Projects
![]()
No projects found
Investors
New
DAO Treasuries
DATs
Lend / Borrow APRs
Chains
Categories
Spaces
Analyzing $2.5B of crypto hacks, new wave of RWA exploits with CertiK
Recorded: Aug. 22, 2025 Duration: 1:01:40Space Recording
Full Transcription
Music Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Hello, hello, hello, and welcome to another episode of Chain Reaction with Cointelegraph,
which is our flagship daily X-Bases show aiming to bring radio-style debate and discussion to the crypto space.
We've got a massive episode to wrap up this week.
We've had a lot of great conversations, including a lot of great video spaces this week.
And today we will be joined shortly by our main and only guest,
who is Runguibu, a professor in computer science at Columbia University
and a co-founder of Certi blockchain security firm.
And we have a lot of interesting things to discuss with him.
He is just running a minute or two late, but that's not a problem
because if you've been listening to the
show you know that we first kick things off with a markets update we go through the developments
of the past 24 hours and after that we get into the main protein of the show so just until
Romain Guise here with us I want to briefly go over a few market observations.
And obviously, there's good news to start the markets update with.
We have seen Bitcoin stage 2.5% recovery just in the past hour.
We've now just treaded water above 115k, which is obviously significant psychological line in the sand between the bears and the bulls. So it does seem like a lot of optimistic momentum,
especially considering that we've got a big central bank meeting
coming up this Friday at Jackson Hole,
where Federal Reserve Head Jerome Powell
is about to deliver his latest remarks
on the state of the economy, on monetary policy,
and investors really focus on these state of the economy, on monetary policy, and investors really focus on these
types of comments just to gauge more on what could come with the next interest rate cut.
And it's interesting because just this week leading up to Powell's speech, we have seen
interest rate cut expectations fall by about 12%, I believe. We're obviously still expecting
a rate cut to happen.
Markets, I think, are currently pricing in two or three total rate cuts for 2025.
But obviously, today's speech could be very significant for Bitcoin and risk assets.
And we've yesterday briefly mentioned that we had a near 4 billion options expiry for Bitcoin,
which was skewed more to the bearish side.
And people were, I mean, options traders were mainly protecting against the downside.
It seems like Bitcoin weathered the storm.
We're well above the max paying point.
We're above 115K.
So it seems like we're still in a lesser retracement.
so it seems like we are uh we're still we're still in a lesser retracement and uh we we've spoken
about this historic replacement um during the past the past few days here and the one interesting
thing that red capital popular um og bitcoin analyst also noted um is that is that bitcoin
um with every previous cycle including in 2021 2017 um every every last prize discovery stage
and every latest low time high was preceded by a deeper correction,
which I believe in the 2021 cycle lasted one week,
and in 2017, it lasted three weeks.
And it does seem like these final drawdowns are getting shorter and shorter,
especially for Bitcoin.
And it does seem like this cycle could be even shorter.
We haven't even had a full week of drawdowns yet, and yet we are already staging a recovery.
I would say that as long as we don't hear any extremely negative or extremely hawkish comments from the Federal Reserve Chair, we should be okay over the weekend.
from the Federal Reserve Chair, we should be okay over the weekend.
We did speak about the possibility of a weekend correction,
which obviously still causes a bit of a jitter in the markets,
just considering that Bitcoin had two of its most brutal corrections of 2025
during the low liquidity hours of Saturday,
and particularly on Sunday when there was no other risk asset to really de-risk from,
which had 24-hour liquidity like Bitcoin and like blockchain-based assets.
So obviously there are still some concerns around it.
However, I would say that decisive thinking really is the tone of Powell with the upcoming meeting.
Because when we look back at the correction from a few months ago when Bitcoin
dipped below 75k, that preceded the significant drop, I believe it was a 5 trillion drop over
two days in the S&P 500, and that obviously led to a lot of other investors seeking to
de-risk. Since the S&P completed its drop just before the weekend, there wasn't anything
else to trade. Obviously, a lot of whales and a lot of macro watchers saw this as an opportunity to do risk uh from bitcoin so it
it seems like this time it's really different we we are seeing stock stock markets and equities
trading fairly well so it doesn't seem like we will be heading into a correction and uh just
looking at inflows here um we we have, we have seen the Bitcoin ETFs continue to
bleed. It is now the fifth consecutive day of outflows. However, outflows have been becoming
gradually smaller since the middle of the week. So we've had on Tuesday, we've had over half a billion, 523 million to be precise.
Then we scaled down to 315 million on the 20th of August on Wednesday.
And then yesterday, we were just below 200 million worth of outflows.
And it feels like the trend is becoming smaller.
It wouldn't surprise me to see another wave of outflows here for the Bitcoin ETFs. But the good news here is that this, once again,
as we've pointed out a few times with other analysts too,
this is giving room to breathe for Ethereum and Ethereum
ETFs because inflows have been picking back up.
After four days of outflows for Ether ETFs,
we've now seen nearly 300 million worth of inflows
on the 21st August yesterday. And to no
surprise, Ether's price has nearly tripled Bitcoin's recovery over the past 24 hours in the past hour.
So in the past hour alone, Ether is up nearly 8%. We're at 4.5k again. And there's a lot of bullish
news, obviously, to support this development.
And one is something that my colleagues actually just posted about earlier.
It was Sharpling Gaming, which was approved for a massive, massive 1.5 billion stock buyback to boost its Ether treasury.
I will be posting the article by Adrian in the comments shortly.
Sharpling Gaming is one of the largest corporate Ether treasuries. And basically it was just authorized to raise another 1.5 billion in stock buybacks,
which a lot of that will obviously be used to buy more Ether as part of Sharpling's ETH treasury strategy. And it seems really interesting because it seems like it,
even though this cycle is really different from the institutional perspective, we are still seeing
the same playbook playing off more or less. Obviously, Bitcoin's all-time highs have vastly
been accelerated since the spot ETFs were approved in 2024. I think we retook the old
all-time high, I mean the previous cycle's all-time high, around 70k, with I believe it was
two or four months accelerated compared to the traditional halving cycle. I don't have the chart
in front of me right now, but I will dig out the article and post it in responses after we've ended this space.
But the good news here really is that the playbook is still playing out.
We are seeing a bit of a consolidation for Bitcoin and profits are flowing into Ether.
We are seeing a lot of big whales, not just treasury companies, actually ship from Bitcoin as a primary asset to to eater as a treasury asset um one one particular
whale i i've really enjoyed covering um was the seven-year-old bitcoin og um who's been hodling
for over seven years and he just shifted 1.6 billion um worth of bitcoin into a massive um
spot ether long which was sort to be i believe it was over 300 million earlier today.
And it does simply signal conviction.
It seems like whales are also expecting the traditional unharving cycle to play out, which
will see Ether have its moment right now.
We're obviously nearing the all-time high.
We're just about $250 away currently.
And that's very positive considering the three days of outflows that ETFs had previously. So it does seem like we're in good territory.
Even if we take a bit of a beating or a bit of a hawkish remark from the Fed share today,
there's no other reason to really assume that markets would be crashing. And obviously, the interest
rate play remains the biggest question right now for the crypto industry. And we will simply have
to wait it out and see what Jerome Powell's comments will look like later today. And most
importantly, how markets will react to this and how interest rate expectations will evolve.
Because markets really hate uncertainty.
Sometimes uncertainty is even worse than having negative news confirmed.
So if his comments could be a bit more interpretable and he could signal that they still haven't decided to cut rates in September,
haven't decided to cut rates in september um that could obviously take uh take some of our um some
of our tailwinds um especially for risk investors especially for uh for bitcoin here the question
is obviously what will happen to ether because ether um ether is obviously very much tethered
to bitcoin in terms of price they they have a pretty significant correlation um obviously there
is very much lagging behind bitcoin. But recently, with all this corporate accumulation, it does seem like Ether was a bit more immune to
macro news. And it was not really trading such macro heavily or such macro sensitively, I should
say, as Bitcoin. So it does feel like the next weeks, even before the August recess ends, could give us the crack at the old ETHR
all-time high. Whether we'll see a correction from there wouldn't really surprise me.
There's obviously a lot of long-term holders who've bought in near the top of the previous
cycle. They will probably look to alleviate some of that pain, unless a lot of them will really
really feel like ETHR is going much higher, which could warrant less selling from this cohort.
But given that it's August, given that it's a period of low liquidity at the moment, and given that all investor attention is right now on the FedShares upcoming speech, that's it for my markets update for today.
on the FAT shares upcoming speech.
That's it for my markets update for today.
And just in terms of technical levels to quickly cover
before we head into the weekend,
make sure to watch for Bitcoin crashing anywhere near 112K.
There's a lot of pent-up leverage liquidations at that level.
And 112K right now is a significant macro support.
That's something that bit gets
chief analyst ryan lee has has also um told me about this week and it does seem like as long
as we're treading water about 112k for bitcoin um we are set for the next stage of the price
discovery um which will result in a new all-time high and And if historically it turns out that we're following previous fractal patterns,
that would put the new all-time high sometimes towards October, perhaps early November.
So definitely we'll have to watch out for that. As I was saying, that Ether just crossed 4.6k.
So it does feel like it's kind of agreeing with my thesis here, which is that Ether doesn't care about the Fed remarks as much as Bitcoin does.
So it's definitely good news.
But as I said, that's really all it for my markets update.
And I've just received the message that they can't get a response out of Rungui right now.
I was obviously planning to speak about RWAs with him.
I'm still waiting for him to hop on the space.
He did confirm earlier that he will go on.
But just until he gets here, and hopefully obviously he gets here,
I just quickly want to run you through the latest report
that Certiq shared with me.
And that's something I will be asking Rungui about.
But just to give you guys some context,
RVA protocol exploits have reached 14.6 million in the first half of 2025. And they've already
surpassed the previous year's amount hacked. And it seems like Certik is pointing to an evolution
in the threat landscape of RWAs. And what's really interesting here is that looking at 2024,
we've only seen 6 million worth of RVA protocol
exploits during the whole year.
And right now, just the first half of the year
sold 14.6 million.
So we've already doubled last year's.
And we're really on pace to surpass 2023,
which saw nearly 18 million exploited in total RWA protocols.
Now, RWA tokenization has gained a lot of institutional interest lately.
We have seen a lot of bullish headlines regarding the sector.
One particular standout was that Blacksox RWA fund is starting to get accepted as collateral
for loans and for other financial products.
And as we've seen with crypto, as we've seen with DeFi and with AI in the past few years, wherever institutional interest and investment is flocking, hackers and nefarious actors will surely flog thereafter.
And I feel like this is what we're really seeing with RWA protocols now,
because RWAs are starting to reach new all-time highs. They are presenting investors with new
ways to basically access liquidity, access investment products, and access tokenized
financial products, which really bring a lot of advantages compared to traditional products,
such as more accessibility,
such as shared ownership, such as blockchain-based origins.
And obviously it's making bond issuance, it's making credit issuance and capital raising
much, much easier for investors.
I'm sorry, I hit my mute button there for a second by accident.
I've been juggling a lot of screens today.
But just going back to our story here,
it does feel like these RVA exports were defined entirely by on-chain and operational failures,
and they're signaling a clear transformation in the RVA threat landscape just over the last few years.
And most of the RVA um have obviously been on ethereum
um avalanche chain led with 28 percent of the values to and for rw protocols and third was
solana with 15 percent um and it's not surprising really that ethereum was a leading chain because
most of the rw protocols and most of the d5 protocols are obviously Ethereum native, so it's no surprise there.
And it's interesting because, as I've said, the RWA market surged by nearly 300%, I think
it was 260% during the first half of 2025, and it surpassed the 23 billion total valuation
in the first week of June. And it seems like tokenized private credit
is what mainly led this RVA boom with nearly 60% of the market consisting of tokenized credits,
which obviously points to investors not really seeking speculative volatile crypto assets, but
volatile crypto assets, but real financial products that can help them raise funds or
even simply save their purchasing power and their day-to-day salary.
But one interesting thing that Certic here pointed out, and what I was going to ask Ron
Gui about, who I'm still waiting on, by the way, is that Certiq is basically
describing an RWE protocol's security stack as this five-layered stack.
And it's basically the first one is a non-share layer, then the fourth is a data layer,
then the operational layer, legal layer, and then there's the main asset layer. And since there are five of these total assets,
five of these total layers to these RW protocols, it essentially means that hackers have a much
bigger surface to attack. And it does mean that each one's basically five layers which can each lead
to sort of a single point of failure.
So it's really not an easy job.
It's not quite an easy job to protect against.
Obviously, there's a lot of risks including blockchain oracle manipulation the cost of the counterparty failures can also happen
so it's a lot more complicated than a simple cryptocurrency protocol
and just looking at the largest exploits of the year
RWA restaking protocol Zot suffered the biggest one
which was 8.5 billion lost to compromised private key,
which is something that often happens to investors, to firms, even to centralized exchanges.
And they actually suffered another smaller loss of nearly 400k, which was attributed to a smart
contract logic flop. Now, the second largest incident was the Loop Scale hack
worth nearly $6 million on April 26th,
which was caused by another blockchain Oracle price manipulation.
But the good news here is that Loop Scale was able to negotiate with the hackers.
It did provide the hacker a white hat bounty.
I'm not sure. I think it was 10%.
But Loop Scale did receive most of the stolen value back. hackers it did provide the hacker white hat bounty i'm not sure i think it was 10 but loop scale did
um did receive most of the stolen value back um from the exploiter so it it does seem like a lot
of hackers and uh and and with with silver lining and uh actually one of the stories i really love
to bring up when it comes to hacks is uh obviously this sounds weird none of the hacking stories are
positive right but this one really is because um last year we've had this massive massive uh address
poisoning scam which if if you if you're new to crypto address poisoning is basically um i will
generate a crypto address that's similar to an address that you're transacting with and i will
send you small um uh small amounts of tokens in the hopes that you will uh at some point send back a deposit to
me by accident and why this happens is because a lot of um crypto platform interfaces basically
just show the first four and the last four figures um of a cryptocurrency wallet so if I can get a
wallet that matches them um and you don't see the figures in the middle, you could accidentally end up sending me your funder, I mean the scammer, which is the unfortunate reality of address poisoning scams.
So these involve no type of infrastructure hacking. They simply involve scammers sending small amounts of crypto transactions to other wallets in hopes that they will sometimes
scam somebody back. And back in May 2024, there was this heartbreaking incident where an address
poisoner who received, I think it was 71 million worth of raw Bitcoin at the time within a single
transaction. And that represented basically 99 so nearly all the
holding of that wallet which once again it's really heartbreaking it's it's just a failure
that people uh that people can make it's uh it's a lack of attention people may be hearing when
you're doing transactions but the good news to that is that within a week um the the address
poisoner basically had a change of heart and uh sent back all the 71 million worth of raw Bitcoin to his target.
And this doesn't seem like it was any ethical hacking behavior.
It just seems like the address poisoner got scared of all the mainstream attention that he was receiving.
he was receiving um because because one of the blockchain security firms i'm not sure if it was
certic actually um but one of the blockchain security firms has um has shared some cues to
his uh to his ip address and to his possible location which i think was hong kong based back
then so he probably got scared by um by the mainstream attention and returned all the 71
million um so the address poisoning story really had a happy ending here.
But that's really all for that story.
I'm just receiving some bad news here, unfortunately,
from Rungui's PR assistant.
And I'm afraid they seem to have miscommunicated the timing here.
And it seems like Rung we thought that this spaces will
uh will be at a different time
thank you very much apologize and won't be able to join us today um however um definitely get wrong
we are next week um
Because beyond this wave of RWA hacks, which obviously 15 million doesn't seem that big
if you've been in the wider cryptocurrency space, which basically confirmed our fears
that crypto losses have reached 2.5 billion in the first half of 2025.
The number of hacks falling drastically compared to the previous years. So what does this really
mean? Obviously, 2.5 billion is a monstrous sum, but essentially what this means is that
hackers are starting to become much more sophisticated and much more discerning,
are starting to become much more sophisticated and much more discerning,
less so targeting small, more individual wallets,
and basically targeting the big fish.
And just looking at the first half of 2025,
losses to crypto hacks, exploits, and scams spiked to 2.47 billion.
But the second quarters will decline in the total number of
hacks, according to Certiq. Over 800 million was lost across 144 incidents in the second
quarter, which marks a 52% decrease in value loss compared to the previous quarter, with
59 fewer hacking incidents, according to Certiq's Tuesday report. Now, in total, the first half of 2025 has seen more than 2.47 billion in losses due
to hacks and scams, representing a nearly 3% increase compared to 2.4 billion sold in
2024.
And considering that more than 187 million were returned across the first half of the year.
The adjusted total would be closer to 2.2 billion,
which is still obviously a monstrous sum.
But considering that nearly half of this is attributed to one half,
it does seem like the industry is really becoming stronger.
It does feel like exchanges and platforms are also improving their security responses.
But obviously, it was to be expected to have such a long year.
I mean, such a large year of hacks after February, when we've seen Bybit exchange suffer the history's largest crypto hack of 1.4 billion dollars worth
of cryptocurrency and it's interesting because a lot of these thefts including the Bybit hack
were traced back to North Korean agents and North Korean IT workers or remote workers
vying for funds. It does seem like a very large percentage
of the cryptocurrency hacks
and the value stolen
stemmed from these DPRK-affiliated hackers
and organizations.
And it still signals strength in the industry,
I believe,
because even though we've had these massive hacks,
we've had the 1.4 billion
hack, which was obviously the largest, we've still managed to climb to new all-time highs.
We're still seeing new corporations and new treasury firms continually emerge,
unafraid of these hackers, unafraid of these continuous threats. And just to cap off today's
show, since we won't be having Rungui,
and because it's very much in team with today's episode, I quickly want to run you through a
final story today, which is very much related to North Korean hackers and agents. And we've
just published this 26 minutes ago. And it's about Coinbase, the world's third largest exchange by volume.
Brian Armstrong was, I believe it's on the lucky,
oh no, sorry, it's the Cheaty Pine podcast.
It was a great episode.
I really recommend everyone to listen to it.
And the Coinbase CEO basically said
that North Korean IT workers continue targeting Coinbase
and they continue vying for its remote worker policy
to gain access to sensitive data.
And Armstrong basically said that, I quote,
DPRK is very interested in stealing crypto.
We can collaborate with law enforcement,
but it feels like there's 500 new people graduating every quarter
from some kind of school they have. And that's their whole job.
He added that some operatives are coerced into working for the regime.
I quote, in many of these cases, it's not the individual person's fault.
Their family is being coerced or detained if they don't cooperate, said Armstrong.
And I've really loved this quote from him.
I love how he, even though he's obviously facing growing challenges, he has to implement new security measures.
He's making a great point, which is that often these North Korean agents are somehow victims of the regime themselves.
And this is just something that really illustrates the complexity of the situation. But in any case, in response to this, Armstrong said that he is basically implementing
new internal security measures, which will include every future remote worker having to receive
in-person training in the US, while people with access to sensitive systems will basically be
required to hold the US citizenship and to submit to fingerprinting. And in case you guys aren't familiar with it,
just two months ago in June, four North Korean operators infiltrated multiple crypto firms and
startups posing as freelance developers, basically. And they still accumulated 900,000
from these startups within that month. So nearly 1 million stolen for North Korean individuals posing as IT workers.
And Armstrong's new measures really come at a critical time
because just three months ago,
Coinbase Exchange confirmed that less than 1%
of its transacting monthly users
were affected by a large-scale data breach,
which may cause the exchange up to 400 million in reimbursement expenses.
And in this May 15 story, it was actually revealed that a lot of the data that was breached on Coinbase
was due to internal workers who've been bribed by other North Korean agents
and remote support staff who've decided bribed by other North Korean agents and support staff, remote support
staff who've decided to give access to them. And what's really heartbreaking about this data
leak story from May is that a lot of users had their account balances leaked together with their
physical addresses. And something that TechCrunch's founder Michael Arrington also warned about is that these founders, I mean, I'm sorry, these account holders could really be facing potential physical attacks and physical violence.
Because if we think about it, if a set of criminals can simply buy a list of addresses with crypto holders and discern it based on the highest valued accounts,
it will obviously lead to some violent attacks.
We've seen no shortage of violent attacks against Bitcoin holders and crypto users this week.
So if you guys are OG Bitcoin holders or crypto holders,
it's probably best not to really publicize the size of your holdings
or your gains.
But then again, if your data gets leaked,
it really won't matter.
And I think this really goes back
to the conversation we've had yesterday
with Susie Ward.
It was a brilliant conversation about privacy.
And Susie also really outlined
how these KYC mandates
are sort of leading to a renewed wave of data breaches
and as I'm coming to the end of the story I feel like I think I'm seeing Rungu.
Rungu, can you hear us?
Yes, yes.
Yes, yes. Hey.
Rungu, great to meet you. Your PR person just told us a moment ago that there was a misunderstanding.
I thought you weren't going to be able to join us. I'm so grateful you made it.
Oh, yeah. Sorry. It seems like our PR agent mess up the time, but yeah, I'm here.
No problem, Ranguy. Look, you're a very busy guy. I'm very grateful to have you.
The good news is that I've already went through um the
brilliant rwa report you um that you've shared with us that we've covered from certic and uh
since you're on i i really just want to get your quick your quick thoughts on that um you guys did
say that rwas are presenting kind of a new type of challenge with all these new security layers and
and with all these um all these new measures that can go
wrong. Do you have any thoughts on this? Do you feel like RWAs could be the next big
target for hackers or are they just entering the mix next to treasury firms and next to
exchanges? How do you see this playing out? Yeah, well, I think it's a good question.
Yeah, well, I think it's a good question.
So first of all, I think as explained in our report, right?
So RWA security stack actually is more complex than many of the previous protocols on chain.
The reason is it has a smart contract part, right? But it's a mix of asset layer, legal layer, operation, and the on-chain
related risk and so on. So that's why it relies on more things. And in terms of cybersecurity,
we always say that when there are more isolation, when there are less components, when there are less layers, it will be much easier to secure the system software.
Well, RAA is quite different.
This is the first reason. So, RAA, I would say, are more likely adopted by players from traditional industry.
So, you can see, different from DeFi, it's more about WebStream native players trying to deal with DeFi and so on.
But for RAA, we have seen more and more big companies from, let's say, traditional finance
sector, right?
From traditional web2 companies, they started to embrace this RWA idea and solution.
For them, I would say, on-chain risk, operational risk, all these kind of things are quite new
to them.
For example, I can give you a very interesting story.
Like today, actually, I talked to one of a very big bank.
They are planning to do something related to stablecoin,
related to RWA, and so on.
So I basically try to tell them that on-chain risk is quite different from the risks they
are dealing with dealing.
For example, they are very strong at QSC.
They told me that they never heard of any instance that an employee of a bank that's a transfer let's say the money of the bank
or the money of the users right to some other banks and so on and left or or any developer right
within the bank can transfer the money uh all of the bank and uh and even if they are confident
that even if such kind of instance happens right right, they are able to freeze the asset, they are able to get the asset back and so on, right. But I share the story like, well, in the
web industry, because when the developer has any way to get access to the private key and so on,
they indeed can transfer the asset out. And it's very hard to check it's very hard to to chase back right so these things
are well are are beyond the the uh beyond their kind of knowledge and so on so when they started
to embrace this rwa idea and so on they right now they focus most on the opportunity rather than on the risk.
That's very dangerous. That's also the reason why we do the study and
publish this RWA security report. Just try to at least make them aware of the
risk there. I feel like Certiq has been doing a great job, not just in terms of
RWA but in terms of the whole crypto space
and simply raising interest towards these growing hacks.
But, Rongui, let's say I'm an investor who's interested in RWAs.
Are these exploits really attracted investors at this stage, or is this more to the RWA
protocols themselves?
Leo, can you repeat your question?
Sorry, if you are an investor.
Yeah, of course.
I just mean that these exploits, they're obviously targeting the protocols, the RWA
protocols themselves.
But do you feel like investors can also be targeted?
So people who invest in localized assets or that's still early?
Oh, yeah, it's a good question.
So you mean the hackers, right?
Are they targeting more on the protocol side or on the investor side and so on? Right.
Exactly.
And I'm wondering if investors could also be concerned by these rising RWA protocols
or it's more just the protocol side itself.
Yeah, I would say definitely both.
Right.
So you can view RWA investors as well.
It's the same as you invest in, let's say, stable coins
or cryptocurrencies or other protocols and so on.
Definitely kind of like you are facing something
like a phishing attack, right?
It can be a target from some hackers,
especially when you own a huge amount of crypto assets,
right, and so on. But I will say RWA, so they are kind of like especially when you own a huge amount of assets, right?
And so on.
But I would say RWA,
so there are two tracks of RWA, right?
One is kind of like more web-street native, right?
These part, I would say the risk is similar to the risk
as a retail investor, right?
As a retail user, your risk is similar
with, well, the situation that your own users,
your own bitcoins and so on, right?
You still can be targeted of hackers.
So this is one thing, but there's another track
like a regulated RAA, right?
For that part, well, it enforce a strong KYC and so on.
In that sense, the risk is much smaller. it enforce a strong KYC and so on.
In that sense, the risk is much smaller.
In a sense, even the hacker can get access to our computer
and so on, things they require KYC, let's say,
to do the transfer and so on.
So it's still, it will be much safer.
But that's also why you can see the players
in the traditional finance industry
like the idea of RWA and so on.
It seems like the gap is smaller from their point of view.
But then at the protocol level, I would say,
are still, I would say, are still the focus of hackers.
We have seen some trends, like last year, in the year of China 24, you can see that half of the
security instances are caused by operational risk, like private key compromising, asset defaults, all these kinds of things.
And only half of the instances are caused by, let's say, unchained attack and so on.
Well, for this year, we have seen more and more unchained stress towards RG way, including, you know, oracle manipulation, right?
And so also, so we have seen some trend and
in the tech of the instances are caused by different reasons and the attackers are also, you know, move
shift their focus because they always try to focus on the weakest part.
shift to their focus because they always try to focus on the weakest part.
That definitely makes sense for Angui.
And I just want to move a bit beyond the start of your discussion because I love how you mentioned that hackers are always targeting the weakest link.
And to me, it seems like a lot of hackers have started targeting human psychological vulnerability.
I feel like this year we're seeing a huge rise in phishing attacks and address poisoning scams.
And as you've said yourself, half of the platform attacks were from operational failures.
Why do you feel like there's such a big rise in phishing scams?
And is it just that infrastructure is becoming stronger and now
human retention is the weakest link oh yeah it's a great question i would say uh not only we have
seen the shift right in the rwa space but also in the entire web3 space we have seen this shift
that's uh more and more uh instances are related to I would say, human beings, right?
There's a social engineering attack, operational attack, and so on.
And the less and less instances are caused by, let's say, a box, right?
Smart contrast box or a box in the underlying blockchain and so on.
So this is a trend, not only in the RWA space,
but also in the entire web space.
And what about the reason, right?
So you mentioned that seems like the infrastructure
are more mature, right?
We have the cybersecurity practice have also involved
and also more and more developers and project owners, they pay
more attention to cybersecurity and so on. For example, we started in the year of 2017,
and at that time it was very, very, very hard to sell something called code auditing. Every
time we need to explain what is called auditing why it's necessary and uh being started in the
year of 2020 right so we don't have to you know explain to our clients about what is called auditing right and then now it's kind of like uh everyone knows the core auditing right everyone
knows the the is necessary and so on so these are two things things, right? And now many protocols, they even work with multiple
cybersecurity firms, right, to try to secure their protocols and so on. So definitely, I would say
on the technical side, we become much stronger, we become more mature. That's a good thing.
But, well, still, cybersecurity, there's But still, cybersecurity, there's no 100% thing
in the cybersecurity field. So we may still miss bugs. There may still kind of like
vulnerabilities that can be used, but it's much harder for attackers to find. So that's why
attackers right now, they trying to use social engineering,
phishing, and so on. Because right now, that part is a weaker link. It's still a long way
to go to educate the developers, the users in this space that you need to pay more attention to as the operation
and so on.
I can give you some example, like there's also a pretty famous cybersecurity firm's
their own native token got a tag because they didn't use multi-sync well and so on.
You can find that even for cybersecurity firms owner may not pay enough attention to server defense.
Second example is that there's an instance
happened right after the Bybit instance
for a company called Infini.
They are doing something called a stable coin credit card
that retail users can deposit stable coins
and then can use their credit card in the real world.
And they got hacked and lost about a $15 million.
So the owner does not pay back this $15 million
using the money in his own pocket.
But our starting alert on China system
attached that instance and send an alert.
And that instance was caused by actually one of the developers of the company
leave a backdoor in the software and get control over the private key
and then transfer the money.
And you can see that, well, right now the operational management even within a cybersecurity firm
or within a top tier web-stake company is still not amateur.
So that's why hackers shift their focus.
Wrong way, that makes a lot of sense.
And it does seem like education is becoming more and more important because firms like Certiq are obviously taking care of the cybersecurity part. which is your half a year report. We've written a news story on this.
And I've just briefly went through our news story before you joined us about how crypto losses hit 2.5 billion
in the first half of 2025.
And Rungui, obviously, one of these was the largest incident so far,
which was the BitGatExchange incident,
which was 1.4 billion in itself.
But just looking at 2.5 billion seems like a monstrous sum.
Do you feel like next year and the year after it's still going to be billions?
Is there something we can do to combat this in the long term?
Yeah, it's a really great question.
We all know that definitely by bid instance contribute to a major part of that number.
But even if we exclude the number of Bybit, it's still, as you mentioned, it's still
at the billion dollar level just for the first half of this year.
And it's kind of like almost double to the number of last year um and uh back to your question
uh will the next year or will this will will this get get increased right year over year or
uh we have some some way right to kind of like uh fundamentally um uh decrease fundamentally decrease or mitigate the risk in this space.
From my point of view, I would say I hope definitely this number can drop dramatically
next year, in the year of 2017 and so on, 2027 and so on.
But I'm afraid that next year will still be building dollar level, right?
And the same was year after next year and so on.
And the reason is that, well, although the cyber defense becomes stronger and stronger,
but cyber offense is also, I would say, they also get stronger.
And it's kind of like just a war, right?
We are competing with each other.
But this war is unfair.
In the sense that, you know, let's say for 30,
we are serving more than 5,000 enterprise clients, right?
And we are reviewing auditing like a millions lines of code uh well if we made a one
mistake right even if we have let's try to avoid uh the 10 000 mistakes fast and so on but if we
made one mistake right it can be utilized utilized by the attacker right so i would say it's an unfair game. So that's why, although I would say,
not only Surrey, but also many other security firms in the space, we work really hard.
Still, we can't guarantee 100%. And as long as there's a weak point, as long as there's some
vulnerabilities, right?
Sooner or later, it will be discovered by these attackers and so on.
So that's why it's really tough.
And also, let's say, if your protocol becomes more secure, right?
Your layer one blockchain becomes more secure,
and then they may target human beings behind it, right?
The people who have the
private key and so on.
So it's an endless wall.
But I would say we understand all these challenges and we just commit ourselves to this wall
and hope we will do a better job next year and in the following years.
I'm just glad that firms like Certiq really exist in the industry,
because I can't imagine what hackers would really be doing if we didn't have firms similar to Certiq.
Now, obviously, these hacks are a bit of a sad topic, but I want to ask you one final question, which is beyond hacks and cybersecurity.
When you look at the crypto space in general, which is whether WebTree, whether DeFi, RWE, is there something that really brings you hope?
Because you're obviously working hard to protect the industry.
I assume you must have conviction or or interest at least in some sectors so um just to
end this on a positive note is there anything you're really excited about in crypto when when
you look at the industry as a whole uh well it's uh it's a good and a tough question so i would
say we are in this space started from 2017 where we have seen the the ico umCO trend and then followed by the Define summer, NFT, and then layer 2,
ZK, and now everyone is talking about the stablecoin, RWA, and so on.
So first I will share some insights, right? Like stablecoin is now new, right?
It becomes really hot this year.
But actually, when we start starting, it's already there.
And both Pector and Circle are already there, Pexas and so on.
And for layer two, this concept is also now new.
Zero Knowledge Proof, well, it's a pretty, I would say, Zero knowledge proof is definitely not a new concept in academia and so on.
So we have seen all these concepts and people are just keep building, keep developing things
and you never know which concept is going to become really hot at some point.
So first, that's my feeling, that's my experience in this space.
So it gives us a lot of pressure in a sense that we have, because we are serving all these clients,
and we have to understand all these different technical steps. We can't be biased
in a sense that we can't say that we firmly believe in DeFi or we do not like the concept
of NFT or there are some companies that say that stablecoin is not that new, it's not innovative, right? It will not replace the payment system and so on.
So we can't be biased. We can't bet for the technical development of the technique and so on
because we have to learn all this, right? All the risks and try to build tools to secure all different techniques.
So personally, I would say I'm more beloved in this industry
rather than beloved in any specific sector or technique
because of, I think one reason is because I can't be biased.
I have to serve all the clients.
I have to build the tools for all different technical
stacks and so on.
But if you ask me about what are the things I'm most excited about, I would still be DeFi.
I would still say DeFi. Although, since DeFi has been not a new idea and not many people are talking about
it nowadays, but I still feel like DeFi is really innovative and create a financial system
financial system that can benefit many people from underdevelopment areas.
Especially when I travel around the world, I realize that there are some countries that
There are some countries that people even do not have access to a mutual banking system,
not alone as a financial system and so on.
When they have the money, fair money, they do not have a way to keep their own asset,
to participate in some financial system and so on, earn money, but also keep their own wealth. It's
hard. And I would say DeFi can fundamentally change this, can indeed say the financial fairness to human plan beings. I really like the idea.
Although it's not that popular now, but I feel like it has a huge passion in the future.
I definitely share excitement, not just for DeFi, but for the wider industry.
That's really well said.
One of my favorite things as well about this is that even though I've been in the industry for almost seven years myself, but you never know where the new wave of innovation comes and you never know what's the next exciting sector to bring true use cases such as DeFi, such as stablecoins for the world's underband.
was a great discussion but i'm afraid i am running out of our allotted time um i want to thank you
very much for joining us even though um we've had a bit of a miscommunication i really appreciate you
coming on and sharing your insights and for this for the listeners please make sure to follow wrong
weed please make sure to follow certic um they're some of the leading um cyber security um players
in webtree um they're they're very important in creating awareness with the recent
exploits recent hacks and the most recent threats um targeting hackers so ronald once again it was
a pleasure and thank you so much for joining us today thanks for having me and for for our listeners
chain reaction is going to be back monday from 4 pm cd um during the usual time slot. And I won't tease any of next week's guests yet,
but we already have a very promising lineup
and we will be coming back with a lot more exciting discussions.
Thanks a lot for listening to today's Chain Reaction episode
with Ron Wu, the co-founder of Certik.
And have a good weekend, everyone.
Stay safe. and have a good weekend everyone stay safe
