Gu Ronghui: Personally, I believe that security is the most important for the sustainable development of Web 3.0. Web 3.0 is considered as the deep integration of new technologies such as blockchain, artificial intelligence, and big data with the internet. Its emergence will bring a more intelligent, secure, and decentralized internet.

PwC predicts that Web 3.0 will increase global GDP by more than 25 times in the next 10 years. The core concept of Web 3.0 is that users can directly control and manage their own data, digital assets, and identities without relying on centralized institutions. In this new model, security is a key factor in ensuring the protection of user assets and information from attacks, fraud, or misuse.

And current global regulatory policies confirm this point.

Q: Are current global regulatory policies favorable for Web 3.0?

Gu Ronghui: Taking Hong Kong as an example, as one of the international financial centers, it has unique advantages in developing the Web 3.0 industry, but it has been committed to becoming a facilitator of regulatory certainty. Since last year, Hong Kong has been continuously promulgating a series of regulatory new rules and adopting a cautious and steady attitude to seek market integrity and long-term protection of users. This is precisely its recognition of the potential of Web 3.0 and has successfully promoted the establishment of a regulated Web 3.0 market order in Hong Kong, helping it move towards the goal of becoming a global Web 3.0 center.

Just at the end of last month, I was very honored to be invited to join the Hong Kong Web 3.0 Development Task Force led by Mr. Chen Maobo of Hong Kong, and I was also invited to join the official International Technology Advisory Committee of Singapore. This fully reflects the importance that countries attach to the security field of Web 3.0 and demonstrates the long-term strategic direction of Web 3.0 worldwide.

Q: Will regulatory changes have any impact on CertiK's business?

Gu Ronghui: Regulatory authorities around the world are strengthening their supervision of Web 3.0 currencies and industries. This is undoubtedly favorable information for the security field. We have a representative product: KYC Due Diligence Service, which is used to deal with the constant fraud scams in the industry and can fully cooperate with relevant agencies at the regulatory level.

Q: At this meeting, you emphasized the importance of smart analytics, as well as the continued buzz around AI. Smart analytics technology is related to AI. How do you view this type of technology that has been dubbed as "destructive to humanity"?

Gu Ronghui: In 2022, OpenAI launched ChatGPT, which piqued our interest. We then conducted a test to evaluate ChatGPT's capabilities as an "AI smart contract auditor." The final result revealed that ChatGPT overlooked certain critical security issues during the audit. This is due to the limitations of artificial intelligence in fully understanding code complexity and subtle differences, as well as its lack of practical experience in real-world scenarios. However, it also demonstrates that, at least for now, AI technology cannot replace human expertise, but humans can complement the shortcomings of AI. Our goal is to continuously explore how to better utilize this globally evolving leading technology to serve the secure development of Web 3.0.

Q: So, both AI and smart analytics can play a role in Web 3.0 security. Could you elaborate on their key aspects and CertiK's application in this field?

Gu Ronghui: To ensure the security of Web 3.0 applications and blockchain projects, the flexible application of smart analytics technology will be the next step for the security field. It can truly add value to the Web 3.0 security audit process.

Smart contracts are a core component of Web 3.0 applications and are also one of the most vulnerable targets.

Smart analytics technology can identify potential vulnerabilities and security risks through static and dynamic analysis of contract code. It can automatically detect security issues within contracts, provide detailed reports, and assist audit experts in efficiently discovering and repairing vulnerabilities.

Furthermore, smart analytics systems can monitor and analyze transactions within blockchain networks, identifying abnormal and malicious behavior to help uncover potential security risks. Currently, we are utilizing state-of-the-art formal verification technology, secure smart contract auditing technology, and human-led auditing by security experts to ensure the security of projects through scanning and monitoring blockchain protocols and smart contracts.

As the "representative organization of Web 3.0 academia," our research and development team has been deeply engaged in applying intelligent analysis in a secure manner and transforming it into tools that can be used by ordinary users.

In fact, our Skynet scanning platform was launched in 2020, making it the earliest supporting tool for our current intelligent analysis platform, Skynet for Community. We had this idea a long time ago, hoping to transform cutting-edge academic achievements into enterprise-level products, and provide a platform that not only professionals can access, but also produces visualized data to serve all ordinary users.

This idea was only fully implemented earlier this year. Skynet for Community provides users with actionable on-chain data and social data, the latest list of completed smart contract audits, as well as valuable industry insights and security best practices. We have streamlined the process and integrated all this data into one platform for users to access.

Q: What functions does Skynet for Community platform have?

Gu Ronghui: Skynet for Community aims to open the door to "security" for users in the industry. In the past, "security" was an untouchable field for ordinary users, but attacks and losses were real. In the future, users will not only be able to view the market status of the ecosystems and projects they are interested in through this platform, but also check the security ratings and risks through CertiK rankings, and obtain real-time warnings and threat dynamics. In addition, users can also check the background of project teams. Our KYC section will grant badges to projects that pass KYC checks, greatly reducing the risk of falling into fraud schemes such as Rug Pull.

Q: It sounds like security technology can be applied beyond Web 3.0, right?

Gu Ronghui: Yes, that's right. Such security technology can be applied to many fields, including cloud computing.

In May of this year, we announced a partnership with Alibaba Cloud based on this point. WeThe Web 3.0 project provides secure services. Now, Web 3.0 developers can use CertiK's security solutions and Alibaba Cloud's scalable, efficient, and secure infrastructure to accelerate the development process and protect applications and smart contracts. Our smart contract auditing service and Layer 1 blockchain auditing service are fully launched on Alibaba Cloud. We are honored to see that Alibaba Cloud is committed to the same vision and adopts a comprehensive security approach. We are also looking forward to empowering a wide range of audiences with secure blockchain development and deployment.

Q: I heard that you also mentioned your bug bounty program. What is the main purpose of this program?

Gu Ronghui: We have recruited and selected a group of world-class white-hat hackers to collect intelligence and promptly discover vulnerabilities before malicious actors exploit them. It not only screens and identifies all submission materials for users but also assists them in making proper fixes.

It is worth mentioning that we were recently awarded a $500,000 bounty by the public chain SUI for discovering a new security threat.

The threat we discovered is named "HamsterWheel," which could potentially disrupt the entire Layer 1 network of SUI. Currently, SUI has implemented fixes to ensure its network security. This also demonstrates the importance of actively conducting cybersecurity work, promoting a secure blockchain ecosystem, and the value of bug bounty programs. It highlights the necessity of taking strong security measures and proactively identifying threats in the rapidly developing blockchain field.

Interviewee Introduction

Professor Gu Ronghui is a professor in the Department of Computer Science at Columbia University. He graduated from Tsinghua University with a Bachelor's degree and received a Ph.D. in Computer Science from Yale University. He is also an expert in operating systems, software security, and formal verification. He is the main designer and developer of CertiKOS, the world's first fully verified concurrent operating system kernel. Professor Gu Ronghui has received awards in system security, including the Amazon Research Award, OSDI Jay Lepreau Best Paper Award, SOSP Best Paper Award, CACM Research Highlights Award, VMware Systems Research Award, and Yale Outstanding Doctoral Dissertation Award. He co-founded CertiK with Professor Zhong Shao, Chair of the Department of Computer Science at Yale University. In just five years, CertiK has achieved the highest market share in the Web 3.0 security market, safeguarding over $360 billion in digital assets and becoming a $2 billion valued company.Super Unicorn.

In early July, Prof. Ronghui Gu, co-founder of CertiK, was invited to attend the "Global Digital Economy Congress Digital Security Summit and BCS 2023 Beijing Cybersecurity Conference". Starting from the specific discussion of intelligent analysis and audit practices, he responded to the cutting-edge issues of Web 3.0 security that are widely concerned in the field.

Closing Remarks

The future trend of Web 3.0 is exciting, but its implementation also relies on the efforts and protection of the entire industry. Protecting user assets, privacy and data security, preventing attacks and abuse, and establishing a reliable trust mechanism are all key elements to ensure the successful development of the Web 3.0 ecosystem.

Only through the joint efforts of the global community can we build a secure and reliable Web 3.0 ecosystem, providing users with a truly secure, privacy-protected, and sustainable digital economy.

It is hoped that through the joint efforts of the industry, Web 3.0 can achieve higher security and sustainability, help to land a more secure, open, and fair Web 3.0, and promote the better integration of the digital economy into people's lives.