{"id":593538,"date":"2023-01-03T05:49:00","date_gmt":"2023-01-03T11:49:00","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/01\/03\/the-computer-scientist-who-hunts-for-costly-bugs-in-crypto-code\/"},"modified":"2023-01-03T05:49:00","modified_gmt":"2023-01-03T11:49:00","slug":"the-computer-scientist-who-hunts-for-costly-bugs-in-crypto-code","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/01\/03\/the-computer-scientist-who-hunts-for-costly-bugs-in-crypto-code\/","title":{"rendered":"The computer scientist who hunts for costly bugs in crypto code"},"content":{"rendered":"
\n

In the spring of 2022, before some of the most volatile events to hit the crypto world last year, an NFT artist named Micah Johnson set out to hold a new auction of his drawings. Johnson is well known in crypto circles for images featuring his character Aku, a young Black boy who dreams of being an astronaut. Collectors lined up for the new release. On the day of the auction, they spent $34 million on the NFTs.<\/p>\n

Then tragedy (or, depending on your point of view, comedy) struck. The \u201csmart contract\u201d code that Johnson\u2019s software team wrote to run the crypto auction contained a critical bug. All $34 million worth of Johnson\u2019s sales was locked on the Ethereum blockchain. Johnson couldn\u2019t withdraw the funds; nor could he refund money to people who\u2019d bid on an NFT but lost their auction. The virtual money was frozen, untouchable\u2014\u201clocked on chain,\u201d as they say.\u00a0<\/p>\n<\/p><\/div>\n

\n

Johnson might wish he\u2019d hired Ronghui Gu.<\/p>\n

Gu is the cofounder of CertiK, the largest smart-contract auditor in the fizzy and unpredictable world of cryptocurrencies and Web3. An affable and talkative computer science professor at Columbia University, Gu leads a team of more than 250 that pores over crypto code to try to make sure it isn\u2019t filled with bugs.\u00a0<\/p>\n

CertiK\u2019s work won\u2019t prevent you from losing your money when a cryptocurrency collapses. Nor will it stop a crypto exchange from using your funds inappropriately. But it could help prevent an overlooked software issue from doing irreparable damage. The company\u2019s clients include some of crypto\u2019s biggest players, like the Bored Ape Yacht Club and the Ronin Network, which runs a blockchain used in games. Clients sometimes come to Gu after they\u2019ve lost hundreds of millions\u2014hoping he can make sure it doesn\u2019t happen again.<\/p>\n

\u201cThis is a real wild world,\u201d Gu says with a laugh.<\/p>\n

Crypto code is much more unforgiving than traditional software. Silicon Valley engineers generally try to make their programs as bug-free as possible before they ship, but if a problem or bug is later found, the code can be updated.<\/p>\n

That\u2019s not possible with many crypto projects. They run using smart contracts\u2014computer code that governs the transactions. (Say you want to pay an artist 1 ETH for an NFT; a smart contract can be coded to automatically send you the NFT token once the money arrives in the artist\u2019s wallet.) The thing is, once smart-contract code is live on a blockchain, you can\u2019t update it. If you discover a bug, it\u2019s too late: the whole point of blockchains is that you can\u2019t alter stuff that\u2019s been written to them. Worse, code that\u2019s hosted on a blockchain is publicly visible\u2014so black-hat hackers can study it at their leisure and look for mistakes to exploit.\u00a0<\/p>\n

The sheer number of hacks is dizzying, and they are wildly lucrative. Early last year, the Wormhole network had more than $320 million worth of crypto stolen. Then the Ronin Network lost upwards of $600 million in crypto.<\/p>\n<\/p><\/div>\n

\n

\u201cThe most expensive hack in history,\u201d Gu says, shaking his head in near disbelief. \u201cThey say Web3 is eating the world\u2014but hackers are eating Web3.\u201d<\/p>\n<\/div>\n

\n

A bustling field of auditors has emerged in recent years, and Gu\u2019s CertiK is the biggest: the company, which has been valued at $2 billion, figures it has done an estimated 70% of all smart-contract audits. It also runs a system that monitors smart contracts to detect in real time if any are being hacked.<\/p>\n

Not bad for someone who stumbled into the field sideways. Gu didn\u2019t start off in crypto; he did his PhD in provable and verifiable software, exploring ways to write code that behaves in a mathematically predictable fashion. But this subject turned out to be highly applicable to the unforgiving world of smart contracts; he cofounded CertiK with his PhD supervisor in 2018. Gu now straddles the worlds of academia and crypto. He still teaches Columbia courses on compilers and the formal verification of system software, and manages several grad students (one of whom is researching compilers for quantum computing)\u2014while also jetting around to Davos and Morgan Stanley events, clad in his habitual black shirt and black jacket as he attempts to convince crypto and financial bigwigs to take blockchain hacks seriously.<\/p>\n

Crypto famously runs in boom-bust cycles; the collapse of the FTX exchange in November was just a recent blow. Gu, however, believes he\u2019ll have work to do for years to come. Mainstream firms like banks and, he says, \u201ca major search engine\u201d are beginning to launch their own blockchain products and hiring CertiK to help keep their ships tight. If established businesses start pushing more code onto blockchains, it\u2019ll attract ever more hackers, including nation-state actors. \u201cThe threats we have been facing,\u201d he says, \u201care more and more tough.\u201d<\/svg> <\/p>\n<\/div>\n

Read More<\/a>
\n Clive Thompson<\/p>\n","protected":false},"excerpt":{"rendered":"

In the spring of 2022, before some of the most volatile events to hit the crypto world last year, an NFT artist named Micah Johnson set out to hold a new auction of his drawings. Johnson is well known in crypto circles for images featuring his character Aku, a young Black boy who dreams of<\/p>\n","protected":false},"author":1,"featured_media":593539,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3665,22341,46],"tags":[],"class_list":{"0":"post-593538","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-computer","8":"category-scientist","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/593538","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=593538"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/593538\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/593539"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=593538"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=593538"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=593538"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}