{"id":"chaofan-shou","title":"Chaofan Shou","content":"**Chaofan Shou** is the cofounder and CTO of Fuzzland, a [blockchain](https://iq.wiki/wiki/blockchain) security company specializing in automated testing tools for smart contracts, and a software engineer at [Solayer](https://iq.wiki/wiki/solayer). He is also known for discovering and publicizing a major source code leak from Anthropic's AI coding assistant, Claude Code. [\\[1\\]](#cite-id-1upE2NKSnQ) [\\[2\\]](#cite-id-WPEdesKRVM) [\\[6\\]](#cite-id-nnKN2PwY1V) [\\[4\\]](#cite-id-PrJqLx4xUp)​\n\n$$widget0 [YOUTUBE@VID](AF7h-n53Kno)$$\n\n## Overview\n\nChaofan Shou has established himself as a notable figure in [blockchain](https://iq.wiki/wiki/blockchain) security and program analysis. His work spans academic research, entrepreneurship, and security engineering, with significant contributions to [smart contract](https://iq.wiki/wiki/smart-contract) security and automated testing methodologies. Shou's expertise in identifying and addressing security vulnerabilities has led to the discovery of numerous critical issues across various platforms, with reported bounties reaching approximately $1.9 million. His research has been published in prestigious academic conferences, and he has delivered talks at industry events focused on blockchain security and fuzzing techniques. [\\[1\\]](#cite-id-1upE2NKSnQ) [\\[2\\]](#cite-id-WPEdesKRVM) [\\[6\\]](#cite-id-nnKN2PwY1V) [\\[4\\]](#cite-id-PrJqLx4xUp)\n\n## Education\n\nFrom August 2022 to 2025, Shou pursued a Ph.D. in Computer Science at the University of California, Berkeley, before dropping out. While there, he worked in the Sky Computing Lab under the supervision of Professor Koushik Sen, and his research concentrated on program analysis, security, and distributed systems. Before his doctoral studies, he earned a Bachelor of Science in Computer Science from the University of California, [Santa](https://iq.wiki/wiki/santa) Barbara, attending from October 2019 to December 2021. [\\[1\\]](#cite-id-1upE2NKSnQ) [\\[4\\]](#cite-id-PrJqLx4xUp)​\n\n## Career\n\nShou's professional career includes a position as a security engineer at Salesforce, where he contributed to Static Application Security Testing (SAST) solutions, internal network scanning services, and data pipelines. During this period, he developed expertise in identifying security vulnerabilities across various platforms, which served as a basis for later work with [blockchain](https://iq.wiki/wiki/blockchain) technologies.\n\nFollowing his time at Salesforce, Shou became a founding engineer at Veridise, a [blockchain](https://iq.wiki/wiki/blockchain) security startup. At Veridise, he led the development of several automated testing tools specifically designed for [smart contracts](https://iq.wiki/wiki/smart-contract) and blockchains. His work at Veridise included the development of Chainsaw, a tool for breaking blockchains with coverage-guided fuzzing, which he presented at the Smart Contract Summit (SBC) in 2022.\n\nShou co-founded Fuzzland, where he served as the Chief Technology Officer (CTO). Fuzzland focuses on [blockchain](https://iq.wiki/wiki/blockchain) security, particularly developing automated testing tools for smart contracts. In February 2024, Fuzzland announced the closing of a $3 million seed funding round. Following Fuzzland's acquisition by [Solayer](https://iq.wiki/wiki/solayer), Shou joined [Solayer](https://iq.wiki/wiki/solayer) as a software engineer, contributing to the development of a high-performance SVM blockchain. [\\[2\\]](#cite-id-WPEdesKRVM) [\\[6\\]](#cite-id-nnKN2PwY1V) [\\[7\\]](#cite-id-RbyB1Ulgbk) [\\[8\\]](#cite-id-WwFHq0KDPl)​\n\n## Research and Publications\n\nShou has authored and co-authored several academic papers in the fields of [smart contract](https://iq.wiki/wiki/smart-contract) security, program analysis, and distributed systems. His notable publications include:\n\n* \"ItyFuzz: Snapshot-Based Fuzzer for On-Chain Smart Contract Auditing\" (ISSTA '23), co-authored with Shangyin Tan and Koushik Sen;\n* \"Rare-Seed Generation for Fuzzing\" (ISSTA '23);\n* \"Query Planning for Robust and Scalable [Hybrid](https://iq.wiki/wiki/hybrid) Network Telemetry Systems\" (CoNext '24), with multiple co-authors;\n* \"Unveiling Collusion-Based Ad Attribution Laundering Fraud: Detection, Analysis, and Security Implications\" (CCS '24);\n* \"CorbFuzz: Checking Browser Security Policies with Fuzzing\" (ASE '21). [\\[1\\]](#cite-id-1upE2NKSnQ)\n\nShou maintains an active presence on GitHub, where he has contributed to numerous repositories. His pinned projects include ItyFuzz, a bytecode-level hybrid fuzzer for [smart contracts](https://iq.wiki/wiki/smart-contract), and digfuzz, an implementation of probabilistic path prioritization for hybrid fuzzing. He has also contributed to major open-source projects such as LibAFL and Facebook's Hermes JavaScript engine. [\\[1\\]](#cite-id-1upE2NKSnQ) [\\[6\\]](#cite-id-nnKN2PwY1V) [\\[5\\]](#cite-id-WcxQNaMfQN) [\\[5\\]](#cite-id-WcxQNaMfQN)​\n\n## Notable Bug Bounties and Vulnerability Disclosures\n\nBetween 2020 and 2022, Chaofan Shou actively participated in bug bounty programs, earning approximately $1.9 million in rewards (including locked tokens). His discoveries include a wide array of critical security and privacy vulnerabilities. [\\[1\\]](#cite-id-1upE2NKSnQ)​\n\n### Security Issues\n\n* **2024 - RisingWave:** RCE on any compute node with read-only/low-privilege accounts.\n* **2024 - Devin.ai:** SSRF leading to user info leaks and complete system takeover.\n* **2024 -** [**Kaito**](https://iq.wiki/wiki/kaitoai)**:** API issues leading to user info leaks and complete system takeover.\n* **2024 -** [**Etherscan**](https://iq.wiki/wiki/etherscan)**:** XSS + Cloudflare bypass that can take over all accounts / facilitate phishing.\n* **2023 - Twitter:** XSS + CSRF + CSP bypass leading to all Twitter accounts take over.\n* **2023 -** [**Gate.io**](https://iq.wiki/wiki/gate) **Exchange:** CSRFs leading to manipulation of user positions.\n* **2023 - FreedomFi:** Authorization bypass leading to command execution (RCE) on 7000+ miners.\n* **2022 - Polygon Edge:** Multiple validator DoS leading to easy 51% (2/3 technically) attack.\n* **2022 - DogeChain:** Multiple validator DoS & genesis contracts critical logic flaws => fixed with a fork.\n* **2022 - FTX OTC:** Reflected XSS requiring certain user interaction.\n* **2022 - IBAX Network:** Multiple validator DoS leading to easy 51% attack.\n* **2022 - FastRLP:** Index out of range during parsing block data.\n* **2022 - Ethgo:** Memory vulnerabilities during decoding transaction & log.\n* **2022 -** [**Deeper Network**](https://iq.wiki/wiki/deeper-network)**:** Memory vulnerabilities in pkt parsing leading to RCE on 30k+ miners.\n* **2021 - React Native / Hermes:** Memory vulnerability due to recursive JS proxy.\n* **2021 - FTX US:** Request smuggling leading to potential users trade information leakage.\n* **2021 - CVS Pharmacy:** SSRF + TLS Poisoning leading to public access of all internal systems.\n* **2021 -** [**Helium**](https://iq.wiki/wiki/helium)**:** Incorrect logic leading to easy manipulation of mining mechanism.\n* **2020 - NetEase Email:** XSS + CSP bypass, can lead to all business customer account takeover.\n* **2020 - Baidu:** Multiple stored XSS, can lead to 218M account takeover.\n* **2019 - Gogs:** Race conditions leading to policy bypass.\n* **2019 - NetEase:** XSS + CSRF, can lead to 1 billion+ account takeover.\n* **2016 - Shanghai Government:** 100+ SQL injection / LFI / etc.\n\n### Privacy Issues\n\n* **2021 - Comcast:** Malicious user can hijack network traffic.\n* **2021 - Google Nest:** Side-channel leading to leakage of user actions.\n* **2021 - MyQ:** Side-channel leading to leakage of user actions.\n* **2021 - Samsung Home:** Side-channel leading to leakage of user actions.\n* **2020 - iQIYI:** User PII leakage in APIs.\n* **2020 - Mail.ru:** User PII leakage in APIs.\n* **2017 - Baidu:** User PII leakage in APIs.\n\n## Interviews\n\n### Mitigating Smart Contract Attacks #01\n\nOn August 16, 2024, Chaofan Shou appeared in an interview on the IC3 Initiative for Cryptocurrencies and Contracts YouTube channel, presenting his views on the challenges and defense strategies against [smart contract](https://iq.wiki/wiki/smart-contract) attacks. According to Shou, losses in 2024 have already exceeded US $100 million, with notable incidents such as the Ronin [Bridge](https://iq.wiki/wiki/bridge) exploit and repeated hacks of protocols that underwent multiple audits without addressing critical flaws.\n$$widget0\n$$widget0 [YOUTUBE@VID](wP07Qu6RPXs)$$\n$$\nShou points out that many attacks occur via private RPCs, preventing front‑running bots from detecting and blocking malicious transactions before they are mined. The fierce competition among defender and attacker bots, combined with skyrocketing gas fees, drastically reduces the effectiveness of on‑chain rescue attempts, he notes that no fund recoveries were successful in 2024 using front‑running alone.\n\nAccording to the researcher, there is a recurring pattern in the preparatory phase of attacks: attackers often deploy exploit contracts moments before executing the malicious transaction. This detail, Shou argues, opens a window for proactive interventions. By monitoring and analyzing newly deployed contracts, defense teams could repurpose those same exploits to hijack the original attack, significantly increasing the chances of fund recovery.\n\nTo operationalize this concept, Chaofan Shou proposes the creation of a “mysterious Oracle” capable of predicting attack parameters or reconstructing exploit transactions in real time. In experiments conducted since January 2023, his team demonstrates that, with optimized parameters and exploit‑hijacking techniques, it would be possible to recover up to US $120 million in compromised funds.\n\nFinally, Shou emphasizes the importance of combining on‑chain analysis, collaboration among research teams, and new approaches, such as programmatic repair of contracts, to create dynamic defense mechanisms. In his view, leveraging historical attack data and predictive models is essential to prevent future losses and more effectively protect the [blockchain](https://iq.wiki/wiki/blockchain) ecosystem. [\\[9\\]](#cite-id-2Rz6pprgDL)\n\n## Anthropic Claude Code Leak\n\nIn March 2026, Shou discovered and publicized a major source code leak of Anthropic's AI coding assistant, Claude Code. On March 31, he revealed that the complete source code for the tool was accidentally exposed to the public due to human error in the product's release packaging. A JavaScript source map file (`.map`) included in a public npm package (version 2.1.88) contained a reference that allowed for the download of the full codebase, totaling over 512,000 lines of TypeScript. The leak, which Shou brought to light on X (formerly Twitter), exposed internal architecture, unreleased features, and internal model codenames. [\\[10\\]](#cite-id-kqu5dUkUKs23NjaL) [\\[11\\]](#cite-id-SRZkyzvoKHxElxpH) [\\[12\\]](#cite-id-lHV3P3MlyspwED1A)","summary":"Chaofan Shou is the cofounder and CTO of Fuzzland, a blockchain security company specializing in automated testing tools for smart contracts, and a software engineer at Solayer.","images":[{"id":"QmbPbjEFQqJAfotFXinKET9MMU4ob5UAwcps6iJmonyTjf","type":"image/jpeg, image/png"}],"categories":[{"id":"people","title":"People in crypto"}],"tags":[{"id":"Founders"},{"id":"Developers"},{"id":"PeopleInDeFi"}],"media":[{"id":"QmcemT2dbn7ZsbpfBobgWfhH9BDtUpYkb3qmT7rNsFAKjK","size":null,"name":null,"type":"GALLERY","source":"IPFS_IMG"},{"id":"https://www.youtube.com/watch?v=wP07Qu6RPXs","name":"wP07Qu6RPXs","caption":"","thumbnail":"https://www.youtube.com/watch?v=wP07Qu6RPXs","source":"YOUTUBE"},{"id":"https://www.youtube.com/watch?v=AF7h-n53Kno","name":"AF7h-n53Kno","caption":"","thumbnail":"https://www.youtube.com/watch?v=AF7h-n53Kno","source":"YOUTUBE"}],"metadata":[{"id":"github_profile","value":"https://github.com/shouc"},{"id":"linkedin_profile","value":"https://www.linkedin.com/in/scff/"},{"id":"twitter_profile","value":"https://x.com/Fried_rice"},{"id":"website","value":"https://scf.so/"},{"id":"references","value":"[{\"id\":\"1upE2NKSnQ\",\"url\":\"https://scf.so/\",\"description\":\"Personal website\",\"timestamp\":1745098946091},{\"id\":\"WPEdesKRVM\",\"url\":\"https://medium.com/fuzzland-blog/fuzzland-closes-3m-seed-funding-round-d3a72316c248\",\"description\":\"Medium announcement\",\"timestamp\":1745098946091},{\"id\":\"YTXiTs94SG\",\"url\":\"https://github.com/shouc\",\"description\":\"GitHub profile\",\"timestamp\":1745098946091},{\"id\":\"PrJqLx4xUp\",\"description\":\"LinkedIn: Chaofan Shou\",\"timestamp\":1745099811625,\"url\":\"https://www.linkedin.com/in/scff/\"},{\"id\":\"WcxQNaMfQN\",\"description\":\"Twitter: Chaofan\",\"timestamp\":1745099845658,\"url\":\"https://x.com/shoucccc\"},{\"id\":\"nnKN2PwY1V\",\"description\":\"GitHub: Chaofan\",\"timestamp\":1745099883159,\"url\":\"https://github.com/shouc\"},{\"id\":\"RbyB1Ulgbk\",\"description\":\"Medium: Chaofan\",\"timestamp\":1745099903209,\"url\":\"https://medium.com/@chaofan-fuzzland\"},{\"id\":\"WwFHq0KDPl\",\"description\":\"Rootdata: Chaofan\",\"timestamp\":1745099913192,\"url\":\"https://www.rootdata.com/member/Chaofan%20Shou?k=MTQ5NDc%3D\"},{\"id\":\"2Rz6pprgDL\",\"description\":\"Chaofan Shou (UC Berkeley) - \\\"Mitigating Smart Contract Attacks in the Real World\\\"\\n\",\"timestamp\":1745100149143,\"url\":\"https://www.youtube.com/watch?v=wP07Qu6RPXs\"},{\"id\":\"kqu5dUkUKs23NjaL\",\"url\":\"https://www.theregister.com/2026/03/31/anthropic\\\\_claude\\\\_code\\\\_source\\\\_code/\",\"description\":\"The Register on Claude Code leak\",\"timestamp\":1775048543867},{\"id\":\"SRZkyzvoKHxElxpH\",\"url\":\"https://wavespeed.ai/blog/posts/claude-code-leaked-source-hidden-features/\",\"description\":\"Claude Code source leak analysis\",\"timestamp\":1775048543867},{\"id\":\"lHV3P3MlyspwED1A\",\"url\":\"https://venturebeat.com/technology/claude-codes-source-code-appears-to-have-leaked-heres-what-we-know\",\"description\":\"VentureBeat on Claude Code leak\",\"timestamp\":1775048543867}]"},{"id":"previous_cid","value":"\"https://ipfs.everipedia.org/ipfs/QmPThDopaW7bHqforcDBX6zyV9qquskUuQqcVDVYSpRsSa\""},{"id":"commit-message","value":"\"Removed recentActivity field\""},{"id":"previous_cid","value":"QmPThDopaW7bHqforcDBX6zyV9qquskUuQqcVDVYSpRsSa"}],"events":[],"user":{"id":"0x8af7a19a26d8fbc48defb35aefb15ec8c407f889"},"author":{"id":"0x8AF7a19a26d8FBC48dEfB35AEfb15Ec8c407f889"},"operator":{"id":"0x1E23b34d3106F0C1c74D17f2Cd0F65cdb039b138"},"language":"en","version":1,"linkedWikis":{"blockchains":[],"founders":[],"speakers":[]},"recentActivity":"{\"items\":[{\"id\":\"01503202-c155-444c-9eaf-514dbcb0c293\",\"title\":\"Chaofan Shou\",\"description\":\"Chaofan Shou is the cofounder and CTO of Fuzzland, a blockchain security company specializing in automated testing tools for smart contracts, and a software engineer at Solayer.\",\"timestamp\":\"2026-04-01T14:17:35.766Z\",\"category\":\"People in crypto\",\"status\":{\"icon\":\"RiGlobalLine\",\"label\":\"Wiki Updated\",\"iconClassName\":\"text-green-500\"},\"user\":{\"name\":\"0x8AF7a19a26d8FBC48dEfB35AEfb15Ec8c407f889\",\"address\":\"0x1E23b34d3106F0C1c74D17f2Cd0F65cdb039b138\"},\"button\":{\"label\":\"View Summary\",\"icon\":\"RiFileTextLine\"},\"summarySections\":[{\"title\":\"Metadata\",\"subtitle\":\"Wiki metadata was updated with a new ID and additional properties.\",\"variant\":\"modified\",\"changeCount\":5,\"changes\":[\"Changed ID from 'QmbPmo478nj3SwXuyHshm7mhBo1t94ooTs7gXxP3Ckapos' to 'QmbPbjEFQqJAfotFXinKET9MMU4ob5UAwcps6iJmonyTjf'.\",\"Added metadata property 'words-changed' with value '297'.\",\"Added metadata property 'percent-changed' with value '38.98'.\",\"Added metadata property 'blocks-changed' with value 'content, tags'.\",\"Added metadata property 'wiki-score' with value '98'.\"]},{\"title\":\"Speakers\",\"subtitle\":\"The 'speakers' field was removed.\",\"variant\":\"removed\",\"changeCount\":1,\"changes\":[\"Removed the 'speakers' field, which was an empty array.\"]}]}]}"}