Blockchain circle

One stop hot information platform

About us:

Blockchain circle provides the latest information about blockchain, digital currency, digital wallet, exchange, metauniverse, bitcoin, Ethereum, contract, financial management and so on, and always pays attention to the latest market...

[in depth interview] Deng Yongkai, founder of zero time technology: Web3 ecological security from the perspective of geek

Time : 17/01/2022 Author : 7zd5lo Click : + -
        Outsiders, what is Web3? What kind of track is this? What kind of Unicorn will emerge? Besides the hot speculation of the concept, it seems that there is no clear answer to how disruptive innovation and application will occur. Chris Dixon, partner of a16z, a well-known global investment institution, once said that Web3 is a decentralized trusted computing network built on the decentralized, tamper proof and traceable characteristics of blockchain. Web3 is a value Internet owned by builders and users. Blockchain, crypto and Web3 will become the center of the next economic cycle. Forbes China talks about Web3 as a brand-new Internet model based on blockchain technology and concepts, in which blockchain is the underlying technology or core framework of Web3.
        The Research Report on the blockchain investment activities of the top 100 listed companies in the world by market value released by blockdata, a blockchain market intelligence agency, shows that between September 2021 and June 2022, 40 companies invested in companies in the blockchain / encryption field, totaling about $6 billion. These blockchain or encryption companies are active in more than 20 industries, and traditional Internet enterprises at home and abroad are also laying out the Web3 ecosystem. The year 2022 seems to be a year for hackers to exert their muscles. Behind the frequent security incidents, the population scale, ecosystem and loss value affected are ten times and 100 times larger than those in the past.
        Although Web3 is still a baby, it needs to have the defense ability of adults. As an indispensable part of Web3 infrastructure, blockchain security enterprises play the role of "security nanny", "police" and "detective" for the industry. White hat "hackers" are building security walls for the healthy and orderly development of Web3. What kind of industry is a blockchain security enterprise? What skills do white hat hackers have? What did they do? What kind of group is it? How do they stand firm in temptation and challenge?. We specially invited Deng Yongkai, a senior blockchain security expert in the industry and founder of zero time technology, to conduct an interview on blockchain security and jointly explore the story behind Web3 ecological security.
        Deng Yongkai, a senior expert in the field of blockchain security technology, a well-known network security white hat hacker, the founder of zero time technology, a former senior network security attack and defense researcher of Green Alliance Technology, a listed company, and a specially appointed blockchain security expert lecturer of government, enterprises and universities, participated in and reviewed a number of national and regional blockchain security service technical standards, and wrote the blockchain security best-selling book "Introduction and practical battle of blockchain security"# Q1uniffnews: for non-technical personnel, the topic of blockchain security is very big and far away. Please tell us what the blockchain security industry is and what it does based on your own experience? What does it have to do with ordinary people?.
        Before that, I did security attack and defense research, code audit and vulnerability mining in Lvmeng technology, a well-known network security listed company in China. At that time, someone asked me to audit the smart contract code. I was not particularly interested in it for the first time, but I also started to pay attention to this field. Until then, in April 2018, a security incident occurred in the industry. Because of an overflow vulnerability, the BEC smart contract of the US chain led to the project returning to zero overnight, "one line of code is worth 100 million", which exploded the circle of friends. At that time, I realized for the first time that the security problem of smart contracts was so powerful and the consequences were so serious. When I started to study smart contract security and blockchain security, I found that this is a dark, chaotic and wild field. It is different from traditional security issues, with many security issues, few researchers, few security reports and few research results.
        At that time, the development of blockchain ecological applications, such as smart contract applications and trading platforms, was flourishing, and more unknown security issues were waiting for the participants of this ecosystem to face. At that time, I thought that the field of blockchain security was very interesting and challenging. At the same time, in order to break the bottleneck of my traditional security research, I decided to devote myself to the unknown new track of blockchain security. After in-depth study, it is found that the security incidents that occur every day are the loss of real money. Many users and investors have lost their money, and some even have the idea of giving up their lives because of asset loss. Therefore, at that time, we strengthened our determination to focus on the field of blockchain ecological security, protect the lives and assets of users, and reduce losses. We can only start from the source, that is, help applications and platforms find problems before hackers, solve problems, build a security firewall, and create zero time technology at the end of 2018.
        The security challenges faced by the blockchain security ecosystem are actually changing. Due to the new concept, new technology and high return characteristics of blockchain, many people are lured by malicious blockchain applications, cheated and lost their money. On the one hand, it is a malicious attack on blockchain ecological applications, smart contract security vulnerabilities, hacking attacks on trading platforms, security vulnerabilities, and currency theft by hackers. On the other hand, it makes use of the concept of blockchain to do evil, such as malicious mining of virtual currency, blackmail of virtual currency, money laundering of virtual currency, dark network transactions, capital disk, gambling, fraud, etc. With the development of blockchain ecology, the ecological applications are more and more abundant, and the security problems and challenges are also more and more serious. This is an endless battlefield with live ammunition.
        #Q2unibffnews: your team has audited thousands of projects. Can you tell us what is the most common security problem in these projects? Why do you think this problem is caused?. The causes of security problems are basically the same: weak security awareness of technical personnel, insufficient awareness of security by project management, less investment in security construction and defense, insufficient security awareness of industrial users and insufficient ability to resist attacks# Q3uniffnews: if you are a hacker, what platforms or facilities do you think are your preferred attack targets?. Deng Yongkai: hacker attacks are generally purposeful, such as political, economic, commercial or technical. For different purposes, hackers will choose different attack targets. All projects have been successfully attacked or are being attacked.
        Of course, centralized platforms or projects with large amount of funds are the first choice for hackers. Deng Yongkai: from the perspective of the whole security circuit, some attack and defense technologies of blockchain security are similar to traditional security, and blockchain security also has its unique features. Traditional security companies have studied the development of security attack and defense for many years, with many employees and mature knowledge system and security standards. The blockchain security circuit is developing rapidly, and the ecological applications are updated at each stage. The security issues also change with the changes of applications, and there are many challenges. Moreover, it is still in the early stage of development. It is a blue ocean market, and there are many opportunities behind the challenges. Another point is that the blockchain industry is closer to money. The blockchain security attack and defense are all done with real guns. All people need to stick to the sense of justice of white hat hackers and the sense of awe for the market.
        #Q5unibffnews: what do you think is the core competitiveness of blockchain security companies? What is the competitiveness of zero time technology compared with its industry competitors?. Deng Yongkai: blockchain security is also one of the tracks of the entire network security system. I think its core competitiveness is the accumulation of hacker attack and defense technology and experience on and off the chain. The most important is the trust of industry customers. Why do you say that? When your customers come to you to deal with security problems, you will inevitably come into direct contact with the customer's core code and digital assets. Without rich experience and sufficient customer trust, it is difficult to convince the customer that you can do this.
        As for the advantages of zero time technology, I think there are three main points. First, the team's many years of practical experience in security attack and defense can be used for reference in the face of different attack targets and methods. Second, the team's focus on the blockchain security ecosystem. Third, the team has a strong sense of responsibility and justice, which is the cornerstone of customer trust. Deng Yongkai: we have opened many blockchain security tools to the outside world, including blockchain security intelligence, encrypted asset monitoring, intelligent contract security automated audit, and the chain security attack warning under development. On the one hand, the development of these tools is to provide industrial users with more ways to understand the blockchain security intelligence events, understand the blockchain security background, and the security status of blockchain applications, improve the security awareness of industrial users, reduce malicious attacks and fraud, and better protect their own assets.
        This is also in line with our mission of zero time technology to protect users' lives and assets. On the other hand, commercial security products need to be iterated according to market demand. So that customers can provide security solutions at every stage, build security defense for customers, and obtain greater value# Q7unibffnews: you used to come from a big factory. Do you think blockchain security companies can develop on a large scale? What are its advantages? What are its limitations?. Deng Yongkai: as the current blockchain ecosystem is still in the early stage of development, the blockchain security market is not mature and large-scale. For large enterprises, they may not have more capital investment and focus in this field.
        On the contrary, this gives us a lot of room for development. I think the current blockchain security market is still early. If you are optimistic about this field, you should devote yourself to making reserves. When the wind comes, you can take off. At present, there are more and more ecological applications of blockchain, and blockchain, NFT, data collection and Web3 have gradually become the consensus of everyone. I am very optimistic about this field. With the passage of time, its scale will usher in an explosion, and blockchain companies will develop on a large scale. As for the limitations, I think the first one is that the regulatory and support policies are not clear. There is no clear standard in China at present. The current applications, such as data collection, how to quickly replicate in the context of regulation and compliance, are all crossing the river by feeling the stones.
        The third is that in addition to technology, application and supervision, the development of the industry also needs the support of teams and supply chain ecology in all aspects. At present, few people have invested in Web3, and the accumulation of technology and experience is not enough. More geeks and practitioners are needed to join in for common development. Deng Yongkai: first of all, the whole blockchain ecosystem is a very international industry, and the applications are also open to the world. If your business is limited to domestic, the business scale is too small and the ceiling is too low. Compared with domestic, overseas blockchain ecology will be larger and richer, and the security market will be larger. Overseas distribution is the only way for blockchain companies. Zero time technology has also begun to lay out overseas blockchain security markets and brands.
        I think that in addition to the money itself, the most important thing for financing is to provide better resources for our business development and bring things that can complement our team. As for the expansion of the company, there is nothing trivial about safety. If you are not ready to start this business, isn't it cheating customers? Therefore, we have been doing research and reserves to provide customers with better blockchain security products and services. When you are ready, you will naturally bring customers and the market# Q10unibffnews: the blockchain industry has been developing for more than ten years, and it is actually a process of constant ecological change. Sometimes theory and practice are not synchronized, and it is inevitable that many frictions and contradictions will arise.
        Even some things are ephemeral. In fact, you are also an experienced person. How do you prevent being eliminated by various frictions and contradictions?. Deng Yongkai: in fact, blockchain security companies play an important role in the whole blockchain ecosystem and are also an infrastructure. Like all blockchain applications, it faces various frictions, obsolescence and challenges. Many projects in the industry are ephemeral, and zero time technology has been nearly four years. We are still very confident that the team can survive stably and develop better and better. First of all, seek truth from facts, do not forget your original intention, and keep your integrity. You can't change your original intention and progress because of some interests or temptations. Do what your security team should do. If the security team is not trusted, who else in this industry can be trusted?.
        #Q11 unibffnews: in the security industry, you not only have to fight against hackers, but also be affected by some environments and technologies. What do you think about failure? How to deal with it?. Deng Yongkai: many times, in the project or technical research, we can't solve all kinds of problems and questions in a short time and can't do anything. These things have always existed in our work, but we should not worry. We should calm down and think about solutions. Slow is fast. On the road of entrepreneurship, it is common to lead the team to fight. Failure and blow, as well as frustration. Only by constantly working hard, working side by side with the team and overcoming difficulties can we change this situation and grow.
        Deng Yongkai: as an emerging technology, blockchain will have corresponding application scenarios in any scenario where blockchain technology can be used to solve specific problems. At present, there is no phenomenal product application in the market. The public chain, alliance chain, cross chain, smart contract, wallet and trading platform in the industry belong to the infrastructure of the blockchain. Some applications such as defi, gamefi and NFT developed on the infrastructure have their own security problems. Web3 has not only traditional security problems, but also blockchain security problems and asset security problems. On the whole, Web3 is developing rapidly. In the process of development and innovation, security problems will not disappear, but will become more and more complex. Therefore, security will be accompanied by providing corresponding solutions.
        In the future Web3 and blockchain ecology, security audit and asset security are the top priorities. Conclusion: the security problems of Web3 may never stop. However, the result may be that as a16z analyzes Web3 security, more attention will attract more white hats and make the "entry threshold" for discovering new vulnerabilities higher. At the same time, with the increase of Web3 applications, the motivation of black hat hackers to find new vulnerabilities is also increasing. As in many other security areas, this is likely to remain a cat and mouse game. Return to Sohu to see more.
Previous:The number of domestic blockchain enterprises has reached 456, and this year and next will usher in the golden period of development?
Next:No more

Related articles:

© 2005-2032 | Blockchain Circle & & All Rights Reserved    Sitemap1 Sitemap2 If there is infringement, please contact us at: