Summary: ChainLight is better cataloged as security and risk infrastructure than as a narrow audit boutique. In this pass, the clearest first-party evidence came from the official site, the security-audit page, the public web3-publications repository maintained by Theori, and ChainLight’s first-party DART and ecosystem-research posts. Taken together, those materials show a team that pairs manual audits with public report and track-record curation, a separate digital-asset risk intelligence product, and ongoing security research into emerging sectors such as AI x blockchain.
What it does:
Performs smart-contract and broader blockchain security audits and describes a multi-phase engagement that includes real-time security analysis, fix review, and a final certified report
Maintains a public repository of disclosed audits, bug-bounty results, and public track record items tied to ChainLight and its parent security firm Theori
Operates DART (Digital Asset Risk Tracker), a separate platform positioned as comprehensive Web3 risk management for users, exchanges, and builders
Publishes first-party security research and ecosystem analysis, including thematic work on AI-blockchain projects and vulnerability patterns in live ecosystems
Frames its team around white-hat and CTF pedigree, using that reputation as part of the trust surface for its security services
Key claims:
The homepage says ChainLight was established in 2016 and that its award-winning experts provide tailored security solutions for smart contracts and blockchain products
The homepage also says ChainLight has a proven track record of zero client compromises and presents DART as going beyond standard risk assessments and security audits to reveal concealed threats
The security-audit page describes a five-phase process spanning request intake, audit strategy, security examination, consultation and code review, and a final report with patch suggestions and audit certification
The public web3-publications repository says ChainLight in Theori has consulted for Upbit and Coinone since 2019, entered the Web3 security market in earnest, and collects publicly available audits, bug-bounty results, and competition records even though many client engagements remain undisclosed under NDA
The same repository highlights public artifacts including Ethereum bug-bounty placement, Paradigm CTF placement, and disclosed audits for projects such as KLAYswap, Orbit Bridge, MESHswap, Klaytn governance contracts, and Blur Blend
The DART launch post says the platform protects users, exchanges, and project builders from vulnerabilities and threats, combining expert-designed risk assessment, static analysis, real-time blockchain monitoring, latent-risk tracking, and customizable alerts
ChainLight’s AI-blockchain research post explicitly positions the firm as doing ecosystem analysis from a security perspective rather than only shipping one-off client audits
Whitepaper: No canonical standalone ChainLight whitepaper or litepaper surfaced in this pass. The clearest current sources of truth were the official site, the security-audit page, Theori’s public web3-publications repository, and ChainLight’s DART and ecosystem-research posts; see ../whitepapers/chainlight-primary-sources-2026-05-04.md.