Hacking for fun!

Weilin (William) Li
[Github] [Twitter] [Linkedin] [Google Scholar]
Email: hklst4r (at) gmail (dot) com
weilin (dot) li (dot) 24 (at) ucl (dot) ac (dot) uk
Last Update: Oct 21, 2024

Abstract

I am a CS PhD student of University College London (UCL), supervised by Prof. Arthur Gervais. I received my Bachelor's degree at the University of Science and technology of China (USTC). My id as a hacker is hklst4r and I love to break things.

My research interests primarily focus on blockchain technology, Decentralized Finance (DeFi) applications, and their security implications. I've been actively engaged in the DeFi ecosystem since 2021. I continuously explore and implement highly profitable trading strategies (Ref. Highly Profitable Trading Strategy). I am also an active bug hunter in Web3, securing $10K+ in bounties (Ref. Bug Bounties).

I used to be a CTF player in Crypto and Misc. I was the team captain of NEBULA, which achieved an annual global ranking of 137th (top 0.33% globally) on CTFtime (Summer 2022-Summer 2023).

Publications

Education

Experiences

Teaching

Selected Talks

2023

Some Awards

2023

  • 5th place in XCTF's international CTF competition SCTF.
  • Second prize of the 17th National College Student Information Security Contest, East-Northeastern Region
  • 2022

  • Silver Award in International Genetically Engineered Machine Competition.
  • 5th place in Tencent's international CTF competition TCTF/0CTF.
  • Second Prize in the 6th National "Strong Net Cup" Finals.
  • Bug Bounties

    I have submitted several bug reports for various projects. Below listed some of them that are released to public.

  • Tokenlon, flaw in token design leads to continous arbitrage opportunities.
  • Huckleberry Lending, interest-bearing token borrowing leads to drain of the market.
  • ...
  • Highly Profitable Trading Strategy

    This term draws inspiration from Avraham Eisenberg, a self-proclaimed "Applied Game Theorist" who famously netted $115 million by manipulating a token's price. I use it to describe lucrative, low-risk trading opportunities I've successfully identified and leveraged. (To be clear, these are not attacks or exploits.)

  • October 2024: Radiant Protocol Incident, Following a hack that drained 2/3 of the protocol's Total Value Locked (TVL), I capitalized on the ensuing panic by establishing a strategic short position on the governance token.
  • January 2024: MIM Depegging Event, I seized the opportunity to purchase MIM at a discount, effectively rebalancing my position on the Abracadabra platform.
  • March 2023: USDC Depegging Crisis, During this event, I used AAVE to create a DAI (long)/ USDT (short) position. Despite DAI's initial depeg alongside USDC due to the Peg Stability Module (PSM) allowing 1:1 USDC to DAI swaps, I recognized that Maker DAO's substantial reserve fund could potentially cover bad debt and stabilize DAI even if USDC's value plummeted to zero.
  • May 2022: Luna/UST Death Spiral, I managed to short $LUNA when $UST starts to depeg.
  • ...