Sun Huang

Co-Founder, Board Member and Chief Technology Officer

LinkedIn | Twitter


Sun Huang is Co-Founder, Board Member, and CTO of Unitas Foundation. He is also Chief Security Officer & General Manager of XREX Inc. Sun has made important contributions in web3 security and has open-sourced DeFiHackLabs and DeFiVulbLabs. He is also a founder of DeFiHackLabs community and Web3 Cybersecurity Academy. Before XREX, Sun was Senior Threat Researcher to Proofpoint (NASDAQ: PFPT). He has more than 15 years of experience in information security. Sun has discovered many Web applications 0days, including CMS and C2 Panel. Sun has participated in many security contests, and was 1st place in 2014 Tencent Android bug hunting, one of the top 10 researchers in Paypal's 2013 Bug Bounty Wall of Fame. He was also the third-place AT&T bug hunter in 2013. Sun currently holds OSCP, AWS-certified security, CEH, ECSS, PMP, CTCE, and CCNA certifications.

Sun is also a senior Red Team penetration tester, cyber defense advisor, frequent speaker, CTF enthusiast, and trainer where he performs security and risk assessments, vulnerability and penetration testing, security program design, policy development, fraud, and anti-money laundering (AML) investigations.


Sun has kenoted at Taipei Ethereum Meetup '19, SecTor '18, Blockchain Technology Conference '18, BLOCKConscious Summit '18, Chain-in '18, BlackHat '17, Hackfest '17, Hack in Paris '17, AusCERT '16, Troopers '16, '16, SteelCon '16, TROOPERs '16, Virus Bulletin '16, RSA '15 '16.


As a bug bounty hunter Sun has contributed to Apple, AWS, Adobe, AT&T, Paypal, Facebook, Yahoo, eBay, Cloudera, IBM, Nokia, WordPress, Menalto Gallery, Yandex, Tencent, Baidu, Sina, Alibaba, CCBill, IBM, etc.


Ethical Hacking, Offensive/Defensive techniques, Vulnerability Analysis, Cyber Forensics, Malware Analysis, Threat Intelligence, Mobile Security, Web Security, Code Review, Flash Security, Smart Contract Security, Wallet Security, K8S Container Security, Cloud Infrastructure Security, AML Investigation and DevSecOps.


  • Co-founder of Insight Labs (Security community) since 2008. Insight Labs is a group of security organizations from around the world with information security experts.

  • Creator of DeFiHackLabs and DeFiVulnLabs got 2,000+ stars on Github.

  • Author of 101 root cause analysis of DeFi Hacked incidents.

  • ScamSniffer Advisor, All-in-One Web3 Anti-Scam Solution.


  • How the crypto industry is attacked today -- a survey of recent compromises and losses.

  • 25 Techniques to Gather Threat Intel and Track Actors.

  • Hacking Blockchain for Fun and Real Profit.

  • Witness the Russian attack: Live demos of their steps, tools, and techniques.

  • Unveiling One of the World’s Biggest and Oldest Cybercrime Gangs–Asprox.

  • Unveiling the Attack Chain of Russian-Speaking Cybercriminals.

  • New Ways of Emerging APT Actors: India, South Africa, Nigeria, and Indonesia.

Last updated