Bullbit, a decentralised derivatives trading platform approaching its Mainnet launch, has chosen Hacken as its security auditor — selecting the firm specifically because Hacken operates under financial transparency standards comparable to a US-listed company, rather than as a private lab whose internal processes remain opaque to outside scrutiny.
Most Web3 auditors are private. Hacken is not.
The distinction, according to Bullbit, is the point. While the majority of blockchain security firms operate without public accountability structures, Hacken has pursued what it calls a Crypto IPO and Equity Tokenization roadmap — meaning its financial activity, operational processes and audit quality are subject to shareholder oversight in a way that resembles how technology companies on the NASDAQ or NYSE are governed. For a derivatives platform targeting Korean institutional investors and large funds, that governance structure carries specific weight.
A Bullbit representative framed the calculus directly: “Partnering with Hacken, Bullbit is not just buying a technical report. We are buying the endorsement of an organization operating with the highest legal and financial standards of the West. For Korean investors and large funds, having an audit partner with a transparent profile like a securities firm is a key factor for capital disbursement.”
Hacken’s client list includes NEAR, 1inch and Binance — a roster that establishes its technical standing in the upper tier of Web3 security. The firm is now applying that same scrutiny to Bullbit’s App Rollup architecture, which sits at the technical centre of the platform’s differentiation from conventional decentralised exchanges.
The architecture deserves some unpacking. Rather than deploying on a shared general-purpose platform, Bullbit has built its own dedicated execution layer — what it calls a Sovereign Infrastructure — where sequencers handle order matching at millisecond speed, comparable to the performance of centralised exchanges. Settlement, however, anchors back on-chain, preserving the verifiability that decentralised infrastructure requires. It is a more complex build than a standard DeFi application, which is precisely why the choice of auditor matters.
Bullbit claims its architecture has received a “Zero Critical Bug by Design” rating in initial internal assessments. Worth being precise about that: this is a self-evaluation, not yet the conclusion of Hacken’s formal Penetration Testing phase, which is currently beginning. The claim is that the system was designed from the ground up to eliminate common attack vectors, including rug-pull mechanisms and Oracle Manipulation — two exploits that have collectively cost DeFi users billions of dollars across multiple incidents. Hacken will now verify whether the architecture delivers on that claim.
One specific feature has drawn particular attention from Hacken’s team: the Inclusion Queue mechanism. In practical terms, this allows users to withdraw their funds directly from the underlying Layer 1 blockchain even if Bullbit itself stops operating. In a post-FTX environment, where institutional capital has become acutely sensitive to custodial and operational risk, a forced-withdrawal guarantee is not a minor technical footnote — it is a fundamental condition of the trust architecture. Bullbit has committed to making both its Verifier source code and the full audit reports public once complete.
The institutional pivot in crypto derivatives is the context that makes this announcement intelligible. The 2026 market looks materially different from 2021 or 2022: spot Bitcoin ETFs have drawn in traditional asset managers, regulatory frameworks are consolidating across the US, Europe and Asia, and the Korean institutional investor base — one of the most active in the world — has become considerably more rigorous about the operational and security standards it requires before committing capital. A derivatives DEX with opaque infrastructure and a private-lab audit would not pass that bar. One with Hacken’s public accountability model and an on-chain forced-withdrawal mechanism might.
The derivatives DEX space is competitive. dYdX, GMX and Hyperliquid have established significant user bases and trading volumes. Bullbit’s entry proposition is not speed or liquidity alone — it is the institutional-grade safety argument, the claim that its infrastructure was built with the compliance requirements of large capital in mind from the design stage rather than retrofitted after the fact.
Bullbit’s Mainnet launch date was not disclosed in the announcement.
Whether the architecture performs as described will become clear when Hacken’s Penetration Testing concludes and the full audit report goes public. The commitment to publish everything — internal reports included — is the kind of transparency that either builds lasting credibility or produces very uncomfortable reading. Bullbit appears confident it will be the former.
