CoinFabrik

• Name: CoinFabrik
• URL: https://www.coinfabrik.com/
• Category: smart-contract security firm / public audit-report corpus / blockchain security tooling and static-analysis infrastructure / research-driven web3 engineering team
• Summary: CoinFabrik is a real security-and-tooling shop, not just another audit vendor. The useful parts are the public report corpus, Scout, and the fact that it spans several non-EVM ecosystems without turning into a category anchor.
• What it does:
  • Performs smart-contract and blockchain security audits across several language and ecosystem surfaces including Solidity, Rust, Clarity, Soroban, Substrate, Go, and more
  • Maintains a first-party public audit-report corpus on both its website and GitHub, with reports spanning projects such as Stacks, Paxos, THORChain, 1inch, Fireblocks, and Allbridge
  • Publishes audit-summary pages on its site that turn private engagements into public ecosystem knowledge once reports are released
  • Builds Scout, an open-source security-analysis tool for ink!, Soroban, and Substrate developers and auditors, with CLI, VS Code, GitHub Action, and multi-format reporting support
  • Frames itself as a research-and-development company with academic collaborations and grant-backed open-source security work in addition to client services
• Key claims:
  • The GitHub organization says CoinFabrik is a Web3 research-and-development company with a strong cybersecurity background, founded in 2014, and says it has worked on over 500 decentralization projects across EVM and non-EVM ecosystems
  • The smart-contract-audits service page highlights “+350 Security Audits,” “+9K Vulnerabilities Detected,” and “10 Years in the Market,” which signals material security scale rather than a small boutique footprint
  • The same service page says CoinFabrik audits contracts written in Solidity, Rust, Clarity, Go, Soroban, and more, supporting the idea that the firm spans several contract ecosystems instead of specializing in only one VM
  • The public audits README presents a structured cross-ecosystem report corpus including Clarity, Rust, Solidity, Soroban, and Substrate engagements, which makes the public-report surface itself a useful piece of security infrastructure
  • The Scout README says the tool is an extensible open-source security-analysis tool for ink!, Soroban, and Substrate, built out of CoinFabrik’s manual-auditing experience and shipped with editor and CI integrations
  • The Scout README also cites support from the Web3 Foundation, Aleph Zero, Stellar Community Fund, and Polkadot Assurance Legion, which reinforces the project’s role as ecosystem-facing tooling rather than internal-only audit automation
  • The Stacks PoX audit-summary page shows CoinFabrik actively publishing findings around live protocol components, confirming that the company’s public knowledge surface is ongoing and not merely historical marketing material
• Whitepaper: No canonical standalone CoinFabrik whitepaper or litepaper surfaced in this pass. The clearest current source of truth was the official site, the audit-services page, the public audit-report corpus, and the Scout repository; see ../whitepapers/coinfabrik-primary-sources-2026-05-03.md.
• Sources:
  • https://www.coinfabrik.com/
  • https://www.coinfabrik.com/services/smart-contract-audits/
  • https://www.coinfabrik.com/smart-contract-audit-reports/
  • https://www.coinfabrik.com/blog/stacks-pox-audit-report/
  • https://github.com/coinfabrik
  • https://raw.githubusercontent.com/coinfabrik/audits/main/README.md
  • https://raw.githubusercontent.com/coinfabrik/scout-audit/main/README.md

Internal linkages

• Keep this one on the strongest tooling-heavy security contrasts.

• Best comparisons: dedaub, certora, and trail-of-bits.

• Last reviewed: 2026-05-29 UTC