland involved the DeFi protocol Sonne Finance, saving it about $10 million in crypto from attacks on the Base and Optimism Layer 2 networks. Furthermore, Fuzzland successfully halted multi-million dollar hacks targeting AllianceBlock, Dough Finance, and Nexera, despite one of these being attacked again recently.

According to Shou's analysis, 57% of funds can be saved using backrunning, while 26% can be saved through hijacking. Fuzzland has earned around $1.5 million in bug bounties and secured a $3 million seed funding round earlier this year, led by 1kx and supported by HashKey Capital, SNZ, and Panga Capital. The firm employs about 30 staff members, many holding or working toward PhDs.

Fuzzland's name derives from “fuzzing,” a method of automated testing for identifying vulnerabilities in smart contracts. Shou has open-sourced the “ItyFuzz” fuzzing bot on GitHub, co-developed with fellow Ph.D. candidate Shangyin Tan from Berkeley.