CertiK’s Insights on How Market Leadership and Innovation Forge the Vanguard Against Cyber Threats
In Brief
In this discussion, insights were shared on the role of artificial intelligence in cybersecurity, particularly in rapidly analysing data for threat detection, addressing vulnerabilities across blockchain networks, and maintaining data privacy during KYC verification processes.
Within the TOKEN2049 in Dubai, we had a chance to discuss the intersection of artificial intelligence, blockchain security, and KYC verification with Dr. Kang Li, Chief Security Officer of CertiK, a prominent player in the Web3 security space. Dr. Kang Li elaborated on how AI serves dual roles in cybersecurity, discussed vulnerabilities common across blockchain networks, and underscored the necessity of maintaining data privacy amidst KYC procedures. Additionally, insights were shared on evolving cyber threats, the impact of governmental centralisation efforts, and practical tips for users to navigate the blockchain ecosystem safely.
Can you elaborate on how AI is better than other solutions if we’re talking about maintaining security on the blockchain?
AI is a tool that serves both offensive and defensive functions in cybersecurity. From a defensive perspective, AI’s capacity for analysing vast datasets rapidly allows it to identify patterns and anomalies that may escape or overwhelm traditional security measures.
On the offensive side, the adaptability and learning capabilities of AI can be leveraged by attackers to develop sophisticated new attack methods. This requires a red teaming approach from proactive platforms and organisations, where potential AI-driven threats are simulated and analysed to enhance defensive techniques.
Which blockchain network do you think is the most vulnerable to scams and attacks?
Historically, Ethereum has been a popular target for scams and attacks, not due to inherent vulnerabilities in the Ethereum protocol itself but because of its widespread use, the complexity of its smart contracts, and its significant role in the DeFi and NFT markets. However, this doesn’t necessarily mean Ethereum is the most vulnerable network; it’s just highly targeted due to its success and the value locked in its ecosystem.
One of your services includes KYC verification. It could be considered as an invasion of privacy. Can you outline the specific features or mechanisms that enable efficient verification while maintaining data privacy and security?
Our KYC program empowers the founders (not users) of Web3 platforms to choose whether to undergo identity verification and to what extent. This choice is symbolised by the assignment of a KYC badge—gold, silver, or bronze—demonstrating their level of commitment to transparency. This process not only minimises the volume of sensitive data collected but also places the emphasis on accountability and integrity at the organisational level rather than on individual users.
We employ a team of former law enforcement and intelligence professionals who bring a wealth of experience in handling sensitive information with the utmost care and confidentiality. Furthermore, CertiK has distinguished itself as the first Web3 security auditing Firm to achieve SOC 2 Type I Compliance. This is a testament to our stringent data security protocols and dedication to safeguarding the information entrusted to us by our clients and their users.
While working with different chains, maybe you can highlight the same security problems that all of them face.
Despite the diversity in architectures and consensus mechanisms, several security challenges are universally prevalent across all these platforms. One of the most significant shared risks is vulnerabilities within smart contracts. These can range from simple coding errors to complex interaction bugs.
Examples include reentrancy attacks, integer overflow/underflow, and improper access control. Issues like 51% attacks (where a single entity gains control of more than half of the network’s mining hashrate or stake), long-range attacks, and other consensus vulnerabilities are also common network-level concerns, as is a denial of service attacks like the one we codenamed HamsterWheel. Oracle manipulation, financial contagion in DeFi platforms, and cross-chain bridge risks are also largely blockchain-agnostic risks.
CertiK was nominated for “Best Use of Technology for Positive Change” at the Global Blockchain Show. What do you think differentiates you from the other competitors?
We recently released SkyInsights, the most streamlined crypto compliance and risk management platform in the industry. There’s a patchwork of regulation from different jurisdictions around the world – from the EU’s MiCA to Singapore’s Payment Services Act, as well as other players to consider, like FinCEN, OFAC, and many more U.S. governmental agencies.
What cyber threats do you think will be the most crucial in 2024?
Based on data from our Q1 report, it’s evident that private key compromises will continue to be one of the most critical cyber threats facing the blockchain and cryptocurrency sectors in 2024. With $239 million lost in just 26 incidents, these compromises represent nearly half of all financial losses.
How do you think the government’s desire to centralise the blockchain networks and crypto threatens the whole ecosystem’s security?
Decentralisation, in general, is a core tenet of blockchain, both ideologically and infrastructurally. Yet the centralisation-decentralisation spectrum is broad, and a perfectly decentralised network is more of an ideal than a reality, so some level of compromise is needed. Compliance is one way that the space will certainly change. Areas of the industry will be increasingly regulated by governments, and these will be the areas that attract sums of institutional capital that dwarf the crypto industry’s current total market capitalisation.
Can you give some advice for ordinary users on how to avoid getting scammed while using blockchain-based services?
- Always double-check the addresses you’re sending assets to, especially for large transactions. Verify through multiple sources that you’re interacting with legitimate and official addresses.
- Stick to well-known and widely trusted wallet providers. Ensure you’re downloading the official version of the wallet from the official website or app store.
- Never share your private key or seed phrase with anyone, and avoid storing it online. Use hardware wallets for added security.
- Conduct thorough research on any project before investing. Look for reviews, the team’s background, the project’s whitepaper, and community feedback.
- Avoid clicking on links in emails or messages unless you’re sure they’re from a trusted source. When in doubt, visit the official website by typing the address directly into your browser.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Victoria is a writer on a variety of technology topics including Web3.0, AI and cryptocurrencies. Her extensive experience allows her to write insightful articles for the wider audience.
More articlesVictoria is a writer on a variety of technology topics including Web3.0, AI and cryptocurrencies. Her extensive experience allows her to write insightful articles for the wider audience.