OpenZeppelin

Smart contract security requires lifecycle-level thinking, not just point-in-time snapshots 🔒 OpenZeppelin contributed to the new Blockchain Security Standards Council (BSSC) Smart Contract Security Standard to support establishing a chain-agnostic baseline for full application-layer security.

Evaluating blockchain network risk is foundational for institutional onchain products 🔒 Our 48-page Technical Risk Assessment provides the structured methodology financial institutions need when selecting blockchain networks for regulatory compliance.

Recently, J.P. Morgan cited persistent security flaws as a barrier to institutional DeFi participation. The concern is legitimate, and addressing it requires a different security posture than what most institutions currently have. Several major losses in 2024-2026 originated from failures surrounding protocols, not contract code. Most institutional risk registers address only one of the four threat layers. Monitoring changes outcomes. Automated watchdogs have detected exploits in real time, recovering funds within minutes. Institutions that instrument blockchain activity well can respond before losses become permanent. Read to learn more about what a mature security program looks like: https://lnkd.in/eh8Hwj9e

Crypto companies lost over $3.4 billion to hacks in 2025 🚨 The largest losses didn't come from smart contract bugs. They came from compromised credentials, operational failures, and code shipped between audits. While audits are essential, it's clear they're not enough. Today we're introducing the OpenZeppelin Continuous Security Program. A subscription-based engagement that brings a decade of OpenZeppelin security standards and expertise to your team continuously, scaled by AI-native workflows powered by AI Auditor. Traditional audits review code at a point in time. With continuous security, you can validate the design before code is written, build on secure foundations, catch vulnerabilities continuously, and keep production safe as it evolves. See how it works: https://lnkd.in/gzFArX3j

The OpenZeppelin Relayer now supports Zama FHEVM 🔐 Build confidential smart contracts without the transaction infrastructure overhead. FHE stays in Zama's SDK while the Relayer covers transaction submission with encrypted inputs and EIP-712 signing. To get started, see the end-to-end Zama FHEVM example with the OpenZeppelin Relayer 👇 https://lnkd.in/daGHhrXp

When financial institutions put client assets onchain, supervisors expect a defensible answer to one question: how was the blockchain network evaluated? Networks differ in finality guarantees, governance, and continuity exposure. And those differences shape regulatory risk. We've published OpenZeppelin's Technical Risk Assessment on Blockchain Networks: a structured 6-dimension methodology currently covering Ethereum, Solana, BSC, XRP Ledger, Tron, and Canton. Get the full 48-page report: https://lnkd.in/dyuG_mDE

When account state is private by design, teams need a new way to stay in sync, approve changes and manage access. OpenZeppelin worked with Miden to build Guardian, a Private State Manager that brings coordination to private accounts: shared accounts, threshold approvals, and recovery, all without custody. Learn how account coordination works on a privacy-first blockchain and which use cases it unlocks👇 https://lnkd.in/dCMghSzN

Quantum risk is a liability being quietly accumulated, one exposed public key at a time. A recent paper from Google Quantum AI authors estimates breaking 256-bit ECDLP could require fewer than 500K physical qubits, a ~20x reduction over prior estimates. The structural problem: on public blockchains, public keys become permanently visible once accounts transact. Attackers can harvest that data today to derive private keys once a cryptographically relevant quantum computer (CRQC) arrives. The same paper found at least 70 of the top 500 ETH contract accounts by balance show evidence of admin vulnerability — based on event logs like AdminChanged, ERC-1967 Upgraded, or OwnershipTransferred under OpenZeppelin's Ownable standard. The path forward exists. National Institute of Standards and Technology (NIST) finalized PQC standards FIPS 203/204/205 in August 2024. Ethereum's L1 upgrades could be completed by 2029. Bitcoin's BIP-360 (P2QRH) holds Draft status in the BIP repository, an early step toward quantum-resistant outputs. Migration is underway, but it's multi-layer and will take years. Blockchain security posture is a financial system concern. Assess your exposure before the threat is realized. Read more: https://lnkd.in/exEWUqcA

$292 million lost. The smart contracts were fine. No bug. No broken logic. KelpDAO's exploit came down to a single operations decision no smart contract security audit was ever designed to catch. This is the distinction the industry underweights: code risk vs. operational risk. Smart contract security audits review contract logic. They don't assess integration configuration, infrastructure dependencies, or how a system fails when offchain components are compromised. As cross-chain integrations deepen, the operational attack surface grows faster than the auditable code surface. That gap is where the next incident will live too. We broke down what happened and what closing that gap actually looks like: https://lnkd.in/eHpsCNq4

Privacy remains a main blocker for institutional blockchain adoption. We're excited to have built the infrastructure behind Guardian, the offchain coordination layer powering private shared accounts on Miden 🔒