This interview is part of our new Blockchain In Cybersecurity series, where we interview the world's leading thought leaders on the front lines of the intersections between blockchain and cybersecurity.
In this interview we speak with Richard Ma, CEO and Co-founder of Quantstamp, to understand how his company is using blockchain to transform the cybersecurity business, and what the future of the industry holds.
1. What’s the story behind Quantstamp? Why and how did you begin?
RM: In 2009, the creation of Bitcoin marked the beginning of the inevitable trend of software eating money. When Ethereum was released in 2015, smart contracts allowed money to be programmed in ways that enabled new and exciting use cases with the potential to scale the world economy.
Although blockchain technology has incredible potential, in 2017, over 250 million USD worth of value was either lost or stolen due to vulnerabilities in blockchain applications. It became apparent that if security wasn’t addressed, the adoption of blockchain technology would suffer. In response, Quantstamp was founded to secure the future of money.
2. Please describe your use case and how Quantstamp uses blockchain:
RM: While there are other auditors in the space, no one is seriously addressing the scalability aspect of smart contract security while also bringing existing business and government stakeholders to the table.
The number of smart contracts is growing exponentially. In 2017, there were only around 10,000 smart contracts – today, there are more than 8 million. But with the exponential growth of smart contracts, the demand for audits has outpaced the supply of qualified security engineers. It’s no longer possible for human experts to manually audit all of these contracts. To address this challenge, we’re bringing automation to the blockchain space so the world can use this technology securely.
Our team is building software that allows users to automatically scan their smart contracts for security vulnerabilities before and after deployment. This means developers can integrate security checks as part of their workflow, with results stored directly on the blockchain.
3. Could you share a specific customer/user that benefits from what you offer? What has your service done for them?
RM: One notable customer was Binance, one of the largest cryptocurrency exchanges in the world. Last year, two security vulnerabilities were discovered in a number of ERC-20 tokens. This had a huge security impact on exchanges, but thanks to our experienced auditors and the automated auditing tools at our disposal, we are able to respond extremely quickly to the incident and audit over a hundred of Binance’s tokens. This year, Binance came back to us to audit their GBP-backed stablecoin, one of the first major stablecoins to be pegged to the British pound.
At the same time, we’re working on solutions to address scalability. Launching Quantstamp Security Network V2 means smart contract developers can now integrate security checks as part of their development workflow. We also recently open sourced the code for our Bounty Protocol, which is basically a marketplace for developers to identify bugs in smart contracts that automation cannot detect. This lets us leverage software engineering talent from around the world to add an essential layer of infrastructure for blockchain security.
4. What other blockchain use cases in cybersecurity are you excited about?
Reducing Fraud in Corporate Procurement: One advantage of blockchain is that it’s tamper-proof. We were proud to be involved in a joint effort among multiple agencies–including the World Economic Forum–to explore the potential of blockchain to reduce corruption in corporate procurement in Colombia. It’s estimated that 20-25% of funds are lost to corruption globally at the government level, so this is a really exciting application of this technology.
Alleviating Poverty with Transparency: We’re also seeing interesting use cases in the charitable giving, where blockchain has the potential to reduce administrative costs and increase transparency for donors. We were honored to be part of a strategic alliance to unveil the Pink Care Token Project, a stablecoin tied to a years’ worth of hygiene products.
Blockchain is helping to solve issues we used to think were unsolvable. Organizations across all sectors are beginning to see the potential of blockchain and its ability to give them a competitive edge and gain efficiencies. So as we see more use cases and tackle these challenges around security, we’re confident that blockchain—and smart contracts—will continue to see unprecedented growth.
5. Where will Quantstamp be in 5 years?
RM: Our vision is to help mainstream adoption by allowing scalable access to smart contract security tools. Blockchain technology is truly in its infancy and still has incredible potential for growth. As demand outpaces the supply of security professionals, we need to move beyond manual audits to focus on scalability, developing automated security tools, and incentivizing safer coding practices early on in a developer’s workflow.