Interviewee: Jialiang(Steve) Chang, Senior Audit Partner at CertiK
- How does CertiK approach audits for fast-growing DeFi platforms?
We continuously monitor every project both during and after audits to ensure that evolving risks are addressed. To stay up-to-date with evolving technologies, we combine the critical thinking of expert auditors with the precision of advanced security analysis tools, AI, formal verification, and on-chain monitoring for smart contract audits and DeFi security.
- What security risks come with rapid token listings, and how do audits help?
Security risks can include smart contract vulnerabilities, private keys that aren’t properly managed, and a lack of compliance transparency. Audits identify security issues within smart contracts to make sure they align with protocol design and standards. Additionally, they help teams prepare attack-vector response playbooks and listing-readiness checks for rug-pull and liquidity-drain risks.
- How effective is real-time threat detection in preventing exploits before they occur?
In practice, the effectiveness depends on the type and nature of the exploit, real-time threat detection, and response efficiency. Our real-time threat detection solution focuses on customizable on-chain watchlists, with anomaly detection, alerts, and executive summary reporting tied to any DeFi exploits and bridge events.
- How can projects prevent fraudulent Proof-of-Reserve attestations?
Projects should work with reputable independent auditors who use verifiable cryptographic methods rather than a project’s self-reported figures, and ensure that both on-chain and off-chain assets are reconciled in real time. Open disclosure of audit methodologies, continuous monitoring of wallet balances, and community-verifiable proofs provide additional layers of accountability.
- How is CertiK addressing emerging threats in the blockchain space?
We continuously monitor on-chain activity with AI-powered security tools that flag anomalies in real time. Additionally, our research teams investigate new attack vectors before they become widespread. The dual approach of combining automated detection with human expertise allows us to anticipate risks such as cross-chain bridge vulnerabilities and oracle manipulation.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
