Pablo Sabbatella (pablito.eth) @ Opsek - Security Council candidate Mar 2026

Security Council Security Council Elections
1

Hello everyone,

I am Pablo Sabbatella, also known as pablito.eth. I am a web3 operational security researcher, member of SEAL (Security Alliance) and I am applying for the security council as founder of Opsek. I also created “Blockchain Security series” podcast.

I started with cybersecurity back in 1999, when I founded Hackemate and have been involved in technology since then. I am a signer in the Optimism Security Council, the Polygon Protocol Council and Everclear Security Council. I have focusing a lot in specific needs from Security councils and on how to enhance their Operational security.

Motivation to sign up

I am fully committed to improving the security of the ecosystem. I am totally convinced that security is the biggest issue the industry is facing right now, stopping it from achieving mass adoption. If we continue on this path, with DPRK being funded by large hacks like Bybit, we are gonna be a total failure as institutions will not deploy big capital.

I know for sure that my knowledge and experience will be valuable in order to enhance the security of Arbitrum’s Security Council, infrastructure, team and community.

I am fully doxxed and dedicate lots of resources to talk about the importance of Security in the Web3 ecosystem from my Twitter account with more than 80K followers and with a free Blockchain security course you can check at at Defy Education. I also create the Blockchain Security Series podcast.

Security work:

I founded Opsek, where we do operational security audits and training for Web3 organizations (DeFi, CEXs, L1s, L2s, VCs, service providers and HNWI). The reason behind my work and founding Opsek is very simple: 99% of funds being lost are due to operational security issues (Private key leakage, malware, exploits, social engineering, phishing, account takeovers, domain hijacking, etc) and not due to smart contract hacks anymore.
My expertise is understanding an organization, defining and protecting its attack surface: what does the organization do? Who is the team? What are the tools and tack that they use? What does the day to day operation look like? What are the most valuable assets it’s protecting? Which are the biggest risks? What security measures do they have in place? Have they had any security incident in the past? We also train the teams and especially founders on physical security.
Part of our auditing process includes multisigs: how were they created? Who are the signers? What’s the appropriate threshold? How are private keys generated? How are seeds handled? Are they backed up or deleted? How do you travel with your hardware wallet? Have signers developed a threat model? Hardware wallet diversity, frontend diversity, transactions verification and simulation, definition of procedures and policies, etc.
I have already audited many firms (many of them we do not make public). Some of them: Optimism, Sky (ex MakerDao), Centrifuge, Contango, Midas, Aligned Layer, and many more.
I have participated in many war rooms and helped many people and companies save funds during attacks (and still do this daily).

Some of my presentations:

  • Professionals hack people, not systems @ DeFi Security Summit (Bangkok - 11/2024)

https://www.youtube.com/watch?v=1ZQIDkEfY5w

  • OpSec for the Dark Forest (or how to avoid getting rekt) @ Devcon 7 (Bangkok - 11/2024)

https://archive.devcon.org/devcon-7/opsec-for-the-dark-forest-or-how-to-avoid-getting-rekt/

  • Operational security in Web3: a review of major OpSec incidents @ DSS Webinars (Online - 04/2025)

https://www.youtube.com/watch?v=GuQXUyMDd_s

  • Physical and Operational Security 101 @ Ethereum Community Conference 8 (Cannes - 07/2025)

https://ethcc.io/agenda/physical-and-operational-security-101

  • TOTP apps are dead and why you are doing 2FA wrong @ darkMode (Denver - 02/2026)
  • Web3 Operational Security 101 @ DeFi Security Summit 101 (Buenos Aires - 11/2025)
  • Apple Stack Hardening: Security Essentials for macOS, iOS & AppleID @ DeFi Security Summit (Buenos Aires - 11/2025)
  • How to securely configure and use Telegram & Twitter @ Ethereum Community Conference 7 (Brussels - 07/2024)

https://ethcc.io/archives/how-to-securely-configure-and-use-telegram-and-twitter

Projects I created but where I am not involved anymore:

  • I co-founded Ethereum Argentina.

  • I created the first “Blockchain and DeFi" subject in an Argentinian University (ITBA) and served as teacher for two years.

  • I founded Defy Education.

Disclosure: I am an active signer in the Optimism Security Council, the Polygon Protocol Council and Everclear Security Council. None of them have conflicts of interest.

Links:

Many thanks for reading

1 Like
2

Subject: Operational Security Gap: Project Sentinel & Economic IR Playbooks for Arbitrum

GM Pablo,

I’ve been following your candidacy for the Arbitrum Security Council with great interest, particularly your focus on the “Dark Forest” of operational security. Your statement that 99% of funds are lost due to operational issues rather than smart contract hacks is a truth that most of the industry is still ignoring.

I am writing to you from Bihar, India, as an independent researcher. In my region, we understand that a system is only as strong as its fail-safes during a crisis. I’ve spent my nights identifying “Logic Collisions” and “Whale Chokes” in protocols like MakerDAO and Renegade—moments where the code is “fine,” but the market operations create a death trap for liquidity.

The Value Proposition:

I have just submitted a $25,000 grant proposal (Project Sentinel) to the Arbitrum New Protocols 3.0 track. My goal is to bridge the exact gap you’ve identified: The Operational Security of Liquidity. While the Security Council protects the core, there is no standardized Economic Incident Response (IR) Playbook for when application-layer deadlocks occur. My project maps these “Operational Deadlocks” and creates actionable playbooks for delegates and council members to follow during black swan events.

I have explicitly written into my milestones a coordination phase with SEAL Wargames for live-fire simulations. As a member of SEAL, your perspective on how a Security Council signer should “intervene” during an operational economic collapse would be the ultimate North Star for this research.

I don’t just want to build a tool; I want to ensure that when the next “Bybit-scale” hack or market choke happens, Arbitrum is the only chain with a pre-written operational manual to stop the bleeding.

I would be honored if you could take two minutes to look at the Project Sentinel proposal on Questbook. Your feedback would ensure this infrastructure meets the “Opsek” standard you are bringing to the Council.

Respectfully,

Eklavya

Lead Researcher, Project Sentinel

1 Like
3

Many thanks! That’s super interesting. I am not sure about the Security council duties in that kind of scenarios, but I think it’s worth analysing it. I will take a look at it. Thanks

4

Many thanks for the feedback, Pablo! I completely agree—the ambiguity around Council duties during operational economic collapses is exactly why I initiated Project Sentinel. I’m currently modeling these ‘gray areas’ in the Questbook proposal to turn that uncertainty into an actionable IR Playbook. Looking forward to sharing the initial threat matrix with you as the project develops

1 Like
5

Echoing my earlier post during the last election, I’m happy to see @pablito.eth running again. He would be a great addition to join the Council.

1 Like
6

My nominee application has been submitted: Pablo Sabbatella (OPSEK) | Arbitrum Security Council Candidate

1 Like