This computer scientist who tracks down costly bugs in the cryptocurrency code

In the spring of 2022, ahead of some of the more volatile events to hit the cryptocurrency world over the past year, an NFT artist named Micah Johnson held another auction of his drawings. Micah Johnson is well known in crypto circles for images featuring his character Aku. The latter is a young black boy who dreams of becoming an astronaut. Collectors have rushed to participate in this new edition. On auction day, in total, they spent $34 million acquiring these NFTs.

Then tragedy struck. The “smart contract” code that Micah Johnson’s software team wrote to run the cryptocurrency auction contained a critical bug. All of the artist’s $34 million in sales have been locked on the Ethereum blockchain. Consequences: Micah Johnson was unable to withdraw funds. Furthermore, he could not pay back people who had bid on one of his NFTs without their bid winning. Play money was frozen, untouchable, “stuck on the chain” as they say.

>> Discover 21 million, Capital’s cryptocurrency newsletter. Every week a complete card to understand everything about the cryptocurrency revolution and price analysis to support you in your investments. Right now, with the promotional code CAPITAL30J, take advantage of a free trial month.

Micah Johnson may regret not hiring Ronghui Gu. The latter is the co-founder of CertiK, the largest smart contract verifier in the sparkling and unpredictable universe of cryptocurrencies and Web3. An affable and talkative computer science professor at Columbia University, Ronghui Gu leads a team of more than 250 people who examine the cryptocurrency’s code to make sure it isn’t buggy.

READ ALSO

After the FTX affair, what future for cryptocurrencies in 2023?

Crypto-code is much more ruthless than traditional software

CertiK’s work will not prevent you from losing your money when a cryptocurrency crashes. Nor will the company stop a cryptocurrency exchange from misusing your funds. But CertiK could help prevent a software glitch from causing irreparable damage. Among its clients, the company counts some of the biggest cryptocurrency players such as the Bored Ape Yacht Club and the Ronin Network. The latter manages a blockchain used in games. Customers sometimes come to Ronghui Gu after losing hundreds of millions of dollars hoping this computer scientist can make sure this misfortune does not happen again.

“It’s a really wild world,” Ronghui Gu says with a laugh.

Crypto-code is much more ruthless than traditional software. Silicon Valley engineers usually try to make their programs as bug-free as possible before shipping them, but if a problem or bug is discovered later, the code may be updated.

This is not possible with many cryptocurrency projects. They operate using smart contracts, which are computer code that regulates transactions. Let’s say you want to pay an artist 1 ETH for an NFT, a smart contract can be coded to automatically send you the NFT token once the money arrives in the artist’s wallet. The problem is that once smart contract code is embedded in a blockchain, it cannot be updated. If you then discover a bug, it’s too late: the interest of blockchains is that you can’t change what’s written on it. Worse still, the code hosted on a blockchain is visible to all: hackers can therefore study it calmly and look for errors to exploit.

Ronin Network Loses Over $600 Million in Hacks

The number of these hacks is dizzying and they are extremely profitable. In early 2022, the Wormhole platform suffered the theft of over $320 million worth of cryptocurrencies. Then, the Ronin network lost over $600 million in cryptocurrencies.

“It’s the most expensive hack in history,” said Ronghui Gu, shaking his head in near disbelief. “They say Web3 is eating the world, but hackers are eating Web3.”

In recent years, a multitude of listeners have emerged. CertiK, co-founded by Ronghui Gu, is the most important of these: the company, valued at two billion dollars, estimates that it has carried out 70% of all smart contract audits to detect in real time whether the one there is hacked.

Not bad for someone who entered this universe somewhat by accident. Ronghui Gu didn’t start with cryptography, he spent his PhD in the field of testable software, exploring ways to write code that behaves mathematically and predictably. But this argument turned out to be very applicable to the cutthroat world of smart contracts. He co-founded CertiK with his thesis director in 2018. Ronghui Gu now straddles the academic and cryptocurrency worlds. He continues to teach courses at Columbia on compilers and formal system software verification, supervises several PhD students (one of them is researching compilers for quantum computing), as he heads to events in Davos and Morgan Stanley, dressed in his usual shirt black and dark jacket, to try to convince the bigwigs of cryptocurrency and finance to take blockchain hackers seriously.

Cryptocurrency is known for its boom and bust cycles. The FTX stock market crash in November is just one recent example of a blow. Ronghui Gu thinks he will have work to do for years. Traditional companies, such as banks and, he says, “a major search engine,” are starting to roll out their own blockchain products and hire CertiK to keep their ships running smoothly. If established companies start injecting more code into blockchains, they will attract more and more hackers, including state actors. “The threats we face,” he analyzes, “are getting tougher and tougher.”

Article by Clive Thompson, translated from English by Kozi Pastakia.

READ ALSO

This blockchain video game sets the stage for a metaverse that no one could control

Leave a Comment