2026-02-16 –, Auditorium
A deep dive into the CPIMP vulnerability—how a stealthy proxy-in-the-middle attack infected dozens of DeFi protocols across chains, embedded persistent backdoors, and how Dedaub and SEAL 911 raced to neutralize it before widespread exploitation.
This talk unpacks the CPIMP (Clandestine Proxy In the Middle of Proxy) attack, a stealthy, highly sophisticated DeFi vulnerability that threatened millions of dollars across dozens of protocols and multiple EVM chains.
CPIMPs masqueraded as legitimate proxy contracts while embedding persistent backdoors, often lying dormant for months until optimal conditions arose. The attacker employed advanced evasion techniques, including spoofed events, dummy storage writes, and aggressive anti-recovery logic, successfully deceiving common analysis workflows and even public explorers.
We’ll walk through how Dedaub reverse-engineered the attack, identified affected deployments, and led a coordinated, multi-chain mitigation effort through SEAL 911. The session distills practical lessons on detecting deeply hidden threats, responding under time pressure, and maintaining continuous monitoring across chains.
Dr. Neville Grech is a white-hat hacker with 15 years of experience in software engineering, security, and program analysis, and the lead author of MadMax. He is a co-founder of Dedaub and has spoken at events such as Web3 Summit and ETHTaipei, presenting how decompilation and static analysis uncover hidden smart contract vulnerabilities across EVM chains.