Author: Nancy, PANews

Bitcoin has broken through the $100,000 mark, marking a historic moment. This is not only a milestone in price but also a concentrated reflection of market sentiment, capital flow, and changes in the ecological landscape, signifying that the crypto industry has entered a new stage.

At this important moment, CertiK officially released an exciting nearly 40-minute video featuring a deep dialogue between co-founder Gu Ronghui and Binance founder CZ in Abu Dhabi. The two leaders in the crypto industry discussed the key factors behind the market transformation, including technological advancements, changes in user demand, and the evolution of the global regulatory environment. They not only shared unique insights into the future of the industry but also analyzed the current security challenges and the increasingly changing regulatory framework in the crypto world, providing profound insights on innovation, security, and compliance.

Through this video, we witness how these two industry leaders leverage their vision and experience to lead the industry towards a more mature, secure, and compliant future.

From left to right: CertiK co-founder Gu Ronghui, Binance founder CZ, Luna Media Corp CEO Nikita Sachdev

The crypto market has lost over $2 billion this year, with off-chain becoming a major security disaster area

As the crypto market enters the mainstream, it has greatly expanded the growth space for users and capital, while also raising higher demands for the foundation of security trust. In terms of the scale of attacks, the crypto market is becoming a major disaster area for security. In the first half of 2024 alone, losses from hacker attacks and phishing incidents have reached $2 billion, surpassing the total losses for all of 2023. This further highlights the importance of security institutions in cybersecurity and code auditing within the crypto field.

CZ and Gu Ronghui emphasized the importance of crypto security during the interview, mentioning the difficulties and challenges in the auditing process, particularly the unpredictable threats that remain a persistent issue.

According to Gu Ronghui, the current attack patterns have changed significantly compared to the past. Although more and more companies and projects are beginning to value code auditing and collaborate with external security firms like CertiK, the amount of attacks on certain smart contracts has actually increased this year. This is not only a result of attackers continuously upgrading their strategies but also due to weaknesses in key management and internal personnel security on the part of project teams, which further exacerbates the risk of attacks.

He further pointed out that for most complex Web3 applications, they are, to some extent, a hybrid of Web3 and Web2 systems. Typically, the Web3 part consists mainly of smart contracts, such as code deployed on various blockchains, while the Web2 part encompasses key management and other backend services. Although more people are recognizing the importance of auditing the Web3 part, the focus on the security of the Web2 part remains at a very rudimentary stage, with many project teams underestimating the security of the Web2 part. In some cases, they are unwilling to disclose the source code of the Web2 part, especially regarding key management. This undoubtedly adds greater challenges to the overall security of the crypto market. It is worth noting that a single weak link can threaten the security of the entire system, which is the most concerning aspect.

In this regard, CZ further supplemented with his own experience, noting that when most people talk about security, they usually think of system security, network security, or smart contract auditing. However, the scope of security is much broader, including employee security, social engineering, and even the physical security of offices and the organizational structure of enterprises, all of which can impact overall security. Security is far more than just simple code auditing; it involves various levels of the entire enterprise and is a comprehensive, systematic challenge.

However, conducting security audits of crypto projects in centralized systems poses certain difficulties for security institutions. "Generally speaking, most projects are unwilling to open up content related to the Web2 part to external teams, such as key management systems, which also increases the difficulty of auditing. Currently, there is no golden standard for key management, but CertiK has been promoting industry best practices and has taken measures such as penetration testing to provide effective security guarantees, although the effectiveness still has certain limitations," Gu Ronghui stated. If project teams could share these key codes under certain conditions, especially providing source code for white-box testing rather than black-box testing, the system architecture could be analyzed more deeply, thereby identifying and addressing more potential security vulnerabilities, significantly enhancing overall security.

According to Gu Ronghui, as a seasoned security "gatekeeper," CertiK has established a solid technical foundation and strict auditing standards. In the past year alone, it has received multiple public acknowledgments from Apple for discovering vulnerabilities in systems interacting with trusted environments, and it has been inducted into Samsung's "Hall of Fame."

Enhancing efficiency with new technologies, cybersecurity is a shared responsibility

As the crypto market continues to grow, frequent hacker attacks and phishing incidents have brought significant economic losses to project teams and investors. Especially with the rise of new technologies such as artificial intelligence, which not only brings more complex attack methods but also prompts security institutions to continuously enhance their technical response capabilities and the flexibility of their auditing systems.

"Artificial intelligence was initially mainly applied in customer support, back then we called it sparse matrix and recommendation engine. Now, AI has evolved into a language processing engine capable of predicting the next word. Like blockchain, AI is a technology field full of potential. However, we are still in the early stages of exploring AI's potential. In the future, this technology may not only be weaponized for cyberattacks and enemy target analysis but will also play a key role in defending against these attacks and be applied in various fields such as blockchain and biomedical research." Under the transformative era brought by emerging technologies, CZ emphasized the high importance of artificial intelligence.

However, responding to the continuously evolving and upgrading attack methods remains challenging, even for industry giants with strong technical capabilities and abundant resources.

"For example, key management is a crucial aspect for both centralized and decentralized exchanges, but it faces many complex challenges. While multi-party participation in key management can improve efficiency, information disclosure may pose greater risks. If dedicated and non-networked devices are used for key storage, potential threats still arise when signing transactions. Therefore, how to effectively manage keys while ensuring transaction security has become an urgent issue in the crypto field. Even if security audits can be conducted, potential threats such as computer virus infections still exist, and for some newly established or lesser-known security companies, project teams tend to keep the specific details of key management confidential," CZ raised the concerns and challenges faced by project teams during the discussion.

In response to this situation, Gu Ronghui proposed specific suggestions that may provide guidance for crypto entrepreneurs and practitioners. He cited an example, stating, "In the field of private key management, device infection by viruses is a severe security issue. Therefore, building a hardware-based Trusted Execution Environment (TEE) is particularly important, such as a secure module used to store fingerprints or facial information, which can ensure the security of private information even if the device is infected. Even if the device is compromised, as long as the information stored in the Trusted Execution Environment is correctly managed and interacted with, this information can still be protected from external threats."

Gu Ronghui further pointed out that cybersecurity is not just a competitive advantage for a specific team; it is a shared responsibility that involves multiple levels and links, requiring collaboration from all parties, including users, project owners, developers, security companies, and even law enforcement agencies. For project owners, his suggestion is that security assessments should run throughout the entire project lifecycle, adopting an end-to-end approach for continuous security checks rather than stopping at the audit of a specific version. Many project teams may believe that once a version has undergone a complete audit, they can rest easy, and even minor changes afterward are not reassessed, which is a mistaken approach. Cybersecurity is a continuously evolving process, and with changes in projects and the constant escalation of external threats, vigilance must be maintained, and regular assessments and updates should be conducted. Through collaboration among all parties, while it may still not guarantee 100% security, it can at least minimize potential threats and vulnerabilities. CertiK is also developing more services to cover longer lifecycles and provide more comprehensive protection for clients' systems.

From the discussion between the two leaders, it is clear that while no security audit institution can provide absolute guarantees, the introduction of new technologies can indeed significantly enhance response capabilities and efficiency. However, for project teams, the fundamental aspect is to actively participate and deeply study their systems to ensure they can effectively respond to various potential risks and be well-prepared for protection.

Note: Gu Ronghui and CZ

From ecological construction to user education, helping cryptocurrencies move towards mainstreaming

"The United States is the main driving force behind this bull market. Institutional investors are accelerating their entry into the market, with products like BlackRock's Bitcoin ETF attracting hundreds of billions of dollars in just a few months after approval. Coupled with Trump's election, who is very supportive of cryptocurrencies, the U.S., as a global leading market, will inevitably lead other countries to follow suit, triggering a global competition. Additionally, emerging use cases like MEME coins are also driving market development," CZ reviewed the factors behind the rise of this bull market during the interview.

This also means that cryptocurrencies are accelerating their move towards mainstream adoption, which will not only bring more liquidity to the market but also promote a more professional price discovery mechanism. Of course, under this trend, the competition for building in the crypto field is becoming increasingly fierce globally.

CZ also clearly pointed out that countries are exhibiting exceptionally intense competition in regulatory policies in the crypto field. From Japan and Singapore in Asia to Hong Kong, and then to the Middle East with the UAE and Bahrain, countries are striving to establish themselves as global cryptocurrency centers. The new U.S. government's supportive stance on cryptocurrencies has added new variables to this competition.

In the trend of compliance, CertiK is actively collaborating with global regulatory agencies. For example, Gu Ronghui serves as a member of the Monetary Authority of Singapore (MAS) and the Hong Kong Web3 Development Task Force, providing suggestions and feedback for the formulation of regulatory frameworks. For instance, two recommendations in the recently released draft compliance framework for stablecoins in Hong Kong were provided by CertiK and adopted. At the same time, CertiK has also provided security auditing and compliance services related to stablecoins for several well-known companies, including Singapore's first licensed stablecoin issuer Paxos and large financial institutions like PayPal.

At the same time, in this context, only by actively engaging in the construction of the crypto ecosystem can one better secure a place in future market competition, which has always been a focus for CertiK. This year, CertiK launched CertiK Ventures, focusing on the growth of the Web3 ecosystem, aiming to inject vitality into the community during market downturns. Gu Ronghui revealed that the core strategy of CertiK Ventures is to invest in early-stage Web3 projects, such as SEI Network, WeMix, and Kaia, while also looking at companies that can enhance cybersecurity capabilities, including developer tools, on-chain monitoring systems, and testing frameworks. Additionally, CertiK has collaborated with many large companies in traditional industries to help them actively learn and understand Web3, exploring the possibilities of conducting business in this field. However, Gu Ronghui also believes that this transition is a gradual process that requires the collective effort of all members of the industry.

As cryptocurrencies increasingly move towards mainstream adoption, user education is undoubtedly one of the key links in the industry's development. As CZ mentioned in the dialogue, the uneven distribution of educational resources globally, especially the issue of illiteracy in developing countries, is a significant barrier preventing people from entering the crypto world. However, now, through devices and applications, high-quality learning content can be provided to children lacking educational resources, such as the "earn while you learn" model, which can fundamentally change their destinies. To promote this process, CZ has also launched the educational platform Giggle Academy, investing not only in areas like Web3 blockchain, artificial intelligence, and biotechnology but also viewing education as an important means to change the future.

Gu Ronghui also expressed a strong desire to promote education and provided safety education advice for new investors entering the market. He stated that the spirit of decentralization is at the core of blockchain and smart contract design, but it also brings challenges of trust. Many retail users do not fully understand how smart contracts or blockchains work, making them more likely to trust centralized companies rather than the code itself. In this regard, Gu Ronghui emphasized that investors should not simply rely on audit reports from security institutions like CertiK as a "security seal," but should place greater importance on the transparency of projects and publicly available information. To this end, CertiK has also developed the Skynet platform, allowing users to more easily access and understand this data, thereby helping them conduct better due diligence.

In addition to risk assessment, CZ also reminded investors to set investments of "appropriate scale" based on their risk tolerance, avoiding greater financial pressure due to over-investment.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。