Kamil Gorski, Tokenguard: “the ecosystem still lacks tools for safe code development”
The increasing popularity of blockchain technology has created regulatory challenges for the government – as well as previously unseen opportunities for threat actors.
Blockchain is a thriving environment of the future, and entrepreneurs should not shy away from it due to the potential risks involved. There are many ways of making the technology safer, including running threat detections.
We’ve talked with Kamil Gorski, the CEO at Blockhunters and their platform Tokenguard – your gateway to technical token verification – about the most prominent blockchain dangers, ways to ensure safe crypto trading, and the importance of running security checks.
How did Blockhunters originate? What have some of your major milestones been throughout the years?
Blockhunters was founded in 2018 as an answer to the ICO hype that took place during that time. We have witnessed an incredible number of hacks and frauds that were haunting the blockchain ecosystem and decided to make it safer for the community and investors. Having much faith in the blockchain revolution, we didn’t want Ethereum and other chains to be associated with thefts, frauds, and scams.
Can you tell us more about what you do? What tools do you use to detect threats?
Our work now mostly focuses on code verification, auditing, and real-time monitoring of tokens. We cooperate with token issuers who are in different phases of product development – starting from auditing the smart contracts before going live to monitoring the token health after the deployment. To achieve that, we have developed several tools – symbolic execution machines, the fuzzer, and a security monitor – all of which can be used in our token analytics platform, Tokenguard.io.
What are some of the most serious threats associated with the blockchain landscape?
Many threats should be considered as the most serious ones focusing on the areas of regulation and lack of infrastructural tools.
The first regulatory threat stems from governments' fear of losing control over monetary policy and traceability of funds. It’s fine if they create their own cryptocurrency (so-called CBDCs), but it’s not fine if they ban ours.
The second threat stems from the fact that most blockchain entrepreneurs want to build the next big thing without paying enough attention to the quality of what they’re building. All ecosystems, with Ethereum in the lead, lack basic development tools for the creation of safe code and testing. We can see the effect in an increasing number of hacks and scams, which should happen less often year to year but somehow don’t.
How did the pandemic affect the way in which threat actors operate?
The pandemic has moved a lot of processes from real-life to the Internet. So, it eventually just sped up the cryptocurrency adoption, which led to even quicker development of the threats mentioned above.
Which actions can average Internet users take to protect themselves from these new threats?
As long as users are not living in a country that bans cryptocurrencies, some basic safety steps should be taken to safely buy and invest in crypto:
- Use only safe and verified exchanges. They get hacked very often so the smaller the exchange, the higher the risk that in case of a hack you will not be reimbursed.
- Do Your Research (DYOR) if you invest in tokens. This means reading the whitepaper, checking the team (especially on LinkedIn and other non-anonymous platforms), using some widely available smart contract checkers. If anything looks sketchy or too beautiful to be true – give up on it. The amount of scams is higher than you might expect.
- Double-check everything. That includes a website address, token symbol, smart contract address, even the Telegram channel. We see extreme numbers of scams that are just based on using very similar channel names or exact token symbols. Unfortunately, Ethereum Virtual Machine (EVM) allows for the creation of the same symbol with numerous tokens.
In your opinion, why do certain companies still fail to recognize the necessity of regular security audits?
Mostly because of the factors mentioned above – the ecosystem still lacks tools for safe code development, and it requires a lot of time and money to do it properly. With short deadlines, delays in the development, and skyrocketing coding costs, there are usually not enough resources left for a proper audit before the token goes live.
On the other side, many developers in the ecosystem are very fresh and don’t know the right tools they could use for making their code safer. That’s the price we pay for the extremely fast development of this space.
Besides regular checks and tests, what other cybersecurity measures do you think organizations should implement?
While working on Tokenguard, we have developed several solutions to help increase the security of tokenized products:
- Regular code scanning
- Real-time security monitoring of transactions, token copycats, or vital health indicators
- Team verification in case of rug-pull scenario
- Token analytics dashboard
Besides that, all the regular IT rules of code development should be applied – unit testing, system testing, and creating proper documentation. There’s nothing worse than a token with a marketing-focused whitepaper that doesn’t actually explain the tokenomy inside.
What are your predictions for blockchain technology for the next few years?
We all believe that it will go up and to the right, of course, with some corrections in the meantime. It is inevitable, no matter which crypto will gain more popularity in 5 or 10 years. The questions are – how quick and how will our governments regulate this. If the regulations will allow freedom of exchange and focus on securing the market from scams and frauds, then it’s fine. If the regulations turn to the creation of centralized CBDCs and will ban other cryptocurrencies – then we’re in much trouble.
Share with us, what does the future hold for Blockhunters?
We’re now focusing on Tokenguard's development with its automated security solutions. Almost all hacked projects were previously audited by some of the biggest companies in the ecosystem, and we believe that the market requires real-time monitoring. Of course, this doesn’t mean that audits are not necessary – they are more important than ever. However, with the current state of the industry, they’re just not enough.