Sign up to save your podcasts
Or
Share S.1 Ep.17 Security, DAOs, and Human Error: Threat Modeling Web3 with Isaac Patka
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
S.1 Ep.17 Security, DAOs, and Human Error: Threat Modeling Web3 with Isaac Patka
In this episode of Governance Futures, hosts Jamilya and Eugene speak with Isaac Patka about the evolving landscape of security in decentralized systems.
Isaac Patka is a developer and founder in the Ethereum ecosystem specializing in security and compliance infrastructure. He is the co-founder of Shield3, which conducts incident response training through Wargames exercises for major DeFi and infrastructure protocols, performs operational security audits including multisig configuration and infrastructure reviews, and builds policy and compliance infrastructure specifically for stablecoin projects.
Isaac is also a founding member and initiative lead at the Security Alliance (SEAL), an industry group of top researchers, auditors, developers, and lawyers working together to improve the security landscape of web3.
Isaac brings a rare mix of technical insight and human awareness to Web3, exploring how culture, design, and attention failures shape the vulnerabilities of DAOs.
The conversation dives into topics like proof of inattention, optimistic governance, and the hidden power of dispute resolution. Isaac shares stories from his work in white-hat hacking, DAO roasts, and wargaming—real-world simulations that help protocols identify weak points before hackers do. He also explains why paranoia is healthy in crypto, why multi-sigs often fail from social engineering rather than code, and how simple practices can drastically reduce risk.
The episode closes with reflections on AI, security culture, and why the future of governance may look a lot like the past—council-driven, human-centered, and built on trust.
Security Alliance (SEAL): https://www.securityalliance.org/
SEAL Frameworks: https://www.securityalliance.org/frameworks
Wargames: https://www.securityalliance.org/wargames
NounsDAO: https://nouns.wtf/
Timestamps:
00:00 – Cold start
00:56 – Introduction: Jamilya and Eugene welcome Isaac Patka
03:06 – Why everyone eventually gets phished: real-world hacks and human error
05:23 – The growing attack surface in decentralized ecosystems
07:42 – The birth of DAO Roasts: fact-checking decentralization claims
10:04 – NounsDAO and the challenge of decentralization with veto power
12:23 – White-hat hacking: testing governance systems responsibly
14:48 – Defining white-hat vs. gray-hat ethics in crypto
17:07 – How security gray zones blur the line between defense and offense
19:24 – The LampDAO experiment: voting to turn a real-world light on and off
21:47 – DAO governance meets physical reality and off-chain limits
24:07 – “Proof of inattention” as a governance failure mode
26:31 – Delegates, fatigue, and the limits of direct democracy
28:54 – Why most voters copy trusted delegates without understanding proposals
31:15 – Guardrails and veto power: trade-offs in optimistic governance
33:36 – The real locus of power: dispute resolution and enforcement
35:55 – The origins of Security Alliance and the birth of WarGames
38:16 – Simulating incidents: chaos drills for DeFi protocols
40:42 – Threat modeling: finding vulnerabilities beyond smart contracts
43:01 – SEAL-911: the crypto emergency hotline
45:17 – Human trust in automated systems: staking and delegation
47:39 – Why protocols still underestimate operational risks
50:06 – Security culture: humans all the way down
52:30 – Paranoia as a governance virtue
54:51 – Practical safeguards: how to verify urgent messages and avoid scams
56:54 – AI in governance: new attack surfaces and security implications
59:19 – Overwarning fatigue and the limits of “Accept risk and sign” popups
01:01:35 – Access control and permission boundaries in multisigs
01:03:52 – How to stay safe: real-world scams and social engineering examples
01:08:34 – Long cons, fake grants, and deepfakes in the crypto world
01:12:59 – Vigilance without paranoia: staying human in security
01:15:22 – Physical safety, seed phrases, and low-profile best practices
01:17:43 – Crypto conferences, travel safety, and not standing out
01:19:59 – Security frameworks and starting points for learning
01:22:24 – What DAOs should fix first: access control
01:22:59 – Why decentralization is the most misused word in Web3
01:23:36 – The future of governance: humans, councils, and lessons from the past
01:24:15 – Closing thanks and outro
View all episodes
By Governance Futures PodcastIn this episode of Governance Futures, hosts Jamilya and Eugene speak with Isaac Patka about the evolving landscape of security in decentralized systems.
Isaac Patka is a developer and founder in the Ethereum ecosystem specializing in security and compliance infrastructure. He is the co-founder of Shield3, which conducts incident response training through Wargames exercises for major DeFi and infrastructure protocols, performs operational security audits including multisig configuration and infrastructure reviews, and builds policy and compliance infrastructure specifically for stablecoin projects.
Isaac is also a founding member and initiative lead at the Security Alliance (SEAL), an industry group of top researchers, auditors, developers, and lawyers working together to improve the security landscape of web3.
Isaac brings a rare mix of technical insight and human awareness to Web3, exploring how culture, design, and attention failures shape the vulnerabilities of DAOs.
The conversation dives into topics like proof of inattention, optimistic governance, and the hidden power of dispute resolution. Isaac shares stories from his work in white-hat hacking, DAO roasts, and wargaming—real-world simulations that help protocols identify weak points before hackers do. He also explains why paranoia is healthy in crypto, why multi-sigs often fail from social engineering rather than code, and how simple practices can drastically reduce risk.
The episode closes with reflections on AI, security culture, and why the future of governance may look a lot like the past—council-driven, human-centered, and built on trust.
Security Alliance (SEAL): https://www.securityalliance.org/
SEAL Frameworks: https://www.securityalliance.org/frameworks
Wargames: https://www.securityalliance.org/wargames
NounsDAO: https://nouns.wtf/
Timestamps:
00:00 – Cold start
00:56 – Introduction: Jamilya and Eugene welcome Isaac Patka
03:06 – Why everyone eventually gets phished: real-world hacks and human error
05:23 – The growing attack surface in decentralized ecosystems
07:42 – The birth of DAO Roasts: fact-checking decentralization claims
10:04 – NounsDAO and the challenge of decentralization with veto power
12:23 – White-hat hacking: testing governance systems responsibly
14:48 – Defining white-hat vs. gray-hat ethics in crypto
17:07 – How security gray zones blur the line between defense and offense
19:24 – The LampDAO experiment: voting to turn a real-world light on and off
21:47 – DAO governance meets physical reality and off-chain limits
24:07 – “Proof of inattention” as a governance failure mode
26:31 – Delegates, fatigue, and the limits of direct democracy
28:54 – Why most voters copy trusted delegates without understanding proposals
31:15 – Guardrails and veto power: trade-offs in optimistic governance
33:36 – The real locus of power: dispute resolution and enforcement
35:55 – The origins of Security Alliance and the birth of WarGames
38:16 – Simulating incidents: chaos drills for DeFi protocols
40:42 – Threat modeling: finding vulnerabilities beyond smart contracts
43:01 – SEAL-911: the crypto emergency hotline
45:17 – Human trust in automated systems: staking and delegation
47:39 – Why protocols still underestimate operational risks
50:06 – Security culture: humans all the way down
52:30 – Paranoia as a governance virtue
54:51 – Practical safeguards: how to verify urgent messages and avoid scams
56:54 – AI in governance: new attack surfaces and security implications
59:19 – Overwarning fatigue and the limits of “Accept risk and sign” popups
01:01:35 – Access control and permission boundaries in multisigs
01:03:52 – How to stay safe: real-world scams and social engineering examples
01:08:34 – Long cons, fake grants, and deepfakes in the crypto world
01:12:59 – Vigilance without paranoia: staying human in security
01:15:22 – Physical safety, seed phrases, and low-profile best practices
01:17:43 – Crypto conferences, travel safety, and not standing out
01:19:59 – Security frameworks and starting points for learning
01:22:24 – What DAOs should fix first: access control
01:22:59 – Why decentralization is the most misused word in Web3
01:23:36 – The future of governance: humans, councils, and lessons from the past
01:24:15 – Closing thanks and outro