Recentemente, o cofundador da CertiK, Gu Ronghui, manteve um bate-papo com o fundador da Binance, CZ (Changpeng Zhao), para discutir os principais fatores por trás da transformação do mercado, incluindo o progresso tecnológico, as mudanças nas necessidades dos usuários e a evolução do ambiente regulatório global.
Autor do artigo: CertiK
Eles não apenas compartilharam insights exclusivos sobre o futuro da indústria, mas também forneceram análises aprofundadas dos desafios de segurança e das estruturas regulatórias em constante mudança que o mundo atual da criptografia enfrenta, fornecendo insights aprofundados sobre inovação, segurança e conformidade. A mídia blockchain PANews conduziu um relatório detalhado sobre esse maravilhoso diálogo. A seguir está o texto completo do relatório:
As the mainstreaming of cryptocurrency progresses, CertiK's founder engages in dialogue with CZ to discuss the survival strategies of the crypto market.
Bitcoin has broken through the $100,000 mark, ushering in a historic moment. This is not only a milestone in terms of price but also a concentrated reflection of market sentiment, capital flow, and changes in the ecological landscape, marking a new stage for the crypto industry.
At this important moment, CertiK officially released an exciting video lasting nearly 40 minutes, featuring co-founder Gu Ronghui and Binance founder CZ gathering in Abu Dhabi for an engaging in-depth dialogue. The two leaders of the crypto industry explored the key factors behind the market transition, including technological advancements, changes in user demand, and the evolution of the global regulatory environment. They not only shared unique insights into the future of the industry but also deeply analyzed the security challenges faced by the current crypto world and the increasingly changing regulatory framework, providing profound insights into innovation, security, and compliance.
Through this video, we witnessed how two industry leaders, with their vision and experience, led the industry towards a more mature, secure, and compliant future.
From left to right: CertiK co-founder Gu Ronghui, Binance founder CZ, CEO of Luna Media Corp Nikita Sachdev
The crypto market has already lost over $2 billion this year, with off-chain becoming a security disaster area.
The crypto market has entered the mainstream view, greatly expanding the growth space for users and capital, while also raising higher demands for the foundation of security trust. From the scale of attacks, the crypto market is becoming a security disaster area; in the first half of 2024 alone, losses from hacking and phishing incidents have reached $2 billion, exceeding the total losses for all of 2023. This further highlights the importance of security agencies in the crypto field regarding cybersecurity and code auditing.
CZ and Gu Ronghui also emphasized the importance of crypto security in the interview, mentioning the difficulties and challenges in the auditing process, particularly the unforeseen threats that always remain a dilemma.
According to Gu Ronghui, the current attack patterns have changed significantly compared to the past. Although more and more enterprises and projects are beginning to value code audits and collaborate with external security companies like CertiK, some smart contract attacks have been effectively curbed, but this year, the amount of attacks has actually increased. Behind this is not only the result of attackers continuously upgrading their attack strategies, but also the weak links in key management, internal personnel security, and other aspects of the project parties, further exacerbating the attack risks.
He further pointed out that for most complex Web3 applications, they are, to some extent, hybrids of Web3 and Web2 systems. Generally, the Web3 part mainly consists of smart contracts, such as code deployed on various blockchains, while the Web2 part covers key management and other backend services. Although more and more people are recognizing the importance of auditing the code in the Web3 part, the focus on the security of the Web2 part is still at a very elementary stage, and many project parties even undervalue the security of the Web2 part. In some cases, they are unwilling to make the source code of the Web2 part public, especially regarding key management. This undoubtedly adds greater challenges to the overall security of the crypto market. It is worth noting that a single weak link may threaten the security of the entire system, which is the most concerning aspect.
On this point, CZ further supplemented with his own experience, noting that when most people talk about security, they usually think of system security, network security, or auditing of smart contracts, but in reality, the scope of security is much broader, including employee security, social engineering, and even physical security of the office and organizational structure design of the enterprise, all of which may impact overall security. Security is far from being a simple code audit; it involves all levels of the enterprise and is a comprehensive and systematic challenge.
However, security auditing of crypto projects within centralized systems poses certain difficulties for security agencies. 'Generally speaking, most projects are unwilling to disclose Web2-related content to external teams, such as key management systems, which increases the difficulty of auditing. Currently, there is no golden standard for key management, but CertiK has been promoting best practices in the industry and has taken measures such as penetration testing to provide effective security assurance for such issues, although the effectiveness still has certain limitations,' Gu Ronghui stated. If project parties could share these key codes under certain conditions, especially by providing source code for white-box testing rather than black-box testing, the system architecture would undergo deeper analysis, thus discovering and resolving more potential security vulnerabilities and significantly improving overall security.
According to Gu Ronghui, as a veteran security 'gatekeeper,' CertiK has established deep technical accumulation and strict audit standards; in the past year alone, it has received multiple public thanks from Apple for discovering several vulnerabilities related to system and trusted environment interactions, and was selected into the 'Hall of Fame' by Samsung.
Enhancing efficiency with new technologies, cybersecurity is a shared responsibility of all.
As the scale of the crypto market continues to expand, frequent security incidents such as hacking and phishing are also bringing significant economic losses to project parties and investors. Especially with the rise of new technologies like artificial intelligence, while bringing more complex attack methods, it also urges security agencies to continuously enhance their technical response capabilities and the flexibility of their audit systems.
'Artificial intelligence was initially mainly applied to customer support; back then we called it sparse matrix and recommendation engine. Today, artificial intelligence has developed into a language processing engine that can predict the next word. Like blockchain, artificial intelligence is a technology field full of potential. However, we are still in the early stages of exploring the potential of artificial intelligence. In the future, this technology may not only be weaponized for cyberattacks and analysis of enemy targets, but also play a key role in defending against these attacks and be applied in various fields such as blockchain and biomedical research,' CZ emphasized the high level of attention to artificial intelligence in the era of change brought by emerging technologies.
However, responding to the continuously evolving and upgrading attack methods remains a challenge, even for industry giants with strong technical capabilities and abundant resources, who find it difficult to be self-sufficient.
'For example, key management is a crucial aspect for centralized or decentralized exchanges, but it faces many complex challenges. For instance, while multiple parties involved in key management can improve efficiency, information disclosure may bring greater risks; if dedicated, non-networked devices are used for key storage, potential threats still have to be faced when signing transactions. Therefore, how to effectively manage keys while ensuring transaction security has become an urgent problem in the crypto field. Even if safe audits can be conducted, potential threats such as computer virus infections still exist, and for some newly established or lesser-known security companies, project parties are more inclined to keep the specific details of key management confidential,' CZ raised the concerns and challenges of project parties in the discussion.
In response to this situation, Gu Ronghui proposed specific suggestions that may provide guidance for crypto entrepreneurs and practitioners. He cited an example, stating, 'For instance, in the field of private key management, device infection by viruses is a serious security issue. Therefore, building a hardware-based Trusted Execution Environment (TEE) becomes particularly important, such as using secure modules to store fingerprint or facial information, which can still ensure the security of private information even when the device is infected. Even if the device is compromised, as long as the information stored in the Trusted Execution Environment is correctly managed and interacted with, this information can still be protected from external threats.'
Gu Ronghui further pointed out that cybersecurity is not just a competitive advantage for a particular team; it is a responsibility shared by all, involving multiple levels and links that require collaboration from all parties, including users, project owners, developers, security companies, and even law enforcement agencies. For project owners, his advice is that security assessments should span the entire project lifecycle, adopting an end-to-end approach for continuous security checks rather than stopping at the audit of a particular version. Many project parties may think that once a version has undergone a complete audit, they can rest easy, and subsequent minor changes no longer require assessment; this approach is misguided. Cybersecurity is an ongoing evolutionary process, and as projects change and external threats escalate, vigilance must be maintained at all times, with regular assessments and updates. Through collaborative efforts, although it is still impossible to guarantee 100% security, it can at least minimize potential threats and vulnerabilities. CertiK is also developing more services to cover longer lifecycles and provide more comprehensive protection for clients' systems.
From the discussion between the two leaders, although no security audit agency can provide absolute assurance, the introduction of new technologies can indeed significantly enhance response capabilities and efficiency. However, for project parties, the fundamental issue is still to actively participate and deeply research their systems to ensure they can effectively respond to various potential risks and be well-prepared for protection.
Note: Gu Ronghui and CZ
From ecosystem building to user education, assisting cryptocurrencies in moving towards mainstream.
'The United States is the main driving force behind this bull market. Institutional investors are accelerating their entry into the market, with products like BlackRock's Bitcoin ETF attracting hundreds of billions of dollars in just months after approval. Coupled with Trump's election, who is very supportive of cryptocurrencies. As the global leading market, other countries will inevitably follow suit, leading to a global competition. In addition, emerging use cases like MEME coins are also driving market development,' CZ reviewed the factors behind this bull market in the interview.
This also means that cryptocurrencies are accelerating towards the mainstream, not only bringing more liquidity to the market but also promoting more professional price discovery mechanisms. Of course, under this trend, global competition for building in the crypto field is becoming increasingly fierce.
CZ also clearly pointed out in the dialogue that countries are exhibiting intense competition in regulatory policies within the crypto field. From Japan and Singapore in Asia to Hong Kong, and then to the UAE and Bahrain in the Middle East, countries are striving to establish themselves as global cryptocurrency centers, and the new US government's supportive attitude towards cryptocurrencies has added new variables to this competition.
Under the trend of compliance, CertiK is actively collaborating with global regulatory agencies. For example, Gu Ronghui serves as a member of the Singapore Monetary Authority (MAS) and the Hong Kong Web3 Development Task Force, providing suggestions and feedback for the development of regulatory frameworks. For instance, in the recent draft of the stablecoin compliance framework released by Hong Kong, two of the recommendations were provided and adopted by CertiK. At the same time, CertiK has provided security audits and compliance services related to stablecoins for several well-known enterprises, including Singapore's first licensed stablecoin issuer Paxos and large financial institutions like Paypal.
Meanwhile, in this context, only by actively engaging in the construction of the crypto ecosystem can one better occupy a place in future market competition, which has always been a focus of CertiK. This year, CertiK launched CertiK Ventures, focusing on the growth of the Web3 ecosystem, aiming to inject vitality into the community during the market downturn. Gu Ronghui revealed that the core strategy of CertiK Ventures is to invest in early-stage Web3 projects, such as SEI Network, WeMix, Kaia, and other ecosystems, while also looking at companies that can enhance network security capabilities, including developer tools, on-chain monitoring systems, and testing frameworks. In addition, CertiK has also collaborated with many large companies in traditional industries to help them actively learn and understand Web3, exploring the possibilities of conducting business in this field. However, Gu Ronghui also believes that this transition is a gradual process that requires the joint efforts of all members of the entire industry.
As cryptocurrencies trend towards becoming mainstream, user education is undoubtedly one of the key links in the industry's development. Just as CZ mentioned in the dialogue, the imbalance of educational resources globally, particularly the illiteracy problem in developing countries, poses a significant barrier for people entering the crypto world. However, now, through devices and applications, high-quality learning content can be provided to children lacking educational resources, such as the 'learn and earn' model, which can fundamentally change their destiny. To promote this process, CZ has also launched the educational platform Giggle Academy, investing not only in Web3 blockchain, artificial intelligence, and biotechnology but also viewing education as an important way to change the future.
Gu Ronghui also expressed a strong willingness to promote education and provided security education advice for new market entrants. He stated that the spirit of decentralization is at the core of blockchain and smart contract design, but this also brings trust challenges. Many retail users do not fully understand how smart contracts or blockchain work, making it easier for them to trust centralized companies rather than the code itself. In this regard, Gu Ronghui emphasized that investors should not simply rely on audit reports from security agencies like CertiK as a form of 'security seal,' but should place more importance on the transparency and public information of the project. To this end, CertiK has also developed the Skynet platform, allowing users to more easily access and understand this data, thus helping them conduct due diligence more effectively.
In addition to risk assessment, CZ also reminded investors to set investments of a 'suitable scale' based on their risk tolerance to avoid facing greater financial pressure due to over-investment.
