Text|Ray
Edit|Ma Azusa
36氪 was informed that “BlockSec”, which focuses on the security of blockchain architecture, has recently completed an angel + round of financing. This round of financing was jointly led by Oasis Capital and Matrix Partners, with participation from Mirana Ventures (Bybit investment partner), CoinSummer and YM Capital, with a financing amount of nearly RMB 50 million.
From an industry perspective, like traditional banking, the basic units of the blockchain world are accounts with different balances, and users can manually transfer transactions between different accounts. With the popularization of new blockchain technologies such as ETH, smart contracts, a technology that automates transfer transactions by executing open source code, have also attracted widespread attention from developers and users. The smart contract has the characteristics of decentralization, so it will be more trusted by some users. For example, for a public account shared by three people, the smart contract can stipulate that at least two of the three people have to sign and agree to transfer the money in the public account. The transfer, and the step of confirming the signature, is performed automatically by running the code and does not need to rely on a third party such as a bank.
On the other hand, the security of the smart contract itself requires developers to attach great importance to it. Because of the open source nature of smart contracts, hackers can also see the code of smart contracts. If there are loopholes in the code, hackers will attack and profit. Therefore, blockchain security companies around this direction have also emerged. BlockSec, which 36氪 came into contact with recently, is a blockchain security company whose current business mainly revolves around smart contract security.
Talking about the security of smart contracts, Zhou Yajin, co-founder of BlockSec, said that based on the deployment time of smart contracts, BlockSec provides code auditing services for smart contracts before deployment, and real-time monitoring of blockchain data after deployment. , once the attack behavior is found, the corresponding attack block and recovery will be carried out.
For code auditing of smart contracts, Zhou Yajin introduced that there are different ways to achieve goals in the current industry. One such approach is formal verification, which involves defining security rules in advance and then proving that the client’s code complies with those rules, thereby avoiding security holes that violate those rules. On the other hand, BlockSec found that many security vulnerabilities are related to the specific business scenarios of smart contracts, and only ensuring the correctness of the code cannot guarantee the security of the entire smart contract. Therefore, in specific operations, BlockSec will conduct code audits through the idea of ”attack”, and the specific technologies include Fuzzing (fuzzing testing). In the implementation, due to the difference between DeFi and traditional security, BlockSec will provide unique technologies in the automatic understanding of DeFi semantics to ensure the accuracy of Fuzzing.
After the code audit, the customer usually conducts multiple rounds of code modification and re-audit according to BlockSec’s recommendations. After reaching the security standard, the smart contract will be deployed into the blockchain. At this point, the code of the smart contract will be visible to everyone and executed by the user. At the same time, BlockSec will monitor those pending transactions, and will block the attack if it finds a transaction that is suspected of being hacked. At this point, BlockSec will apply to the blockchain world to execute a hedging transaction and transfer the balance in the smart contract address to another secure address to prevent hackers from stealing funds. For customers, this is where the “speed of life and death” will be staged, and if the hacker’s transaction is executed first, the funds may go to the hacker. BlockSec will take corresponding technical measures to detect attacks as early as possible and speed up the execution of hedging transactions to ensure the safety of customer funds. In the worst case, after the user’s funds have been transferred to the hacker, BlockSec’s loss recovery service will track the hacker’s capital chain by analyzing the data on the chain. If it is found that the hacker’s funds flow to the exchange, BlockSec will quickly contact the exchange. The police, negotiate with the corresponding exchange platform, provide evidence, and strive to freeze the hacker funds, so as to recover the losses.
According to the company, BlockSec’s attack blocking system has successfully blocked several hacker attacks. For example, when Saddle Finance was attacked by hackers, BlockSec issued an early warning and successfully blocked the attack. So far, BlockSec has recovered more than $5 million in assets for projects including Saddle and HomeDao.
Talking about the charging model, Zhou Yajin said that the part of the code audit is usually charged on a per-time basis according to the size of the project. After the smart contract is deployed, the data monitoring part will adopt a subscription system, such as an annual fee. For the loss recovery service, in addition to the subscription system, at the same time, according to the amount of recovery, a percentage fee will be charged. BlockSec has been profitable since its inception.
In response to the market prospects and the growth rate of the market, Zhou Yajin said that smart contracts are still in a stage of rapid development, and the number and volume of smart contracts will also increase, so there will be more demand for audit services. During the entire life cycle of a smart contract, there will be multiple modifications and upgrades, so multiple audits are required. In addition, some project parties will also invite multiple auditing companies to audit the same code to ensure maximum security. Companies currently focusing on smart contract security audits and blockchain security services include Certik and others. Data monitoring and loss recovery services will also become more challenging and more promising as the number of transactions and transaction volume increase. DappRadar released a report that the number of active blockchain distributed application (Dapp) addresses reached 2.38 million in the first quarter of 2022, while the amount of funds stolen during the quarter was as high as $1.2 billion . This also reflects the real need of Dapp for security.
As for the team, the two co-founders of BlockSec, Dr. Zhou Yajin and Dr. Wu Lei, both obtained their Ph.D. degrees from the University of North Carolina, and are currently professors and associate professors at Zhejiang University. The two have been conducting blockchain security research in academia for many years since 2018. In addition, the two also served as senior security researchers at Qichu 360. On the whole, the team members of BlockSec are not only from the computer field, but also experts with different backgrounds in finance and mathematics. They will conduct manual analysis for specific business scenarios. , mathematics, etc., to provide customers with more comprehensive security services both on-chain and off-chain.
Talking about the company’s next plan after the financing, Zhou Yajin mentioned that the company’s team is continuing to expand. Currently, BlockSec values candidates’ curiosity about emerging things and has actual development experience in blockchain or security products. In terms of technology, candidates are expected to have a certain background in security or blockchain. In the future, the company also plans to expand its business, convert new security technologies into products and provide customers with security infrastructure for blockchain.
About investing:
Oasis Capital said: “The information security problems brought about by digital penetration, new technology iteration, and system complexity have spawned a new generation of security service providers. The BlockSec team’s solid scientific research background, insight into industry and market needs, and the future generation The Internet security system provides unique perspectives and solutions. Oasis looks forward to developing a new field of enterprise service data and personal digital asset security together with BlockSec with a global perspective.”
——————
Note: 36氪 is paying attention to this field, and relevant practitioners are welcome to add authors Ray (WeChat: raylazy) and Zhen Zi (WeChat: 315159284) to communicate.
media coverage
36Kr investment community start-up state investment network
This article is reprinted from: https://readhub.cn/topic/8hqaX9KYwUJ
This site is for inclusion only, and the copyright belongs to the original author.