This interview is part of our new Blockchain In Cybersecurity series, where we interview the world's leading thought leaders on the front lines of the intersections between blockchain and cyber security.
In this interview we speak with Victor Fang, Ph.D., Founder and CEO at AnChain.ai , to understand how his company is using blockchain to transform the cyber security business, and what the future of the industry holds.
1. What’s the story behind AnChain.ai? Why and how did you begin?
VF: Our founding team has an extensive background in cybersecurity and we were all naturally fascinated by Bitcoin and blockchain technology. What began as something of a hobby, in following the crypto-asset market and blockchain industry mature over the years, turned into a realization that just like tech companies and cybersecurity in the 1990s, we were seeing a new industry take shape.
In this context, we started to realize just how much value we could bring to the space after watching countless exchange hacks, infrastructure security breaches, smart contract vulnerabilities being exposed, and really, similar wild wild west behavior that characterized the start of the cybersecurity world in the 1990s and early 2000s.
2. Please describe your use case and how AnChain.ai uses blockchain:
VF: Right now, our focus is on two things: (1) providing blockchain transaction behavior monitoring via our situational awareness platform (SAP) and (2) smart contract auditing via our contract auditing sandbox (CAS).
(1) We analyze blockchain ecosystem behavior at the transactional level. Transactions are the foundation of any blockchain ecosystem, and utilizing our experience in cybersecurity best practices with advancements in artificial intelligence and machine learning techniques, we are able to quickly and efficiently detect any anomalies in behavior within these transactions.
By continuously analyzing and monitoring the transactions, we are also able to help businesses from an operations perspective with understanding various business metrics (i.e. user growth, transaction volume, etc.).
(2) We also provide a smart contract auditing product that analyzes how the smart contract code behaves, how it executes. It then compares the contract in question to all of the Ethereum Virtual Machine smart contracts deployed on mainnet, in addition to over 116k user-uploaded smart contracts, and identifies any vulnerabilities in addition to any behavioral anomalies.
We provide this product free to developers to promote the open-source nature of the industry, but for SMBs and entreprises we charge a fee.
3. Could you share a specific customer/user that benefits from what you offer? What has your service done for them?
VF: We've partnered with a top exchange who is using our smart contract auditing product (CAS) in order to perform its due diligence process on which assets to list on its exchange, and which to avoid. Using our product, they are 10x more productive than what they were doing before with manual due diligence. As a result, they've been able to increase their pipeline for new asset listings and trading pairs and drive more volume to their exchange.
We've also partnered with various DApps to monitor transactions within their DApp ecosystem, and just a few months back, our SAP product identified the first ever BAPT (blockchain advanced persistent threat). In short, a team of hackers were targeting a specific smart contract within the DApp and constantly flooding it with transactions from various wallets in order to leverage a vulnerability that paid out winnings over 50% of the time, in essence creating an arbitrage opportunity for these hackers to steal money from the broader DApp ecosystem. Out of the millions of transactions, our SAP product found the 5 addresses directly responsible for this event and flagged them. This attack was done pro-bono after the attack had taken place, to prove to potential customers the power of our product.
4. What other blockchain use cases in cybersecurity are you excited about?
VF: What excited us enough to draw us into the blockchain industry full-time still excites us today. Blockchains are the latest iteration on public network design, database distribution, and the distribution of concepts as nuanced as information and money. However, just as we saw in the 1990s and early 2000s, several of the companies operating in the space are moving so quickly that they are leaving themselves and users exposed from a cybersecurity perspective in more ways than one.
We are very excited about the mentality towards blockchain cybersecurity shifting into a top priority for anyone operating in the space. Perhaps one of the catalysts will be big enterprise entering the space and bringing their security and operations teams, who are hyper-sensitive to security, to the broader industry and encouraging others to follow suit. Also, as everyday users become more sensitive to security, we believe having a proven security and operations product to rely on will prove a competitive edge in the marketplace.
5. Where will AnChain.ai be in five years?
VF: We hope to be working with the full range of blockchain companies and organizations on security and operations efforts. We aim to bolster the confidence people have in the integrity of blockchain technology as a whole; the integrity of the DApps, exchanges, services, and products people interact with daily.
It's our goal to become an industry leader in providing blockchain security and operations solutions, much like a FireEye is the industry leader in malware detection, or a Mandiant is the industry leader in APT detection.