Verichains Recap 2023: Frontier Security Research
The year 2023 will be remembered as a watershed year in the history of blockchain technology, with several key events that had far-reaching implications for the blockchain industry. The industry experienced a convergence of unprecedented growth and significant challenges, a testament to the dynamic nature of this transformative technology.
The year began amidst the aftereffects of major global economic shifts, which had a profound impact on the cryptocurrency markets. We saw heightened caution with a glimpse of optimism in the first quarter, which set the tone of the rest of the year as investors were navigating through the uncertainties left by the tumultuous end to the previous year.
Thanks for reading Verichains! Subscribe for free to receive new posts and support my work.
Significant regulatory developments across various regions played a pivotal role in shaping the industry. Ripple effects of key decisions by regulatory bodies in the US, EU, and Asia heavily influenced the market dynamics, impacting everything from crypto grading to blockchain-based enterprise solutions. These developments brought a renewed focus on the need for regulatory clarity, and the development of frameworks for compliance and security in blockchain operations.
Throughout 2023, cybercriminals relentlessly targeted the crypto industry, executing thefts and scams that lead to substantial losses, in a series of high-profile attacks on major blockchain platforms. This has once again brought the security of blockchain technology under intense scrutiny, and back into the spotlight.
Given the billions lost to crypto theft in the first three years of this decade, the unfortunate reality is that scams and hacks are unlikely to vanish anytime soon. In this landscape, Verichains emerged as a stalwart defender, navigating the complexities and challenges posed by cyber threats. By working closely with our clients and partners, we aim to set new standards, and to fortify the foundations of blockchain security.
Let’s explore the key moments that defined Verichains’ exceptional year, including highlights of our strategic collaborations, groundbreaking discoveries, fostering trust among industry giants, and setting new benchmarks in blockchain security.
Verichains - A Trusted Security Partner for Major L1 & L2 Blockchain
In the past year, Verichains emerged as a dependable security partner for major Layer 1 (L1) and Layer 2 (L2) blockchain projects. Recognizing the need for robust security measures amid escalating cyber threats, we audited major upgrades of BNB Chain (BEP 126, BEP 131, BEP 153) and BNB Greenfield, demonstrating our capability to work with industry leaders.
One of our significant endeavors in the latter half of the year was with Polygon Labs, focusing on the audit of their zkEVM Mainnet Beta. This technology represents a cutting-edge advancement in blockchain, leveraging zero-knowledge proofs (ZKPs) for scalability and privacy. Our role in auditing and securing this platform extends into 2024, further highlighting our commitment to world-class security research on emerging blockchain technologies.
In addition to our work with Polygon Labs, we also collaborated closely with Polyhedra Network, to audit this Layer 2 network that utilizes ZKPs to facilitate secure and private cross-chain transactions.
With WEMIX since our initial audit of WEMIX3.0 core blockchain, we have also extended our services to include security assessments for key projects within the ecosystem, including Konverter and Kurrency. In addition, we are preparing to join WEMIX NCP as WONDER 12, to operate a validator node on WEMIX3.0 starting 2024.
Elevating Security Across the Web3 Landscape
We’ve broadened security partnerships across the Web3 landscape to encompass a variety of key players in areas like DeFI, GameFi, and trading platforms.
Our collaboration with Bullish, a global leader in the crypto exchange market, known for their innovative approach that taps into the massive trading flows and volumes of TradFi. Including critical assessment of Bullish’s Multi-Party Computation (MPC) implementation, ensuring every aspect to securing cryptographic protocols have been thoroughly tested.
Furthering from our research of TSS shared in our consultation for Binance, reinforcing our crucial role in supporting industry giants. Cryptography, being the bedrock to secure transactions in the crypto space, requires deep technical expertise. Our investments into cryptography research not only enables us to support industry giants, but also emphasizes our dedication to critical security research.
In our partnership with DWF Labs, we successfully merged traditional security services with IT assessments and ISO standards, enhancing our clients ability to not only meet and excel amidst changing regulatory requirements.
Each collaboration represents not only a security assessment but a strategic move toward fortifying the foundations of the decentralized future. Verichains stands ready to navigate the complexities of an evolving landscape, providing the security necessary for Web3 projects to thrive and innovate.
A Year of R&D Breakthroughs
In 2023, Verichains significantly broadened our role in the blockchain industry, embarking on groundbreaking research and development initiatives that reshaped the landscape of blockchain security.
A standout achievement was our discovery of TSSHOCK, which exposed vulnerabilities in Threshold Signature Schemes (TSS) widely used in Multi-Party Computation (MPC) wallets and digital asset custody solutions of major blockchains. This discovery was not only significant in its technical implications but also in the monumental task of coordinating disclosures. We undertook a meticulous campaign in which we planned, and coordinated our efforts to disclose these findings to multiple vendors, ensuring that the information was handled responsibly and effectively to maximize security enhancement without compromising existing systems. This approach underscored our commitment to responsible disclosure and industry collaboration.
The revelation of TSSHOCK at leading industry forums such as BlakcHAT USA 2023, DeCompute 2023, and HITBSecConf further solidified our position as blockchain security leaders. The discovery received acclaim from industry experts like Taurus' Co-founder & CSO, JP Aumasson, and was covered on Steve Gibson’s Security Now podcast, highlighting its significance in the field.
Venturing into Zero-Knowledge Proofs (ZKP) security research, Verichains cryptography research team identified and responsibly disclosed critical vulnerabilities found in Consensys gnark-crypto, and Polygon zkEVM. We extended our knowledge sharing of our findings and insights with the community, particularly on platforms like Viction (Formerly TomoChain), discussing the impact and potential of building secure ZK applications.
Expanding Expertise Beyond Cryptography
In the fourth quarter of 2023, we were successful in receiving an Aptos Foundation grant acknowledging our expertise and potential contributions to the Aptos Blockchain. This grant was specifically awarded for the research and development of a decompiler tool, aimed at enriching the developer toolbox for the Move language.
The Move language, tailored for blockchain development, presents unique challenges and opportunities. Recognizing this, our team at Verichains embarked on an extensive project to develop a decompiler tool. This tool is designed to translate compiled bytecode back into human-readable Move language code, a process that is essential for understanding, analyzing, and improving smart contracts and other blockchain-based applications written in Move.
Our work in developing this tool was a deep dive into the Move language, requiring meticulous research and a nuanced understanding of both its syntax and operational logic. This endeavor not only highlighted our commitment to contributing meaningful and practical solutions, but also allowed us to showcase our expertise in reverse engineering.
Celebrating Certifications Achievements
Capping off the celebration of our significant achievements in 2023 seen in our commitment to service excellence and global security standards. We reached key milestones by achieving the globally recognized ISO27001 & ISO9001 certifications. These certifications are not just accolades, they represent a tangible enhancement in our service quality and project management delivery.
Furthermore, we attained the specialized PCI-DSS certification, a crucial step in ensuring our compliance in serving the banking and financial sectors. Joining the esteemed CREST Penetration Tester community was another proud moment for us. This affiliation reinforces our dedication to maintaining high standards in global security practices.
However, we at Verichains believe that our pursuit of excellence is not just about collecting certifications. It's about a continuous journey of learning and improvement. Commitment not just to ourselves, but also to our clients, and partners that we will continuously improve with ongoing training, constant refinement of our practices, and staying ahead of the curve in cybersecurity trends.
2024 and Beyond
As we reflect on the achievements and milestones of 2023, Verichains stands poised at the threshold of a new year, eager to embrace the challenges and opportunities that lie ahead. Our journey through the past year has not only solidified our position as a trusted security partner but has also set new benchmarks in research, ethical practices, and industry thought leadership.
Looking ahead to 2024, Verichains remains dedicated to advancing the frontiers of blockchain security. We express our gratitude to our partners and clients for entrusting us with the security of their projects. As we strive for better service quality, Verichains is committed to being the Guardian of Web3, navigating the complexities in securing blockchain technologies.
Thanks for reading Verichains! Subscribe for free to receive new posts and support my work.