The State of Blockchain Security With Our Co-Founder, Gonçalo Sá
As 2022 unfolds, we take a look at the state of the blockchain security industry and our plans in 2022 to keep evolving it.
“I promised myself I would never again put money into something I hadn’t audited myself.”
These are the words of ConsenSys Diligence Co-Founder, Gonçalo Sa. You’ve likely seen him around the ecosystem at a meet up or on Twitter. His relentless curiosity and passion for smart contract auditing led him to ConsenSys in April 2017, where he’s been building Diligence ever since. So, how does one start hacking full time on Web3?
As we reflect on 2021 and the current state of the blockchain security industry, let’s start from the beginning with Gonçalo’s story.
From Web1 Founder To Web3 Hacker
From a young age Gonçalo was fascinated by computers and started programming when his parents gifted a computer at age six. After university he was determined to be a tech founder, and though Gonçalo never stopped hacking, he founded diverse tech startups in biometric hardware, a mobile app, and AdTech. But it wasn’t until he discovered blockchain and Ethereum that Gonçalo truly found his tribe. He started mining with friends during the infamous DAO attack in 2016. It was then he decided security would be his service to Ethereum:
“A few months after Ethereum launched we started building rigs and made some money from them. We mined what would now be a lot of ETH. And I convinced my friends we should put our ETH in the DAO. When the DAO started getting hacked, it was 8:00am Portugal time. We woke up around 10:30 and it was…it was a total disgrace. We ended up trading for something like $0.33 on the dollar, which was a terrible decision. It was at that moment I promised myself I would never again put money into something I hadn’t audited myself.”
As mentioned, Gonçalo never gave up hacking and after the DAO hack, he began auditing full-time, for free. When he discovered ConsenSys, he immediately wanted to help and reached out to offer a free audit to the VariabL team who were building their alpha at the time.
The Challenges That Defined 2021: Talent And Standardization Scarcity
It’s been five years since Gonçalo started building ConsenSys Diligence and although the team maintains its original lean and flat structure, we’ve conducted hundreds of blockchain security audits for diverse clients from Web3, securing $25B in potential breaches, and built some of the industry’s most innovative tools, Fuzzing and Scribble.
“This growth is thanks to our team of hackers, whose skill set and experience cannot be overlooked since the greatest challenge we faced in 2021 was hiring.”
2021 showed us the demand for blockchain security work is now orders of magnitude higher than the talent available to complete it. What’s more we believe the security industry lacks standardization for smart contract auditing.
“Good security and dev tooling suffers from a great monetization issue. It is hard for us and our peers to create financially sustainable products that help developers when, in all fairness, the blockchain security developer base is still this small.”
We’ve seen in 2021 that building security tooling is crucial to the success of Ethereum and that the incentives are not yet there to properly create positive feedback loops on open source auditing tools for the security market to mature.
What’s in store for blockchain security in 2022?
Hiring new talent, as well as setting industry standards will be some of the key areas we’ll focus on in 2022. There are currently six open positions on our website. Check them out and apply!
We are also working on exciting solutions to create greater access to auditing work through system thinking, incentive, and token design. We’ll be sharing more details on this in the coming months so keep an eye out by following Diligence on Twitter. For the more attentive, some clues are left behind here. 👀
Thinking about smart contract security? We can provide training, ongoing advice, and smart contract auditing. Contact us.