CryptoSlate recently had the opportunity to chat with Daryl Hok, COO and Executive Vice President of global cybersecurity startup CertiK which provides end-to-end security solutions for the blockchain industry.
As the EVP & COO at CertiK, Daryl received a B.A. from Yale University and has previously held roles in Product Management, Corporate Development / M&A, and Business Development for companies like Fiscal Note and Signatory.
What is your professional background and how/when did you get into crypto?
After graduating from Yale University with a double major in Economics and Psychology (focusing on behavioral economics), I joined as one of the first employees at an AI-GovTech startup backed by Mark Cuban called FiscalNote. I actually first learned about Coinbase from the various policy and lobbying initiatives affecting virtual assets.
In 2017, while the ICO boom was happening, I was leading the Corp Dev team to close a $180M acquisition from The Economist Group. The negotiations were long and intense, but in between meetings, I found time to dive into the crypto space. Ever since, the blockchain bug latched onto me, and I joined CertiK as the COO with the mission of building the world’s leading blockchain cybersecurity company.
What is CertiK and what services does CertiK offer?
CertiK provides end-to-end security solutions for the blockchain world. We began with a focus on auditing blockchain projects and quickly became one of the most trusted auditors in the space. With tremendous growth these last few years, CertiK has since expanded to form pre-deployment auditing and penetration testing, to insurance alternatives, real-time on-chain monitoring, and a security oracle. In short: we protect project owners and token holders from everything but themselves.
One unique piece of technology is CertiK Chain, a first-of-its-kind security-focused blockchain. It’s designed for the trustworthy execution of mission-critical applications, including DeFi, NFTs, and autonomous vehicles. CertiK Chain integrates directly with a new, hyper-secure programming language called DeepSEA, which embeds formal verification to mathematically prove the correctness of code as its written.
What is the utility of the CertiK Token?
The CertiK token (CTK) is a utility token that powers the CertiK Chain. It’s also the native currency for CertiKShield: a decentralized discretionary mutual which provides reimbursement protection for digital assets. Both the purchase and the reimbursement are done in the CTK token, and collateral providers earn high yields for locking in their funds. Customers can also purchase audits, on-chain security monitoring, and other services with CTK at discounted rates.
Since the explosive growth of Defi, how does CertiK stay one step ahead of exploits?
This is a great question. It’s a bit like the Wild West, with the bad guys riding off into the sunset as the sheriff scrambles to catch up to them. At CertiK, we’re not interested in playing catch up.
Instead, we have an outstanding team of security engineers as well as an innovative toolset that allows for the detection of exploits before they happen. This multi-layered security stack includes pre-deployment auditing and penetration testing, on-chain monitoring, and reimbursement protection. It ensures that our clients are protected at all stages of the project lifecycle.
How has the blockchain security space evolved in the last few years and what does the future of blockchain security look like?
When CertiK was first founded, auditing was considered above and beyond for a project to perform. Thankfully, with the efforts of ourselves and others, we’ve raised the standards to make auditing the norm. These days, audits are required for a project to be listed on any major exchange, and security-conscious users will ensure that a platform has been audited before committing any funds. That’s why we created certik.org to provide a public repository of audited projects for the community to verify.
The landscape of attack vectors has changed quite a bit over the past few years. While basic exploits still occur from coding errors such as reentrancy, those vulnerabilities are typically well known and easily avoided. Instead, many of the largest attacks that we’ve seen in the past 12 months have been exploits of a protocol’s financial logic – taking advantage of a very specific series of interactions in order to exploit a flaw. Flash loan attacks are an example of this sophisticated kind of attack that combines technical expertise with an understanding of inter-platform financial interactions.
The future of blockchain security requires an evolving set of defenses to counter the latest concoction of attacks. This may be in the form of more robust primitives and templates, more sophisticated tooling, or more dynamic strategies to mitigate risk. Crypto insurance or other forms of risk mitigation will likely gain popularity as a method of preparing for the unknown. As mainstream financial adoption of digital assets continues, so too will the adoption of mainstream financial standards. Like the evolution of audits, I believe that insurance will evolve to become part of the norm as well.
Why should a project or individual choose CertiK for insurance over its competitors?
As evident in the traditional insurance space, consumers have the option to choose among several different plans, each with bespoke aspects of reliability, coverage, methodology, and price.
CertiKShield leverages our company’s deep technical expertise to better inform policyholders and stakeholders. As a decentralized discretionary mutual, CTK holders are in charge of determining which claims to cover and which to reject. This gives the power to the people to establish flexible standards that can mold to the rapidly changing environment of blockchain.
CertiKShield is unique in many ways. Firstly, CertiK’s expertise as a leading security company enables detailed research reports to be released about specific claim proposals. These objective reports are released before voting on the claim takes place, allowing the community to be equipped with proper diligence to make a decision. Secondly, all purchased Shields are fully collateralized, so the funds needed to reimburse each active Shield are locked and set aside on-chain. The individuals who are providing the funds, called Collateral Providers, earn the fees paid by Shield Purchasers, creating a sustainable system for risk and reward. Finally, since CertiK Chain is interoperable as a bridge to many other protocols, the Shields offered on CertiKShield can span across protocols, including Binance Smart Chain, Ethereum, and many more.
Do you have any blockchain and/or crypto predictions for 2021 and beyond?
We’ve already seen some big leaps in these areas, but I believe 2021 has much more in store for multi-chain interoperability, NFT business models, and widespread stablecoin adoption / substitution of today’s “digital” fiat. With respect to security, I’d predict that various forms of insurance and their alternatives will gain more mainstream traction, as users begin to seek out methods of avoiding getting rekt. In a similar vein to on-chain lending, decentralized insurance alternatives like CertiKShield will gain popularity, especially for the higher volume projects.
Infrastructure projects will grow in importance as blockchain interoperability increases. The average user doesn’t want to worry about whether one type of crypto is compatible with a certain wallet or exchange; over time, this will get obfuscated for the user while the magic happens in the backend.
Finally, I think we’ll see more publicly-traded companies following the lead of MicroStrategy, Square, and Tesla in holding Bitcoin as a treasury reserve asset as the dollar and other fiat currencies weaken as a result of continual printing.
All in all, 2021 is shaping up to be an exciting year for crypto.
What is your most controversial opinion relating to blockchain and/or cryptocurrency?
There’s a troubling amount of cognitive dissonance in the space, even among supporters of the same cryptocurrencies. For instance, with respect to bitcoin, there are a number of companies and individuals who focus on the efficiency of transfers to make bitcoin a more spendable currency, but that misses the point of where bitcoin has evolved its identity to become seen as a store of value. The original bitcoin whitepaper defines a “peer-to-peer electronic cash system,” but over the past ten years, the identity of bitcoin has evolved.
While it’s great that major public companies like Square are investing in bitcoin, statements such as CEO Jack Dorsey’s classification of bitcoin as a potential “native currency” of the internet are detractions from the core philosophy that bitcoin is meant to be stored, not spent. Of course, the two use cases of bitcoin, one as a currency and one as a store of value, are not mutually exclusive, but as described by Gresham’s Law in Economics, why would someone actively choose to spend something they believe will appreciate in the future (in this case, BTC)? If given the option, rational BTC hodlers would rather pay with stablecoins or other non-appreciating cryptocurrencies, not one they believe will moon over time. For that reason, the narratives of bitcoin as a currency, and in particular, the belief that BTC must be widely accepted and lightning-fast to succeed, are red herrings to the success that it has had (and will continue to have) as a store of value meant to be held, not transferred.