This computer scientist tracking down costly bugs in cryptocurrency code

In the spring of 2022, before some of the most volatile events to hit the crypto world in the past year, an NFT artist named Micah Johnson held another auction of his drawings. Micah Johnson is known in crypto circles for images featuring his character Aku. The latter is a young black boy who dreams of becoming an astronaut. Collectors tried to participate in this new edition. On the day of the auction, in total, they spent $34 million to buy these NFTs.

Then tragedy struck. The “smart contract” code that Micah Johnson’s software team wrote to run the cryptocurrency auction contained a critical bug. All of the artist’s $34 million in sales are locked on the Ethereum blockchain. Consequences: Micah Johnson was unable to withdraw the funds. He also couldn’t refund people who had bid on one of his NFTs without winning their bid. Virtual money was frozen, untouchable, “chained” as they say.

>> Discover 21 Million, Capital’s cryptocurrency newsletter. Every week a complete file to understand everything about the crypto revolution and price analysis to support you in your investments. Right now, with promo code CAPITAL30J, get a free one-month trial.

Micah Johnson may regret not hiring Ronghui Gu. The latter is the co-founder of CertiK, the largest verifier of smart contracts in the brilliant and unpredictable universe of cryptocurrencies and Web3. An affable and chatty computer science professor at Columbia University, Ronghui Gu leads a team of more than 250 people who review the cryptocurrency’s code to make sure it isn’t riddled with bugs.


After the FTX affair, what is the future for cryptocurrency in 2023?

Cryptocode is much more ruthless than traditional software

CertiK’s work will not prevent you from losing your money when a cryptocurrency crashes. Nor will the company prevent a cryptocurrency exchange from misusing your funds. But CertiK can help prevent a software bug from causing irreparable damage. Among its clients, the company counts some of the biggest players in cryptocurrencies such as Bored Ape Yacht Club and Ronin Network. The latter manages a blockchain used in games. Customers sometimes come to Ronghui Gu after losing hundreds of millions of dollars hoping that this computer scientist can make sure this disaster never happens again.

“It’s a really wild world,” Ronghui Gu says with a laugh.

Cryptocode is much more ruthless than traditional software. Silicon Valley engineers typically try to make their programs as bug-free as possible before shipping them, but if a problem or bug is discovered later, the code can be updated.

This is not possible with many cryptocurrency projects. They work using smart contracts, i.e. the computer code that governs transactions. Suppose you want to pay an artist 1 ETH for an NFT, a smart contract can be coded to automatically send you the NFT token once the money arrives in the artist’s wallet. The problem is that once the smart contract code is entered into a blockchain, you cannot update it. If you discover a mistake later, it is too late: the interest of blockchains is that you cannot modify what is written on it. Worse still, the code placed on a blockchain is visible to everyone: therefore hackers can study it at their leisure and look for bugs to exploit.

Ronin Network loses over $600 million to hack

The number of these hacks is staggering and they are extremely profitable. In early 2022, the Wormhole platform had more than $320 million worth of cryptocurrency stolen. Afterwards, the Ronin network lost over $600 million in crypto.

“It’s the most expensive hack in history,” Ronghui Gu said, shaking his head almost in disbelief. “They say Web3 is eating the world, but hackers are eating Web3.”

In recent years, a host of listeners have emerged. CertiK, co-founded by Ronghui Gu, is the most important of these: the company, valued at two billion dollars, estimates that it has performed 70% of all audits related to smart contracts to detect in real time whether they have been hacked .

Not bad for someone who entered this universe somewhat by accident. Ronghui Gu didn’t start with cryptography, he spent his PhD in the field of verifiable software, exploring ways to write code that behaves mathematically and predictably. But this theme turned out to be very applicable in the cut-throat world of smart contracts. He co-founded CertiK with his thesis director in 2018. Ronghui Gu now spans the academic and cryptocurrency worlds. He continues to teach courses at Columbia on compilers and formal systems software verification, he supervises several graduate students (one of them is researching compilers for quantum computing), while he goes to Davos and Morgan Stanley events wearing the shirt his usual black and dark jacket, in an effort to convince the bigwigs in crypto and finance to take blockchain hackers seriously.

Cryptocurrency is known for its boom and bust cycles. The FTX stock market crash in November is just the latest example of a hit. Ronghui Gu thinks there will be work to do for years. Major businesses, such as banks and, he says, “a major search engine,” are starting to launch their own blockchain products and hire CertiK to help keep their ships in good shape. If established companies start injecting more code into blockchains, they will attract more and more hackers, including state actors. “The threats we face”, he analysed, “are becoming more and more severe”.

Article by Clive Thompson, translated from English by Kozi Pastakia.


This blockchain video game lays the foundation for a metaverse that no one could control

Leave a Comment