outreach
Pitching a Security Audit? Your Cold Message Is Probably Killing the Deal

Founders ignore security audit pitches that lead with fear. Here are outreach templates and a Telegram sequence structure that actually get replies.
You send a cold message warning a founder their smart contract "might have critical vulnerabilities." They don't reply. Not because they don't care — because that exact message hit their inbox 40 times this month, from 40 different auditors, and it reads like spam every time.
Security audit sales has a template problem. Everyone's pitching fear. Nobody's pitching proof. And in a market where a bad audit (or no audit at all) can mean a $100M exploit, that's the gap you need to close.
What Makes a Security Audit Pitch Actually Get a Reply?
A security audit pitch gets replied to when it references something specific about the prospect's project within the first two sentences — their chain, their TVL, a contract they deployed recently, or a competitor who got exploited. Generic pitches ("we do smart contract audits") get roughly a 2-5% reply rate on Telegram. Pitches referencing a specific, verifiable detail about the project push that to 15-20%, based on patterns across outbound campaigns run through Web3 consulting outreach.
The reason is simple: founders assume you didn't actually look at their protocol. Prove them wrong in the first line, and you're no longer competing with the other 39 messages.
5 Outreach Templates That Work for Security Audit Pitches
These aren't scripts to copy word-for-word. They're structures — swap in specifics for your prospect. Each one leads with a fact, not a threat.
The recent-deploy opener: "Saw you deployed [contract name] on [chain] last week — congrats on the launch. Quick question: did you get an audit done before mainnet, or are you planning one post-launch? We specialize in [chain]-native protocols and can usually turn around a scoped review in 5-7 days."
The competitor-incident opener: "[Similar protocol] just lost $[X] to a reentrancy bug in a function almost identical to yours. Not trying to scare you — just flagging it because we caught the same pattern in a client's code last month. Worth a 15-min look at yours?"
The TVL-milestone opener: "Noticed your TVL crossed $[X]M this week. A lot of protocols skip a second audit once they've already passed one pre-launch — but exploits scale with TVL, not with your original code review date. Happy to send our scope-of-work if useful."
The warm-intro-adjacent opener: "[Mutual contact] mentioned you're prepping for [chain] mainnet. We just wrapped an audit for [comparable project] — can share the report structure if it'd help you scope what you need."
The free-scan opener: "Ran a quick automated scan on your public repo (nothing invasive) and flagged 2 things worth a human look. No pitch attached — want me to send the notes over?"
Notice none of these lead with "we're the best" or a list of past clients. They lead with a reason this specific founder should care, right now.
How Should You Sequence Security Audit Outreach on Telegram?
A working sequence for security audit outreach runs 3-4 messages over 7-10 days: an opener with a specific hook, a value-add follow-up (a free resource, not a pitch), a social-proof message, and a direct scheduling ask. Sending all four in one day reads as spam; spacing them out reads as a real person paying attention.
Day 0: Send the hook message (pick one template above). No ask beyond "worth a quick chat?"
Day 3: Follow up with something useful — a checklist, a link to a public report you wrote, or a specific vulnerability class relevant to their stack. No pressure.
Day 6: Share a relevant case study or a comparable protocol you audited. Keep it to 2-3 sentences.
Day 9: Direct ask: "Want to grab 15 minutes this week to scope it out? No pressure either way."
Day 14 (optional): A breakup message — "Totally understand if timing's off. I'll check back in a few months unless you'd rather I not."
Founders and dev leads live in Telegram groups, not their inbox — most protocol teams coordinate there daily. That's exactly why sequencing matters more here than on email: a poorly-timed burst of DMs in a chat-first environment gets noticed (and reported) fast. If you're running this at volume across multiple prospects, spacing needs to be automated, not manual.
Where Do You Actually Find Founders to Pitch?
Before any template matters, you need the right person to send it to. Security audit buyers cluster in a predictable set of places: chain-specific developer groups, hackathon Discords mirrored to Telegram, and the group chats around specific L2s or app-chains where founders vent about their own launch anxieties.
Scanning these manually doesn't scale past a handful of leads a week. That's where a structured approach to finding niche Telegram groups for B2B prospecting pays off — you're not guessing where founders hang out, you're pulling from group chats where deployment announcements and audit requests already happen.
CRMChat's Web3 B2B decision-makers database gives you a pre-built list of founders and technical leads by chain and vertical, so you're not starting outreach from zero contacts every time you open a new niche.
How Do You Send This at Scale Without Getting Flagged?
Sending 5-7 identical audit pitches from one Telegram account within a short window is one of the fastest ways to trigger reports and get restricted — Telegram's spam detection doesn't care how good your template is if the delivery pattern looks automated. Founders who get pitched constantly are also quick to hit the report button on anything that smells templated.
CRMChat lets you run outreach across unlimited Telegram accounts from a single dashboard, with each account routed through its own proxy and smart account switching so you never message the same prospect from two different accounts by mistake. That's the difference between a pitch that lands and an account that gets banned mid-campaign — see how to avoid Telegram account restrictions for the mechanics.
Customer-facing security work also means data handling questions come up fast — founders will ask how you store their contract details before an audit even starts. CRMChat doesn't permanently store Telegram messages and encrypts everything in transit and at rest, which is worth mentioning if a prospect asks how their info moves through your outreach stack.
What Should You Personalize Beyond the First Line?
Personalizing just the opener isn't enough if the rest of the message reads like a form letter. Beyond the hook, personalize these fields for every send:
Chain and language: Reference Solidity, Rust, Move, or whatever the protocol actually uses — generic "smart contract" language signals you didn't check.
Audit history: Mention if they've had a prior audit (or clearly haven't) — it changes the entire pitch.
Timing: Reference their mainnet date, TVL milestone, or fundraising round if public — timing context makes the ask feel relevant, not random.
Turnaround estimate: Give a real number ("5-7 days for a scoped review") instead of "fast turnaround" — specificity reads as credibility.
CRMChat automates this personalization with custom fields like {First Name}, {Chain}, or {Company} pulled straight from your CRM data, so each message looks individually written even when you're sending hundreds a day.
Quick Answers on Pitching Security Audits
Founders reply best to pitches with a specific hook, a short first message, and a follow-up cadence that doesn't crowd their inbox in 24 hours. If you're building this into a repeatable process rather than a one-off campaign, check the CRMChat Help Center for setting up sequenced Telegram outreach, or the case studies page for how other outreach teams structured their cadences.


