The work is the credential.

Forensic research on the public posture of a DeFi protocol.

Q: How is pricing structured?

Three tiers: Rapid Triage ($4,900) — 48-hour incident assessment. Standard ($15,000) — adds board restitution call, post-fix verification, claims-committee format. Defensible (on request) — adds insurance-ready version, regulatory annex, contested-claim support before claims committee. All tiers: delivery-validation basis, scope in writing, full refund if scope not delivered.

Q: An incident that needs faster turnaround?

Incidents under seventy-two hours old can be scoped for 48-hour delivery at the standard rate, subject to availability. For active incidents, mark [ACTIVE INCIDENT] in the subject — triaged first. Specify in the scoping brief.

Q: Jurisdictions not accepted?

Commissions from OFAC-sanctioned jurisdictions are not accepted. Standard KYC required above $10,000 cumulative engagement.

TierPriceDelivery

Rapid Triage$4,90048h

Standard$15,00072h

DefensibleOn requestCustom

Payment after full report review. Independent research. Not commissioned for market positioning.

I analyse what’s publicly observable — DNS, TLS, CT logs, on‑chain state, governance, regulatory filings — and deliver a research report — typically 1,000 to 4,500 words depending on scope on the protocol you specify: its posture, its risks, the structural soundness of its infrastructure.

$4,900 – $15,000 48 hours by email

KelpDAO post‑mortem·1,246 words·62 sources·4 slots / month

Independent research. Not investment advice. Not commissioned for market positioning.

Commission a report Read the KelpDAO report first

Four commissions per month — full forensic time on each. Next opening confirmed by email within 24 hours.

Checkout could not start. Email marcus@forensic-capital.com and the commission will be opened manually.

02 — Credential

I do not list clients. I publish the work.

The report below was published six days after the incident. It is the format, depth, and structure of every commission. Read it before paying anything.

2026.05.26 1,246 words 62 sources FORENSIC

The KelpDAO Bridge Exploit

Forensic timeline of the $292M LayerZero DVN failure, the $177M Aave V3 contagion path, and the structural case against LRT collateral in non‑isolated lending pools.

Read in browser · Download PDF

March 2026 Lending Oracle misconfiguration CLOSED

Aave CAPO Oracle — $27M

CAPO parameter mismatch on wstETH core and prime instances. 34 healthy accounts liquidated. Full compensation. Risk manager departure 26 days post‑incident. TVL impact traced via DefiLlama. FC signal‑inventory cross‑referenced.

Read in browser

March 2026 Stablecoin Cloud credentials CLOSED

Resolv USR — $25M

AWS KMS signing rights compromised via GitHub contractor credential. SERVICE_ROLE EOA minted 80M USR in 17 minutes. No on-chain ratio check. 4 protocols affected. TVL −20.7% at J+7. FC signal‑inventory cross‑referenced.

Read in browser

May 2026 Cross-Chain Bridge Bridge verification CLOSED

Verus Bridge — $11.58M

$10 USD entry cost. 1:1,158,000 exploit-to-loss ratio. checkCCEValues source-destination binding gap. CROSS_CHAIN_BRIDGE_VERIFICATION class. 75% recovered via bounty negotiation. FC-004.

Read in browser

Researcher Marcus · Independent security researcher · Forensic Capital

Contact marcus@forensic‑capital.com

Single author. Single signatory. Independent research. No subcontracting, no co-branding, no white-label.

03 — Method

Public data. Forensic discipline.

No private access. No insider sourcing. Every input is public, archived, and independently verifiable.

Infrastructure

DNS · WHOIS · RDAP
TLS certificates · CT logs
HTTP headers · CSP · CORS
BGP routing · ASN registries
Subdomain enumeration

Stack — crt.sh · censys · bgp.tools · dnsdumpster

On-chain — observable state

Contract state
Proxy configuration
Upgrade history
Governance topology
Liquidity depth
Token flows

Read as published state — observation, not reconnaissance.

Stack — etherscan · dune · tenderly · foundry · slither

Regulatory

SEC EDGAR · FCA · MAS
FINMA · BaFin · AMF filings
Court records · enforcement
OFAC · UN sanctions lists
Corporate registries · UBO

Stack — edgar · opencorporates · ofac sdn · uk gazette

Frameworks — Trail of Bits SC Audit Guide · OWASP SCSVS · MITRE ATT&CK v15 · NIST CSF 2.0 · IBM Cost of a Data Breach 2024 · Verizon DBIR 2024

04 — What you receive

A single document. Composed from scratch.

Seven movements. No template. No recycled sections.

IExecutive summary.
IIForensic timeline or structural decomposition.
IIIOn‑chain data — every quantitative claim traced to a transaction hash, storage slot, or governance proposal.
IVDependency & risk map — where the protocol depends on external systems, where risk concentrates, and how resilient the structure is to stress — assessed as observable soundness, not as an exploitation path.
VStructural implications.
VIScenario analysis — three dated scenarios (base, upside, downside), each tied to an observable catalyst, with a confidence score and stated assumptions. Below 70% confidence, the report says UNKNOWN rather than estimating. Analytical, not investment advice.
VIISourcing appendix.

05 — Engagement

Review. Brief. Receive.

Three steps. No call. No meeting.

Review

Read the published report. The KelpDAO post‑mortem is the format, depth, and structure of every commission. You read the full report before any payment is due.
Scope

You return the brief in your own time. Protocol name. Scope. Specifics. Active incident? Add [ACTIVE INCIDENT] to your subject line or note it here — triaged first. Scope is confirmed same business day.
Active incident? Commission here
Receive

Report delivered to your inbox within forty‑eight hours of scope confirmation. One revision round included.

T+0 Commission paid Stripe receipt · scoping brief sent
T+1h Scoping brief delivered Five questions · protocol, focus, deliverable
T+1d Scope confirmed Brief returned · research begins
T+48h Rapid Triage delivered PDF by email · attack vector · FC-CLASS taxonomy
T+72h Standard delivered PDF by email · sourcing appendix attached
>T+72h Full refund If undelivered · via Stripe · no questions

06 — Commission

Commission a report.

Median Immunefi critical bounty: $20K. Median DeFi exploit loss: $25M. Ratio 1,250:1. — Immunefi Research, May 2026

Rapid Triage

$4,900

48h · USD · EUR · USDC · Stripe

Full refund if no actionable finding delivered.

Incident assessment — 48-hour delivery
Attack vector identification
FC-CLASS taxonomy classification
Loss reconstruction (on-chain)
Format — PDF · Markdown Notion · sourcing annex
Full refund if not delivered in 48h

Commission Triage

Recommended

Standard

$15,000

72h · USD · EUR · USDC · Stripe

Everything included in Rapid Triage
Board restitution call included
Post-fix verification
Claims-committee ready format
Format — PDF · Markdown Notion · sourcing annex
Delivered within the agreed timeframe
Full commercial rights — perpetual
Already commissioned Rapid Triage? Amount credited in full toward Standard within 30 days.

Priority delivery — +$3,000. 48h instead of 72h. One priority slot per week. Subject to availability at scoping.

Commission Standard

Defensible

On request

USD · EUR · USDC · Stripe

Everything in Standard
Insurance-ready version
Regulatory annex included
Support before claims committee
Contested-claim response prepared
Format — PDF · Markdown Notion · sourcing annex
Custom timeline — stated in scope. Expedited timelines available — stated in scope.
Full commercial rights — perpetual

Commission Defensible

Zero-risk engagement. Scope is defined at briefing and confirmed in writing by both parties before research begins. If the report is not delivered within the agreed timeframe, or does not address the confirmed scope, you are fully refunded via Stripe within 14 days. Disputes covered by us — not escalated to Stripe.

Stripe encrypted · 3‑D Secure · SCA compliant · Invoiced from a registered entity.

07 — Coverage

Primary focus

DeFi market structure. Liquid restaking. Bridges and cross‑chain infrastructure. Lending protocols. Exploit forensics. Tokenomics design.

Adjacent, case by case

DePIN. On‑chain credit. Prediction markets. Stablecoin architecture. Real‑world assets.

Out of scope

Sponsored coverage. Price predictions absent structural thesis. Reproducible exploitation paths or attack tooling. Research commissioned for coordinated market action. Anything not sourceable from public data.

Posture, risk, and observable soundness — never a how‑to for breaking a system. Independent research, held to its sources.

Independent security researcher · Marcus · Forensic Capital.

08 — Questions

Who are you?

One analyst. No team. The work speaks for itself.

Why no introductory call?

Because the work is the credential. A call costs thirty minutes and reveals nothing the published report does not. Read it. If the work convinces you, commission. If not, do not.

What if the report does not meet expectations?

One revision round is included, scoped within seven days of delivery. Scope is defined at briefing and confirmed in writing by both parties before research begins. If the report is not delivered within the agreed timeframe, or does not address the confirmed scope, you are fully refunded via Stripe within 14 days. Disputes covered by us — not escalated to Stripe.

How is pricing structured?

Two tiers: Standard ($15,000) — board restitution call, post-fix verification, claims-committee format. Defensible (on request) — insurance-ready version, regulatory annex, contested-claim support. Rapid Triage ($4,900) available for 48-hour incident assessments. All tiers: delivery-validation basis, you review before payment, scope in writing, full refund if scope not delivered.

How does this compare to BitSight, SecurityScorecard, UpGuard?

Same category, different focus. They sell continuous scores. I write a single research report on one protocol’s posture.

A protocol you have not covered before — possible?

That is the standard case. Every report is composed from scratch on the protocol specified in the scoping brief. Pre‑launch or low‑liquidity protocols may extend delivery to five days, flagged before any work begins.

An incident that needs faster turnaround?

Incidents under seventy‑two hours old can be scoped for 48-hour delivery at the standard rate, subject to availability. Mark [ACTIVE INCIDENT] in your subject line — triaged first.

Active incident? Commission here

NDA from internal legal?

Standard mutual NDA included on request. Custom NDAs up to two pages without negotiation rounds. Beyond that, a $250 legal review fee applies, credited against the report price.

Jurisdictions not accepted?

Commissions from OFAC‑sanctioned jurisdictions are not accepted. Standard KYC required above $10,000 cumulative engagement.

Are reports legally usable?

Every input is public. Every claim is sourced. Reports are intelligence products, not legal advice. Counsel should review before any action with legal weight.

09 — Commission

Gateway Forensic Report $4,900 – $15,000.
48h Triage · 72h Standard.

Price: $4,900 – $15,000
Delivery: 48h Triage · 72h Standard
Response: Same business day
Capacity: 4 / month

Commission a report

Response. A direct reply from the analyst — same business day for messages received during European/US overlap, and within one business day otherwise. For an active incident, mark [ACTIVE INCIDENT] in the subject — these are triaged first. No automated responses. No SDR calls.

Commissions accepted from funds, family offices, research desks, and operators, as independent research. Not commissioned for market positioning against the protocol analysed.

Prefer a bank transfer or USDC?
Contact marcus@forensic-capital.com — invoice issued within 24h.

Contact · Terms · Privacy