CertiK’s Perspective on How Leadership in the Market and Innovation Create a Shield Against Cyber Threats

Within the TOKEN2049 During our time in Dubai, we had an enlightening discussion with Dr. Kang Li, the Chief Security Officer of a prominent player in the Web3 security sphere. He highlighted how artificial intelligence plays a dual role in safeguarding cybersecurity, addressed common weaknesses found in blockchain networks, and stressed the importance of protecting user data throughout KYC protocols. Furthermore, we touched on the rise of new cyber threats, the effects of government centralization initiatives, and provided practical advice for users to navigate the blockchain landscape securely. CertiK Could you elaborate on the advantages of AI over other solutions in terms of maintaining blockchain security?

Artificial intelligence operates as a versatile tool in cybersecurity, available for both defensive and offensive strategies. From a defensive standpoint, AI's ability to swiftly analyze large data sets enables it to spot patterns and irregularities that traditional security solutions might miss or be overwhelmed by.

On the flip side, the adaptable nature of AI can also be exploited by cybercriminals, allowing them to create advanced attack strategies. This necessitates a proactive approach, where platforms and organizations simulate potential AI-driven threats to bolster their defenses.

Which blockchain network do you consider most susceptible to scams and attacks?

Historically, Ethereum has been a favored target for scams and cyber assaults, primarily not because of fundamental flaws within the Ethereum protocol itself, but due to its extensive adoption, the intricate nature of its smart contracts, and its significant position in decentralized finance (DeFi) and non-fungible token (NFT) spaces. That said, while Ethereum is highly targeted, it isn’t necessarily the most vulnerable network; its fame and the substantial assets within its ecosystem make it a prime focus.

Your services include KYC verification, which some might view as infringing on privacy. Can you explain the specific features or techniques that support effective verification while safeguarding data privacy and security?

Our KYC process gives Web3 platform founders control over their identity verification journey, letting them decide the extent of verification required. This is represented by a KYC badge—gold, silver, or bronze—indicating their dedication to transparency. This approach not only limits the sensitive data collected but also focuses accountability and integrity on the organizational level, rather than on individual users.

We are supported by a team of former law enforcement and intelligence specialists who possess extensive experience in handling sensitive data with the utmost caution and discretion. In addition, CertiK has set a benchmark as the first Web3 security auditing company to achieve SOC 2 Type I Compliance, showcasing our robust data security practices and commitment to protecting the information entrusted to us by clients and users alike.

While working with various blockchain networks, can you highlight common security issues that they all experience?

Despite the variances in their frameworks and consensus protocols, many security challenges are common amongst all these platforms. A significant shared vulnerability lies in smart contracts, which can suffer from issues ranging from simple coding mistakes to more complex interaction problems.

For instance, reentrancy attacks, integer overflow/underflow issues, and inadequate access control are just a few examples. Additionally, network-level vulnerabilities such as 51% attacks (where one entity can control over half of the network's mining power or stake), long-range attacks, and denial of service attacks—like one we internally named HamsterWheel—pose considerable threats. Cross-chain bridge vulnerabilities, oracle exploitation, and the risks of financial contagion within DeFi platforms also represent blockchain-agnostic threats.

CertiK was nominated for 'Best Use of Technology for Positive Change' at the Global Blockchain Show. What sets you apart from your competitors?

We recently launched SkyInsights, acclaimed as the industry’s most efficient crypto compliance and risk management platform. Given the mix of regulations that vary across jurisdictions—from the EU’s MiCA to Singapore’s Payment Services Act and various U.S. agencies like FinCEN and OFAC—the need for a comprehensive compliance approach has never been greater.

What cyber threats do you predict will be most significant in 2024?

It's clear that breaches involving private keys will remain a top concern for the blockchain and cryptocurrency sectors in 2024. With $239 million lost in just 26 incidents, these key compromises account for nearly half of the financial losses.

Based on data from our Q1 report How do you believe government efforts to centralize blockchain networks and cryptocurrency could compromise the overall security of the ecosystem?

Decentralization is fundamentally important to blockchain systems, both philosophically and structurally. However, the spectrum between centralization and decentralization is wide, and achieving perfect decentralization is more of an aspiration than a practical reality, so some degree of compromise is unavoidable. Compliance will drive significant changes in the sector, as many aspects will increasingly fall under governmental regulation, attracting institutional capital that could surpass the current total market capitalization of the crypto industry.

What recommendations can you offer everyday users to avoid scams while utilizing blockchain services?

Always verify the addresses you're sending cryptocurrency to, especially when dealing with larger amounts. Cross-verify through multiple channels to ensure you're reaching authentic and official addresses.

• Use well-known and reputable wallet providers. Make sure to download the official wallet version from reliable sources like the official website or trusted app stores.
• Never disclose your private key or seed phrase to anyone and refrain from storing it online. Opt for hardware wallets for enhanced security.
• Thoroughly investigate any project before making an investment. Look into reviews, the backgrounds of the team, the project’s whitepaper, and community feedback.
• Be cautious with links in emails or messages unless you can verify they're from a trusted source. When in doubt, manually type the official website address into your browser.
• Lastly, please keep in mind that the information presented on this page should not be seen as legal, tax, investment, or financial advice. It’s crucial to only invest what you can afford to lose, and if you're uncertain, consult an independent financial adviser. For further details, we recommend reviewing the issuer's terms and conditions and supporting documentation. MetaversePost is devoted to providing accurate and impartial reporting, but market circumstances are subject to change without prior notice.