About
HubSec builds security tools for blockchain teams and security professionals. Our tools are used by developers to find vulnerabilities before deployment, by security analysts to investigate incidents, and by auditors to generate professional reports.
We started from investigating bridge incidents in the Polkadot ecosystem and kept finding the same patterns — insufficient proof validation, shallow authorization checks, missing boundary conditions. Different protocols, same classes of bugs. So we built tooling to catch them systematically.
Every incident we analyze feeds back into our detection rules and our known-address database. The goal is systematic: turn incident patterns into prevention infrastructure that anyone can run.
Founder
Dr. Abdulbasit Sadiq (Abdulbee)
Founder
Medical graduate (MBBS) and blockchain security researcher. Six years in the Polkadot ecosystem. Former executive member and captain of the Polkadot Anti-Scam Team. Current Polkadot moderator.
Built HubSec to address the gap in indigenous security tooling for the Polkadot ecosystem. HubSec's approach combines automated on-chain forensic analysis with static vulnerability scanning, producing independently verifiable investigation reports backed by direct blockchain queries.
Background spans medicine, quantitative analysis, and blockchain infrastructure. The same systematic methodology that drives clinical diagnosis drives HubSec's investigative process: observe the data, form hypotheses, test against evidence, report findings with confidence levels.
Focus
Our tools go deep on the Polkadot stack — Substrate runtimes, FRAME pallets, ink! contracts, XCM messaging, and the bridge infrastructure that connects it all.
Not affiliated with Parity Technologies, Web3 Foundation, or any protocol team. Our tools and analysis are independent.
PGP: 1027 0DFF 53E0 B61F 809F C079 E0E6 BF50 4785 0199
HubSec Forensics is an on-chain investigation toolkit. Attribution analysis produces probabilistic assessments, not definitive identification. Timezone estimates, behavioral profiles, and entity resolution are investigative leads, not proof of identity. The tools do not access off-chain personal data, IP addresses, or exchange KYC records. For identity confirmation and legal action, engage qualified legal counsel and law enforcement with the evidence packages generated by the toolkit.