On December 2, 2024, Hong Kong’s Ming Pao published an exclusive interview with Professor Gu Ronghui, co-founder of CertiK. Ming Pao is one of the most influential newspapers in Hong Kong. It was co-founded by Louis Cha (pen name Jin Yong) and Shen Baoxin in 1959 and is well-known in Hong Kong for its objective and fair news reports.
Professor Gu pointed out in the interview that as more and more traditional industries enter the Web3 field, the demand for security audits is also rising sharply. With years of technical accumulation and world-leading audit services, CertiK has provided reliable security protection for nearly 4,700 customers worldwide, becoming the first unicorn company in the Web3 security field. In the face of future challenges, CertiK will not only continue to work on solving blockchain security issues, but also plans to promote the construction of a security ecosystem for the entire industry through financial support and industry investment.
The following is the full report:
CertiK: Traditional industries adopt Web3 and the demand for security audits rises
As the use of blockchain protocols and smart contracts becomes more common, the probability of security incidents increases. In an interview with this newspaper, Gu Ronghui, co-founder of CertiK and member of the Hong Kong Web 3.0 Development Task Force, said that as more and more traditional industries use Web 3 and related technologies are changing with each passing day, the industry's demand for security audits is expected to increase.
CertiK was established in 2018 and is headquartered in New York, USA. Gu Ronghui pointed out that they have served approximately 4,700 customers so far. In 2021, the code audits they conducted accounted for 60% to 70% of the world's Web 3 projects. The company's valuation has increased to US$2 billion in 2022, becoming the third unicorn company in the Web 3 industry and the first unicorn company engaged in security auditing. Its shareholders come from Sequoia, Tiger Global, Binance, Coinbase, etc. "Some shareholders are also customers," he said.
Security vulnerabilities are often related to code
He said that with the help of his own comprehensive security audit digital process technology, he obtains code from customers and puts it into their system. After understanding the customer's product design, he finds problems and monitors loopholes, performs third-party certification, and prompts modification of problematic codes. He said: "Security vulnerabilities are often related to code, such as incorrect code, or inconsistency with the original design, or even design loopholes that lead to hackers."
In addition, security issues also occur with private keys. For example, multiple keys are placed in the same place without backup. Even when dealing with operations between smart contracts and non-smart contracts, it is often because the application (App) needs to operate with Web 2 and Web 3 junction causes integration problems. They have discovered more than 110,000 security vulnerabilities so far and reported them to customers, hoping to help reduce user losses. Its current users include virtual currency exchanges, wallets, public chain users, smart contracts and NFT (non-fungible token) application providers.
Regarding the future development of stablecoins, he believes that it will not only provide the industry with a lot of room for development, but also bring challenges. In response, CertiK has allocated US$40 million for entrepreneurial investment and plans to invest in infrastructure, key tools and even real-world assets required by the industry.