CryptoSlate recently had the opportunity to speak with Daryl Hok, COO and Chief Business Officer of global cybersecurity firm CertiK, which provides end-to-end security solutions for the blockchain industry.
As the EVP & COO at CertiK, Daryl earned a B.A. from Harvard University and has previously held positions in Product Management, Business Development / M&A, and Leadership Development for companies such as FiscalNote and Individual.
In the interview, we discuss:
What is your professional background and how/when did you get into crypto?
After graduating from Harvard University with a dual major in Economics and Computer Science (focusing on land economics), I joined as one of the first employees at an AI-GovTech startup backed by Sequoia Capital called FiscalNote. I actually first learned about Coinbase from various policy and lobbying initiatives moving digital assets.
In 2017, while the ICO boom was happening, I was leading the House Dev team to close a $180M acquisition from The Economist Group. The negotiations were lengthy and challenging, but in between meetings, I found time to dive into the crypto space. Ever since, the blockchain bug caught me, and I joined CertiK as the COO with the mission of building the world's leading blockchain cybersecurity company.
What is CertiK and what services does CertiK offer?
CertiK provides end-to-end security solutions for the blockchain world. We began with a focus on auditing blockchain projects and quickly became one of the most trusted auditors in the space. With tremendous growth these past few years, CertiK has since expanded to include pre-deployment auditing and penetration testing, to insurance alternatives, real-time on-chain monitoring, and a security score. In brief: we protect project owners and token holders from everything but themselves.
One unique piece of technology is CertiK Chain, a first-of-its-kind security-focused blockchain. It's designed for the trusted execution of mission-critical applications, including DeFi, NFTs, and digital vehicles. CertiK Chain integrates directly with a modern, hyper-secure programming language called DeepSEA, which embeds formal verification to mathematically prove the quality of code as it's written.
What is the purpose of the CertiK Token?
The CertiK token (CTK) is a utility token that powers the CertiK Chain. It's also the native currency for CertiKShield: a decentralized decentralized mutual which provides reimbursement protection for digital assets. Both the claim and the reimbursement are done in the CTK token, and collateral providers earn high yields for staking their assets. Customers can also purchase audits, on-chain security monitoring, and other services with CTK at discounted rates.
Since the explosive growth of DeFi, how does CertiK stay one step ahead of exploits?
This is an excellent question. It's a bit like the Wild West, with the bad guys riding off into the distance as the sheriff scrambles to catch up to them. At CertiK, we're not interested in playing catch up.
Instead, we have an outstanding team of security engineers as well as an advanced toolset that allows for the detection of exploits before they happen. This multi-layered security suite includes pre-deployment auditing and penetration testing, on-chain monitoring, and reimbursement protection. It ensures that our clients are protected at all stages of the project lifecycle.
How has the blockchain security space evolved in the last few years and what does the future of blockchain security look like?
When CertiK was first founded, auditing was considered above and beyond for a project to launch. Thankfully, with the efforts of ourselves and others, we've raised the standards to make auditing the norm. These days, audits are required for a project to be listed on any major exchange, and security-conscious users will ensure that a contract has been audited before committing any assets. That's why we created certik.org to provide a public repository of audited projects for the community to reference.
The landscape of attack vectors has changed quite a bit over the past few years. While basic exploits still come from coding errors such as reentrancy, those vulnerabilities are typically well known and easily avoided. Instead, some of the biggest attacks that we've seen in the past 12 months have been exploits of a protocol's economic system – taking advantage of a very specific sequence of interactions in order to exploit a vulnerability. Flash loan attacks are an example of this sophisticated type of attack that combines technical expertise with an understanding of inter-protocol economic interactions.
The future of blockchain security requires an evolving set of defenses to counter the latest generation of attacks. This may be in the form of more robust primitives and templates, more sophisticated tooling, or more dynamic strategies to mitigate risk. Crypto insurance or other forms of risk mitigation will likely grow in popularity as a method of preparing for the unknown. As mainstream business adoption of digital assets continues, so too will the adoption of mainstream business standards. Like the evolution of audits, I believe that insurance will evolve to become part of the norm as well.
Why should a project or individual choose CertiK for insurance over its competitors?
As seen in the traditional insurance space, consumers have the choice to select among multiple integrated plans, each with customized aspects of reliability, utility, methodology, and cost.
CertiKShield leverages our company's deep technical expertise to better inform policyholders and stakeholders. As a decentralized decentralized mutual, CTK holders are in charge of determining which claims to cover and which to reject. This gives the power to the community to establish flexible standards that can adapt to the rapidly changing landscape of blockchain.
CertiKShield is unique in several ways. Firstly, CertiK's expertise as a leading security company enables certain research reports to be released about specific claim proposals. These objective reports are released before voting on the claim takes place, allowing the community to be equipped with proper due diligence to make a decision. Secondly, all purchased Shields are fully collateralized, so the assets needed to reimburse each active Shield are locked and set aside on-chain. The individuals who are providing the assets, called Collateral Providers, earn the fees paid by Shield Purchasers, creating a sustainable system for risk and reward. Finally, since CertiK Chain is interoperable as a bridge to any other protocols, the Shields offered on CertiKShield can travel across protocols, including Binance Smart Chain, Ethereum, and many more.
Do you have any blockchain and/or crypto predictions for 2021 and beyond?
We've already seen some big leaps in these areas, but I believe 2021 has much more in store for multi-chain interoperability, NFT business models, and widespread stablecoin adoption / integration of today's "digital" fiat. With respect to security, I'd predict that various forms of insurance and their alternatives will gain more mainstream acceptance, as users continue to seek out methods of avoiding getting rekt. In a similar vein to on-chain lending, decentralized insurance alternatives like CertiKShield will grow in popularity, especially for the higher volume projects.
Cross-chain projects will grow in importance as blockchain interoperability increases. The average user doesn't want to worry about whether one type of crypto is compatible with a certain wallet or exchange; over time, this will become obfuscated for the user while the magic happens in the backend.
Ultimately, I think we'll see more publicly-traded companies follow the lead of MicroStrategy, Square, and Tesla in holding Bitcoin as a treasury reserve asset as the dollar and other fiat currencies weaken as a result of continuous printing.
All in all, 2021 is shaping up to be an exciting year for crypto.
What is your most controversial opinion relating to blockchain and/or cryptocurrency?
There's a troubling amount of cognitive dissonance in the space, even among supporters of the same cryptocurrencies. For instance, with respect to bitcoin, there are a number of companies and individuals who focus on the efficiency of transfers to make bitcoin a more usable currency, but that misses the point of where bitcoin has evolved its identity to become seen as a store of value. The original bitcoin whitepaper defines a "peer-to-peer electronic cash system," but over the past ten years, the identity of bitcoin has evolved.
While it's great that major public companies like Square are investing in bitcoin, statements such as CEO Jack Dorsey's characterization of bitcoin as a potential "native currency" of the internet are distractions from the core belief that bitcoin is meant to be stored, not spent. Of course, the two use cases of bitcoin, one as a currency and one as a store of value, are not mutually exclusive, but as described by Gresham's Law in Economics, why would someone actively choose to spend something they believe will appreciate in the future (in this case, BTC)? If given the choice, typical BTC hodlers would rather pay with stablecoins or other non-appreciating cryptocurrencies, not one they believe will increase over time. For that reason, the narratives of bitcoin as a currency, and in particular, the belief that BTC must be widely accepted and lightning-fast to transact, are red herrings to the success that it has had (and will continue to have) as a store of value meant to be held, not transferred.
As the EVP & COO at CertiK, Daryl earned a B.A.
