Work

The Challenge

Build a non-custodial multi-chain wallet as a Chrome Extension sidebar, not a popup, that could inject unified cross-chain balances directly into third-party DeFi applications like Aave, Uniswap, Lido, and Hyperliquid. The wallet needed to support 13 blockchains, handle transaction signing, and be fully compatible with the dApp ecosystem that expects a MetaMask style provider.

The Approach

I studied MetaMask's open-source architecture to understand how wallets communicate with dApps via provider injection (the window.ethereum pattern) and the multi injected provider discovery (the announceProvider pattern). I then built a compatible provider injection system from scratch using Vue 3 and viem, ensuring that any dApp built for MetaMask (and other EVM based wallets) would work seamlessly with the Arcana wallet.

The sidebar form factor was a deliberate architectural decision, it allows users to interact with the wallet while simultaneously viewing the dApp, which is critical for complex DeFi operations where users need to see both the transaction details and the application state.

I also engineered the unified balance management system, which aggregates token balances across all 13 supported chains and presents them as a single fiat denominated value, requiring a cross-chain balance indexer and real-time price feed integration.

The Challenge

Make sending crypto tokens as simple as sending an email. Traditional token transfers require users to copy-paste long hexadecimal wallet addresses, a UX pattern that is error-prone, intimidating, and a major barrier to mainstream adoption.

The Approach

I built SendIt to accept email addresses, X (Twitter) usernames, and ENS domains as transfer destinations along with wallet addresses. Under the hood, the application resolves these identifiers to wallet addresses using Arcana's authentication SDK and ENS resolvers.

I also designed and built a gamification layer, where every transaction earned reward points (with min/max amount caps to prevent farming), displayed on daily and monthly leaderboards. Top users received NFT based rewards. The gamification drove viral growth through X integration with post-to-earn and follow-to-earn mechanics.

The Challenge

Enable end-to-end encrypted email attachments for Gmail users without requiring them to leave their email client or manage encryption keys manually. The extension needed to observe Gmail's DOM in real-time, intercept attachments, encrypt them client-side, store them in decentralized storage, and decrypt them on retrieval, all transparently within the Gmail interface.

The Approach

I used InboxSDK and gmail.js to observe and interact with Gmail's DOM, detecting when users compose emails and attach files. When encryption is enabled (either globally via settings or per-attachment), the extension encrypts attachments client-side using RSA keys generated by Web3Auth (Torus at the time) and uploads the encrypted files to decentralized storage. Recipients with the extension installed see encrypted attachments automatically decrypted on their end.

The extension also reads all incoming mail on the client side and decrypts any attachments that were encrypted for the current user. I built a companion web application where users could log in and retrieve all their encrypted attachments directly from decentralized storage, bypassing Gmail entirely. The extension was built for both Chrome and Firefox from the same codebase.

The Challenge

Build a cross-rollup bridge UI that handles high-frequency state updates (transaction status polling, balance refreshes, chain switching) while maintaining SEO discoverability for individual chain pages, without the complexity and overhead of Next.js.

The Approach

I engineered a custom build-time SEO solution, during the Vite build process, the system generates individual HTML pages for each supported chain with proper meta tags, Open Graph data, and structured markup. When a user or crawler hits a chain-specific URL, Vercel serves the pre-built HTML page first (satisfying SEO requirements), then hydrates the full React SPA. This achieves the SEO benefits of server-side rendering with the simplicity and performance of a Vite SPA.

The Challenge

Dynamic pricing algorithms on booking and shopping sites manipulate prices based on user location, device, browsing history, battery percentage, and cookies. The goal was to build a Chrome Extension that levels the playing field by giving users control over what information these sites can access.

The Approach

I built a multi-layered privacy system: VPN proxy backends deployed across AWS regions (Albania, Slovenia, India, Greece) for location spoofing, geolocation blocking, user agent manipulation (making Apple users appear as Linux users, desktop users as mobile), DNT header enforcement, cookie/localStorage clearance, and ad blocking.

The most technically interesting challenge was the automated optimization system. I created a crawler and scraper that actively crawled major booking and shopping sites, tested different combinations of privacy settings, and stored the optimal configuration per-site in a database. When a user visited a supported site, the extension checked the database and applied the known best settings automatically via a one-click "Optimize" button. For sites without database entries, a sensible default configuration was applied.

The Challenge

Privacy-focused web analytics tools exist (Plausible, Fathom, Umami), but most require significant setup for self-hosting and lack extensibility for custom events beyond page views. The goal is to build a lightweight, privacy-first analytics platform that is easy to self-host, provides meaningful insights without cookies or personal data collection, and works across any platform: web, mobile, backend, and infrastructure.

The Approach

The SDK is built in TypeScript with zero dependencies, coming in under 4KB gzipped. It exposes a simple API for tracking page views, custom events, and rule-based tracking (for example, tracking when a user scrolls past 50% of a page). The backend uses Bun and Elysia.js for high-throughput event ingestion, with MongoDB timeseries collections for efficient time-bucketed queries.

Currently planning a migration to ClickHouse for the analytical query layer, a full rebrand, and a public launch.

The Challenge

Build the primary interface for Web3 developers using Arcana's platform, where they register dApps, obtain access keys, and configure authentication, storage, and wallet settings.

The Approach

Developers use the dashboard to register dApps, configure settings for authentication (adding social login providers like Google, Twitter, GitHub, or custom Cognito configurations), decentralized storage (location preferences, storage limits), and the embedded wallet (appearance, behavior, supported chains). Built from scratch with Vue 3, TypeScript, and Chart.js for usage analytics.

The dashboard evolved over 3+ years alongside the protocol, adapting through multiple pivots (storage + access → auth-only → chain abstraction) while maintaining backward compatibility and a consistent developer experience.

The Challenge

Build a tool where users can store sensitive information (credentials, notes, secrets) and share them securely, without creating an account, without trusting a server with plaintext data, and without installing anything. The entire encryption and decryption process must happen client-side so that the server never sees unencrypted data.

The Approach

I built Credenstore as a serverless web app using Vue and Firebase/Firestore. All data is encrypted client-side using Triplesec symmetric encryption before being stored in Firestore. Users can share encrypted data via a unique link, recipients need only the link and the password to decrypt. No account creation, no server-side decryption keys, no login required.

The app also supports file encryption, time-bound expiry (data auto-deletes after a set period), and password protected sharing. Because the server never has access to the encryption keys or plaintext data, this is a true zero-knowledge architecture, even if Firestore is compromised, the stored data is unreadable without the password.