NFTStudio24 Podcast Series presents an exclusive interview with David Ham, BD Director South Korea at CertiK. In this video, David shares his early Bitcoin days and an introduction to CertiK, a leading IT and engineering security firm.
David is one of the pioneering personalities to join the Crypto and Web3 space. With great market insights and expertise, he has established a big name.
Beyond his professional accomplishments, he is also known for his passion and dedication to promoting blockchain adoption and education. He is a startup mentor for Techstars Web3 and is also the board member and strategic advisor of his co-founded company, MINTWAY.
David’s Journey: Early Bitcoin Adoption and Exploring Web3
David invested in Bitcoin as early as when the price was just 99 cents in 2010. Since he has had a great interest in exploring new technologies, his investment in Bitcoin was out of curiosity.
However, he sold all his Bitcoin investments when it hit $100. “It was a big mistake.” Because later, the world’s largest cryptocurrency price hit higher than expected. David immediately bought BTC again when the coin came back down around $300, and has kept it since then.
From 2010 till today, the coin has gone through a few bear markets with the prices hitting as high as $60,000 to going all the way down to $14,000 over the years. However, David is still bullish about Bitcoin.
If you look at the industry today it is around 28,000-29,000 times more than where it was when I started in 2010
— David Ham, BD Director South Korea at CertiK
Bitcoin played an important role in changing David’s outlook on the blockchain. He saw that this technology had an “impact-changing capacity” which convinced him to jump-start his career in it.
Introducing CertiK: Providing Security Solutions to Blockchain Companies
CertiK is one of the most well-positioned companies in the world established in 2018. According to David, many people believe it is a blockchain company. However, CertiK is mainly an IT and engineering security firm, providing secure solutions to blockchain companies and services.
“Our main line of business is uncovering and identifying the potential risks and vulnerabilities that could be there in particular blockchain services,” he says.
By providing security solutions to Web3 blockchain companies, CertiK contributes to making the networks or services more trustable and secure.
Ensuring Safety in Web3: CertiK’s Approach and Recommendations
David highlights a few important factors that CertiK focuses on to ensure a safer experience.
- Blockchain services are quite different from regular Web2 services, so the rules that apply to new technology might not work on traditional ones.
- Due to this, there’s a lot of risk in how projects/products/smart contracts are coded. Sometimes it is done prematurely without any second or third opinion.
- Since it’s a new technology, there’s a lot of value at stake. A lot of bad players exist in the industry who are looking to attack these smart contracts or services.
To prevent these reasons from holding back a project, CertiK audits smart contracts to identify potential vulnerabilities and risks. “We, then, let the projects know that these are some things that you should fix.”
To prevent these reasons from holding back a project, CertiK audits smart contracts to identify potential vulnerabilities and risks. “We, then, let the projects know that these are some things that you should fix.”
David shares an example of many Web2 companies that are getting into Web3. A lot of them are mainly wanting to integrate wallets, so the firm does a “Pen test” to monitor the services. The experts seek out and identify holes in the system.
“For us, Safety in Services is Safety for the Users.”
As a business development director, David shares companies that are looking to authenticate their products should consider a few important points in mind.
When developing any decentralized application or other Web3 services, it is essential to put emphasis on trust and safety first. If you are building smart contracts, those should be audited.
“Give us a call, let us know what you are doing, and ask us questions. We can find a way to work together to build a secure service.”
Importance of Auditing Smart Contracts
David emphasizes that Smart Contracts serve as the core engine of any blockchain project. Therefore, it is crucial to prioritize auditing to ensure the project’s success. Since these codes are automated and run the entire system, any flaws or errors in them can have significant consequences.
It could potentially lead to a loss in value, particularly within this industry. A lot of projects operate on a token economy and people invest a lot of money because they trust them. If the smart contracts aren’t fully checked, this could become a loophole for bad actors to attack and drain out the funds.
This is especially a big risk for service providers or service operators who could suffer from a massive loss of trust in users.
David explains the whole process of auditing smart contracts. Compared to other companies, CertiK establishes itself as an authentic firm that’s been around since 2018. The company has already audited over 4,500 smart contracts.
According to him, 15,000 tokenized projects are listed on CoinMarketCap and CertiK has audited almost 67% of them, which is a huge number.
“What’s important here is, because we have audited so many smart contracts, we actually have one of the biggest databases of known vulnerabilities and risks. We’re able to easily identify common risks.”
Each project is headed by talented engineers who look at the code line by line. The team uses highly-advanced tools to audit these smart contracts.
Many people think AI tools like ChatGPT could check the codes but David believes there’s a certain logic behind each code line that can only be checked by experts.
Skynet: A Platform for Web3 Investors
Skynet is a platform where CertiK maintains transparency by providing full disclosure of all audited projects and smart contracts that they have worked with. This is open to the public to ensure the community is well-informed about risks and vulnerabilities.
David shares that some projects accept vulnerabilities they share and work on removing them while some don’t have a real ability to deal with the risks. Skynet gives a security rating to each project based on the auditing report.
The platform would list down a number of risks, how many the project has resolved, and how many are still pending. This gives investors a heads-up on where the project stands.
“You could say this is an extra added layer or level of confidence that they [investors] could take in their decisions.”
David gives an example of if a tokenized project wants to list in exchange, they ask for an auditing report. The exchanges also ask who have you gotten the smart contract audited from to ensure it is authentic.
Although many talented auditors exist in the space, CertiK provides full disclosure of all of its findings.
CertiK’s KYC Process
CertiK is known to have one of the most authentic KYC processes in the Web3 industry. David told NFTStudio24 that this process helps in verifying team members of a project. “We’re basically helping dox people.”
A lot of founders of different Web3 projects are not known. CertiK helps these people establish trust among users and investors. According to David, since Web3 is all about digital identity, a lot of founders are mostly known through their code names or PFPs. However, for traditional investors, it is important for them to know who the person actually is and whether they should trust their funds on their project.
CertiK gives projects the choice of whether they want to opt for KYC services or not. Since it’s a well-known security firm, the ones who do agree give their potential customers assurance that they are authentic.
Blockchain is a newly emerging technology that has the ability to store huge amounts of data in a secure manner. David shares that at CertiK, the team doesn’t deal with sensitive data. Instead, they look at whether the infrastructure that handles data or transactions is built, designed, and working properly or not.
Advice to White Hackers and Web3 Developers
David advises white hackers to keep building. Currently, the industry really needs hackers and blockchain security engineers who understand the ecosystem deeply. CertiK is quite open to welcoming new talented people. He thinks white hackers can be a great asset to the company for hacking into codes that might be difficult to identify.
The interview wrapped up with David sharing his message to Web3 developers and enthusiasts. “If you’re new to Web3, educate yourself and do your own research, this is the biggest thing. Ask questions, check around, and if you’re unsure ask again.”
“I have been in this industry for almost 11-12 years and yet I learn new things every day. In order to stay afloat and be on top of things, you need to be informed and know what’s going on. This is the biggest thing that people need to keep in mind when taking part in this Web3 journey.”