Johnson may wish he had hired Gu Ronghui.
Gu is the co-founder of CertiK, the largest smart contract auditor in the dynamic and unpredictable world of cryptocurrencies and Web3. Gu, an affable and chatty professor of computer science at Columbia University, leads a team of more than 250 people who pored over the encrypted code to make sure it wasn’t buggy.
CertiK’s work won’t stop you from losing your money when cryptocurrencies crash. It also does not prevent cryptocurrency exchanges from misusing your funds. But it can help prevent irreparable damage from overlooked software issues. The company’s clients include some of the largest cryptocurrency players such as Bored Ape Yacht Club and Ronin Network, which runs the blockchain used in the game. Clients sometimes come to Gu after losing hundreds of millions, hoping that he can ensure that similar things don’t happen again.
“It’s a real wild world,” Gu said with a smile.
Encrypted code is more ruthless than traditional software. Engineers in Silicon Valley generally try to make their programs bug-free before shipping, but if problems or bugs are found later, they can update the code.
This is impossible for many crypto projects. They run using smart contracts — computer code that manages transactions. (Say you want to pay an artist 1 ETH for an NFT; the smart contract could be coded to automatically send you the NFT tokens once the money hits the artist’s wallet.) The truth is, once the smart contract code is on the blockchain, you can’t update it. If you catch a bug, it’s too late: the whole point of blockchains is that you can’t change what’s already written to them. To make matters worse, the code hosted on the blockchain is publicly visible — so black hat hackers can study it at their leisure and look for exploitable bugs.
The number of hackers is dizzying and lucrative. Early last year, the Wormhole network stole more than $320 million worth of cryptocurrency. The Ronin Network then lost over $600 million in cryptocurrency.