skip to Main Content
bitcoin
Bitcoin (BTC) $ 99,145.56 1.16%
ethereum
Ethereum (ETH) $ 3,304.85 1.57%
tether
Tether (USDT) $ 1.00 0.04%
solana
Solana (SOL) $ 254.63 1.10%
bnb
BNB (BNB) $ 624.57 0.64%
xrp
XRP (XRP) $ 1.45 26.48%
dogecoin
Dogecoin (DOGE) $ 0.406959 5.39%
usd-coin
USDC (USDC) $ 1.00 0.02%
cardano
Cardano (ADA) $ 0.971303 21.62%
staked-ether
Lido Staked Ether (STETH) $ 3,304.35 1.37%

How HashEx is developing new auditing methods to outsmart hackers, as told by founder Dmitry Mishunin

Hackers often manually try to find exploits in underlying smart contracts, and mass AI simulation of attacks in contract auditing may just be enough to outsmart such tactics.

58 Total views

22 Total shares

How HashEx is developing new auditing methods to outsmart hackers, as told by founder Dmitry Mishunin

As the cryptocurrency market has grown, so too have the number of bad actors looking to exploit vulnerable decentralized finance, or DeFi, protocols, and projects for their own gain. Earlier this month, the Ethereum-Solana Wormhole token bridge suffered the biggest hack of 2022, with $321 million lost due to a signature verification vulnerability. Such exploits have gotten increasingly sophisticated over the years.

But blockchain security firms like HashEx are keeping up the pace just as hackers upgrade their tactics. During the past few years, HashEx has audited more than 700 DeFi smart contracts that secure over $2 billion worth of investors’ funds. One notable project that utilizes HashEx is Trader Joe, a popular decentralized exchange on the Avalanche (AVAX) blockchain. In an exclusive interview with Cointelegraph, Dmitry Mishunin, CEO and founder of HashEx, explains just how the firm is upgrading its auditing process to protect crypto enthusiasts against possible breaches.

The old-fashioned auditing method consists of a manual check and an automatic test of the underlying code. As Dmitry told Cointelegraph:

“Traditionally, a group of auditors manually tests the logic of contracts; they’re trying to imagine some inputs values which can break their logic. It’s like an Olympic Games for programmers. But this is only good when your auditor is experienced enough.”

Sometimes, Dmitry continues, “problems cannot be conjured then tested, as they are do not arise mistakes in the logical flow of code, but from minor errors such as in the Ethereum Virtual Machine, which happens quite often.” To overcome this fault, HashEx has derived a new “stochastic (random) testing” method. Using AI, its software generates 1,000 to 100,000 randomized transactions with different trends and parameters to stress-test the smart contract. 

“With random transactions, it looks like a simulation of a person with a crazy idea [commonly descriptive of hackers] creating something to break the contract.”

When asked about whether or not there have been any breaches in smart contracts audited by HashEx, Dmitry was very humble in his response. In 2020, none of the firm’s audited projects experienced any hacks. But in 2021, two minor incidents occurred out of hundreds of projects that went on to be secure. One project on the Avalanche network had a critical issue in the audited contract and lost about $100k. Meanwhile, Dmitry explained that the other incident wasn’t a hack per se, as the contract had a bug that prevented the withdrawals of fees. “It’s the real world; sometimes we miss it,” says Dmitry.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top