Goals for 2023


What a year! 2022 has been the worst year for crypto and the best year for AI. A great year for Greg Rutkowski and a bad year for hands.

Following the tradition of previous years, I’ll revisit my old goals and set new goals for 2023.

For me, it’s been a good year. I’m still healthy and my net worth grew more than the inflation. This isn’t because I’m a good investor, it’s just the combination of having a low net worth to start with and a high income. Let’s look at some crypto events that hit me:

  • The year started with Ukraine promising an airdrop and then rugging me.
  • Then Terra collapsed and all my LUNA went to zero. I unstaked it instead of exiting through the on-chain swap because I didn’t want to take the 30% fee. My lesson is that I need to get out of things that look bad faster and just take the loss. The same happened with my staked SOL after the FTX collapse. When coins are so volatile it doesn’t make sense to lock them for single-digit APY.
  • I lost money in UST. I already felt that 20% APY was too good to be true and this was going to end badly, so I had hedged it against de-pegging by borrowing it against USDC collateral on Solend and I also bought insurance on Unslashed Finance. However, the insurance was denominated in ETH which had already dropped by 50% at that time and the entire claim process was chaotic and horrible with insurers constantly moving goalposts. I still recovered a significant percentage of it.
  • I dodged the bullet with Celsius and was able to withdraw before they disabled withdrawals.
  • I also frontran the FTX collapse and was still able to withdraw. My crypto twitter addiction really paid off this year, I got out everything as soon as I heard rumors.
  • What’s left of my crypto portfolio is only worth 30% compared to 1 year ago. In hindsight, I should have sold some but I already had a decent cash position so I didn’t sell even though I didn’t see any reason why prices would go up again in the short-term future as macro looked bad. I need to change my strategy.

After all this, how did I still increase my net worth? I earned a lot doing smart contract audit (contests):

  • In May, I was the first one to hit $1M overall awards on Code4rena and stopped competing for this year except for the $1M Seaport contest. I earned $402,556.26 on Code4rena, ranking at #2 for 2022. I think it’s a great achievement given that I only competed for the first 4 months of the year and the huge increase in wardens.
  • For the rest of the year, I did audits, independently and with Spearbit. I earned a similar amount to C4 with Spearbit. I don’t want to disclose the amount I made with independent audits.
  • Honorable mentions are Sherlock and yAcademy. I did some audits as part of Sherlock’s insurance due diligence at the beginning of the year, before they ran contests. I joined yAcademy’s Block 3 cohort as a guest auditor which has been a great experience. The people in the cohorts are genuinely interested in hacking and quite talented, I ended up working on Spearbit audits with some of them later.

Was this enough to achieve my goals?

Reviewing 2022’s goals

Get to 100k$ cash flow per month

I didn’t achieve this goal but I got close.

Develop or contribute to a protocol

I worked on some fun side projects related to NFTs but they are not being used by anyone. Honestly, even these little projects were a waste of time. The workload this year was already very high, I should just have relaxed instead of working on these in my free time. The interesting part of these projects is coming up with a clever solution but once I know the solution in theory, actually writing the smart contract, tests, etc., is not that interesting and just feels like a chore.


I met a lot of new people online and offline.

  • ETH Amsterdam / DevConnect / Secureum Event: I met the Code4rena / Spearbit / Sherlock team and other security researchers that I’ve been working with in person for the first time. This event was really great. I did a live audit contest with 0xleastwood, hickuphh3 and sock in cringe-worthy costumes.
  • I gave a talk at DeFi Security Summit - Stanford Blockchain Week 2022 about the history of price manipulation attacks in lending protocols.
  • I went to Singapore’s Token 2049. Really enjoyed my time there, I met many new faces who all treated me well.
  • This year was the first year that I noticed people talk about me in discord channels & podcasts without me being present. I became some sort of micro-celebrity in the web3 security space which is really funny to me. A lot of web3 security beginners reached out to me or thanked me for writing my blog posts and being so transparent.

New gym PRs

I kept up with the gym routine throughout the year, it’s really easy for me. I got back to my old PRs but besides that, no significant progress has been made. It takes a lot of time to make gains now and I got Covid/flu/cold too many times this year and did not always have proper gym access when travelling.

Goals for 2023

Get to 100k$ cash flow per month

I’ll keep the same goal as last year. Why not set bigger goals if I almost achieved them last time? Because I want to be realistic and macro/crypto doesn’t look like it’ll get better which might make achieving the same goal harder. What’s the best strategy to achieve this goal? A good exercise is to write down your best options and assign expected payouts and probabilities to them. So what are my skills and what are the chances of success?

  • keep doing audits and audit contests like last year: 80% chance of earning $1.2M
  • build my own protocol, get a huge token allocation, become successful: This is the high risk, high reward play. I give it a 2% success rate to earn $10M within a year in the current market environment starting from scratch.
  • join an existing protocol as CISO/in-house auditor and get a token allocation of $1M: the hard part is joining a good project and this must be incorporated into the probability. I’d say 25% for me.
  • become Avi Eisenberg: The chance of finding a highly profitable trading strategy of $10M profit within a year are high, I’d even say 30% is still being underconfident. The problem is that he has just been detained by the FBI and charged with market manipulation, lmao. I’d have to be incredibly stupid to throw away my current life like that.
  • bug bounties: In the last 6 months, Immunefi listed 19 new bug bounties with max payouts of >= $1M (comparing archive.org from June). Assume Immunefi lists 38 new $1M+ bug bounties next year and it takes you the entire year to look for bugs in all of them. If you think the chances of finding a critical in a project is higher than 3% you should do bug bounties. These odds are better than I expected.

Admittedly, I made up all of these numbers but it’s the process of exploring your options that is already valuable and helps you with decision-making. So doing what I did last year and throwing in some bug bounties seems like the best decision to achieve this goal with my skillset. There’s no need to reinvent myself every year.

The hardest part for me will be to remain focused on security and not get distracted by building some fun AI projects that nobody uses at the end (not even myself).

IRL events

The IRL conferences last year were great and I hope we can continue doing this.

These are all my professional goals that I set for myself this year. I kept them flexible as I want to have time for small, interesting opportunities again that arise and that I can’t even imagine right now.

✨ Happy new year! ✨

Hi, I'm Christoph Michel 👋

I'm a , , and .

Currently, I mostly work in software security and do on an independent contractor basis.

I strive for efficiency and therefore track many aspects of my life.