Our team of world renown security engineers has audited critical infrastructure across Ethereum, Solana, and Cosmos, securing $120B+ in TVL. Some of the biggest names in the industry trust us as their preferred partner, including EigenLayer, Lido, 1inch, LayerZero, and PancakeSwap. The auditors on our team are known globally, sitting at the top of the leaderboards of the biggest bug bounty platforms. And our track record speaks for itself: over 250 audits completed with 0 incidents. Performing smart contract audits uniquely relative to industry standard, we dedicate two teams comprising 6 senior auditors to every engagement. We specialize in complex DeFi logic, including AMMs, concentrated liquidity, lending markets, tokenomics, oracle integrations, and cross-chain bridges. Reviews are manual-first, with exploit modeling, gas efficiency reviews, and bytecode-level analysis when needed.
- Security
- Arbitrum
- Avalanche
- Base
- Celo
- Ethereum
- No
- Web
- Paid
- APAC
- Europe
- LATAM
- Middle East and Africa
- North America
Hexens provides world-class security reviews and built the first scalable security tooling to protect the future of Web3. Our services include smart contract audits, novel cryptography audits, penetration testing, and more.
Hexens is a next-generation cybersecurity firm built to secure the most critical infrastructure in Web3. With a team of world-class engineers, vulnerability researchers, and cryptographers, Hexens operates at the intersection of smart contract auditing, zero-knowledge protocol review, threat modeling, and infrastructure security.
Our security audits are trusted by leading ecosystems and protocols across Ethereum, Solana, Cosmos, and BNB Chain - securing over $120B of onchain assets. From DeFi primitives and bridges to staking protocols and oracles, Hexens delivers precise, rigorous audits that go beyond templated checks. We’ve protected projects like Polygon, LayerZero, EigenLayer, and 1inch through long-term, deep-rooted partnerships.
But Hexens goes further than auditing.
To address the limitations of traditional review models, we built Glider - a scalable security engine that acts as a search layer for deployed smart contract behavior. Glider powers smart contract security at scale: its API integrates automated risk checks into wallets, DEXs, and analytics platforms; its search tool lets security teams and researchers scan blockchains for vulnerabilities in live contracts; and its token risk insights help platforms flag suspicious assets, protect users, and meet compliance standards.
This system turns threat detection into a community-driven knowledge layer: once a vulnerability is defined, it becomes a Glider query that protects others from repeating the same mistake. Glider is already being used by security firms, wallets, analytics platforms, and compliance providers to label, classify, and monitor smart contracts in real time.
In parallel, we launched Remedy - a curated bug bounty platform that helps projects remain protected after deployment. Remedy supports live triage, scoped bounties, and post-audit bounty extensions. With over 2,200 participants in our last CTF, Remedy helps leading projects crowdsource real, high-signal vulnerabilities, bridging the gap between audit and active threat resistance.
Together, Hexens' solutions form a full-stack security suite: auditing before launch, monitoring after deployment, and reacting in real time when new attack surfaces emerge.
Use Cases
With deep experience auditing zkVM's like RISC Zero and privacy-enabled rollups such as AvaCloud’s eERC, Hexens brings unmatched expertise in safeguarding ZK circuits, custom precompiles, and SNARK/STARK integrations. We’re also committed to education and innovation, publishing deep technical content on ZK systems. Our team includes former CTF champions, academic cryptographers, and low-level exploit researchers, all driven by deep technical experience and a passion for secure innovation. We were the first firm to audit Polygon zkEVM, uncovering and resolving critical vulnerabilities across ZK circuits, precompiles, and integration layers. Beyond audits, our engineers publish detailed research on STARKs, SNARKs, and cryptographic primitives - helping push ZK security standards forward.
Remedy (r.xyz) is Hexens’ next-generation bug bounty platform that helps Web3 projects stay secure after deployment by tapping into a curated network of top-tier security researchers. Unlike traditional bounty platforms, Remedy is invite-only. This ensures that only qualified experts review your code - keeping the signal high, the noise low, and the results meaningful. We’ve hosted some of the most active security competitions in the space, with over 2,200 researchers participating in our latest CTF. Remedy supports custom bounty scopes, integrated triage, and live vulnerability tracking to help teams find critical issues before attackers do. With reports being handled by our own security researchers, this has proven to separate Remedy from other names in the bug bounty space due to the quality of reporting and triage offered to projects. Some of the names listed on Remedy so far include Scroll, Polygon, PancakeSwap, and Tokemak.
Glider enables real-time detection of security and compliance risks in tokens across any EVM-compatible chain. Designed for speed and precision, it helps identify malicious behavior embedded in token contracts, often missed by standard scanners. Security teams and compliance providers can use Glider to quickly assess tokens for suspicious or permissioned transfer logic, fee injection or hidden mint functionality, transfer blocking mechanisms and honeypot behavior, and unusual external call patterns or time-based restrictions Unlike traditional static analysis tools, Glider evaluates actual contract behavior and outputs risk signals with high confidence. It’s ideal for wallets, exchanges, and compliance platforms that need to screen tokens at scale - whether for listings, automated monitoring, or user safety alerts. By integrating Glider into your token evaluation workflow, you gain faster, deeper insights into potential threats without compromising on accuracy or efficiency.
Glider is a next-gen security engine for EVM blockchains that transforms smart contract code into structured data, enabling deep and scalable analysis. It powers ecosystem-wide vulnerability detection by converting contracts into graph-based artifacts and allowing users to query them using an intuitive Python-like language. Instead of auditing one contract at a time, Glider scans hundreds of thousands in minutes, identifying critical risks across entire networks. With fewer lines of code than traditional tools like Slither or Semgrep, it simplifies complex security checks while boosting detection speed and accuracy. Glider supports distributed query writing, making it easy for developers, researchers, and internal teams to contribute. Its roadmap includes automation, real-time alerts, cross-contract analysis, and a public query database - turning individual findings into reusable security intelligence. Glider isn’t just a tool; it’s a protocol for scaling smart contract security.
Glider API by Hexens is a powerful solution for automated smart contract analysis across EVM chains. It identifies, labels, and classifies verified contracts by purpose (e.g., DEX, Lending, Bridge, Mixer) and detects forks, ERC/EIP compliance, and suspicious behaviors like rug pulls or unauthorized minting. With 100+ label types and fast processing, Glider analyses millions of contracts in minutes. Glider also integrates seamlessly with block explorers like Etherscan, tagging contracts with detailed metadata, including proxy use, verifier presence, and malicious deployer status. Its token risk analyzer detects hidden threats like blacklist functions, central minting, and upgradeability. Used by chains, wallets, and compliance tools, Glider provides granular, real-time insights via an easy-to-use API supporting AML checks, chain monitoring, and user-facing security tooling.
This site contains content and information, including links to other sites and resources, that was prepared by third parties ("Third Party Content") who are not affiliated with Circle or any of its affiliates (collectively "Circle"). Circle makes no representations on the accuracy, suitability, or validity of Third Party Content. As such, Circle is neither responsible nor liable for any Third Party Content, including any errors, omissions, or delays, or for any actions taken in reliance upon any Thirds Party Content. Reference to any specific company, product, service, or website of any third party does not constitute an implied or express endorsement, recommendation, favoring or validation by Circle. All content provided is for educational and informational purposes only. Circle shall not be liable for any damage or loss relating to use of, or reliance upon, the Third Party Content.