Request a Demo
June 26, 2025

Amberdata Podcast Featuring Francesco Piccoli, CEO of Almanax

By: Amberdata

Share this blog:

Welcome to Amberdata's Podcast series featuring leaders in the Crypto space, where we go in-depth and dive into various topics. In this episode, Izzie Henderson, Senior PMM of Amberdata, interviews Francesco Piccoli, CEO of Almanax!

Listen to the episode here.

 

Introduction: An Industry in Crisis

On a recent episode of the Amberdata Podcast, host Izzy Henderson welcomed Francesco Piccoli, CEO and Co-Founder of Almanax, a Web3 security company leveraging cutting-edge AI to prevent blockchain exploits. Their conversation centered around Piccoli’s background, the motivations behind Almanax, the evolving role of AI in smart contract security, and what the future holds for Web3’s security landscape.

The stakes are high: over $9 billion in crypto assets have been lost to hacks in the past three years. Piccoli’s goal? Shift security from a reactive to a preventative discipline by building an “AI security engineer” that identifies threats before they go live.

Founder Background: Aerospace Roots to Blockchain Defense

Francesco Piccoli’s path to Web3 began far from crypto, with aerospace engineering studies in Italy and Spain, followed by graduate work in machine learning and AI at UC Berkeley. Initially focused on hardware, he transitioned to software and quickly immersed herself in blockchain.

His prior role at a startup called Onchain AI involved spearheading investigations into major crypto exploits, often working behind the scenes with law enforcement. This experience showed him firsthand how widespread — and preventable — many of these hacks were. That realization became the catalyst for founding Almanax in 2023.

Identifying the Gap: Why Web3 Security Was Broken

Despite the billions lost, blockchain security has traditionally lagged. Piccoli noted that:

  • Security was often an afterthought, applied reactively and inconsistently.

  • Traditional tools were rule-based, limited in scope, and unable to identify novel or complex logic bugs.

  • Audits were expensive and infrequent, often missing vulnerabilities that appear between releases.

  • Alarmingly, over 90% of hacked contracts had already been audited — a sign of systemic failure.

The industry lacked continuous, intelligent monitoring capable of understanding the logic of decentralized codebases. Enter Almanax.

Introducing Almanax: AI-Powered Prevention for Smart Contracts

At its core, Almanax is building an AI-powered security engineer — a system designed not only to detect but also to prevent exploits before they happen.

Key components include:

  • LLM-powered Code Analysis: Their platform reads code, understands its logic, identifies potential attack surfaces, and flags exploitable vulnerabilities.

  • Smart Contract Focus (and Beyond): While initially trained on smart contracts (e.g., Ethereum), the tool has expanded to scan other software layers, including off-chain code like wallet libraries.

  • Continuous Integration: Integrated into developers' CI/CD workflows, Almanax automatically analyzes code with every push, akin to Grammarly for blockchain, but protecting millions of dollars rather than grammar.

A milestone for Almanax? Identifying bugs in code written by Vitalik Buterin, Ethereum’s co-founder, a testament to the system’s accuracy and utility.

The XRPL Exploit: A Cautionary Case Study

One of the most significant recent incidents Almanax analyzed was the April 2024 XRPL.js supply chain attack. A malicious actor compromised a Ripple employee’s access to an open-source Node.js package used widely in the XRP Ledger ecosystem. The attacker inserted code to exfiltrate private keys from any protocol using the infected package.

Though caught quickly, the episode was a chilling reminder of:

  • The composability and fragility of modern software,

  • The growing threat of supply chain attacks,

  • And the need for tools like Almanax that can monitor not just smart contracts, but third-party dependencies too.

The Challenge with Smart Contracts

Smart contracts are uniquely difficult to secure due to:

  1. Immutability – Once deployed, most can’t be modified.

  2. Financial Stakes – Hacks don’t just steal data — they extract real money.

  3. Open Source – Attackers have full visibility into contract logic.

Piccoli emphasized that smart contracts represent one of the most hostile environments in software development, necessitating an elevated security posture from day one.

The Role of AI in Web3 Security

Piccoli envisions a hybrid security model: AI as the first line of defense, with humans providing oversight. Much like how self-driving cars still have human monitors, AI tools like Almanax won’t replace security teams — they’ll amplify their efficiency, especially as codebases grow and deployment velocity increases.

LLMs are uniquely suited for this because:

  • They mimic human logic comprehension, unlike legacy tools that scan for predefined patterns.

  • They can detect logic-level bugs previously deemed “machine un-auditable.”

  • They enable continuous security monitoring, not just point-in-time audits.

How Projects Can Improve Security Today

Piccoli offered a checklist of best practices for Web3 projects:

  • Use continuous automated scanning tools like Almanax for every code push.

  • Perform third-party dependency analysis to avoid supply chain vulnerabilities.

  • Adopt 2FA or hardware security (YubiKeys) to prevent social engineering attacks.

  • Conduct pre-deployment audits and incentivize white-hat disclosures through bug bounty programs.

  • Use real-time threat monitoring tools like Ironated or Range post-deployment.

  • Follow key management best practices, including multi-sig wallets with tiered access policies.

On the Horizon: Regulation, Institutions, and Maturity

As institutional players enter Web3, security expectations are changing. “This isn’t three devs in a garage anymore,” Piccoli noted. Institutions bring higher security standards, and regulators are beginning to require them.

Frameworks like MiCA (Europe) and DORA are starting to define what enterprise-grade crypto security looks like. In turn, the industry is adapting — sometimes prompted by new regulation, but often learning the hard way through high-profile exploits.

Conclusion: A New Era of Security

Francesco Piccoli and Almanax are leading the charge toward a preventative, AI-enhanced approach to blockchain security. By combining the speed and scalability of machine intelligence with the strategic oversight of human experts, Almanax aims to make billion-dollar exploits a thing of the past.

As Izzy Henderson aptly put it: Grammarly fixed our writing; Almanax is fixing our code — and saving our assets.

Amberdata 2025: Q1 Digital Asset Market Intel Report

Tag(s): Blockchain , Digital Asset , Defi , Cryptocurrency Investment , Research , Amberdata Podcast , Media

Amberdata

Amberdata is the leading provider of global financial infrastructure for digital assets. Our institutional-grade solutions deliver data, analytics and comprehensive tools and insights that empower financial institutions to research, trade, and manage risk and compliance in digital assets. Amberdata serves as a...

Amberdata Blog

View All Posts
Trading
3 min read | June 16, 2023

Amberdata Amberdata Podcast #7 feat Nakul Gupta of Brine Fi

Read More
Trading
8 min read | August 6, 2024

Amberdata Podcast Feat Ian LeViness, DAO Lead at Push Protocol

Read More
Cryptocurrency
3 min read | May 11, 2023

Amberdata Podcast #6 Feat Peter Wang of 57Blocks

Read More