We recently connected with Galina Likhitskaya, Vice president, Operation & Product at HashEx, an audit and consulting firm for blockchain or distributed ledger tech (DLT)-enabled projects.
Galina talked about the importance of following the best or highest online security standards. She also discussed how smart contracts need to be carefully audited before they’re deployed. Additionally, Galina revealed HashEx‘s plans for the remainder of this year and 2020.
Our conversation with Galina Likhitskaya is shared below.
Crowdfund Insider: You’ve mentioned that HashEx is an R&D firm focused on blockchain integration in business processes and cybersecurity.
Please tell us about the main products and services you offer. And why are they beneficial to end-users?
Galina Likhitskaya: HashEx is an audit and consulting company for blockchain-based projects. Our mission is to provide security in the field of blockchain and cryptocurrencies. The main services we offer are audits of blockchain projects, mainly smart contracts.
Our services are primarily targeted at new projects in the cryptocurrency sector, which plan to issue tokens, conduct airdrops or crowdsales. Since our inception, HashEx has successfully audited more than 300 smart contracts for projects of various levels.
We also developed a security tool named CryptEx – a powerful instrument for protecting funds from rug-pulls, team abuse and other forms of exploits. CryptEx allows users to lock down their tokens for a desired period of time, thus safeguarding the funds from any potential dishonesty of a DeFi project’s founders.
At the same time, this helps a project to demonstrate the seriousness of its intentions to potential clients and investors. People can be more confident about entrusting their funds to a project if they know for certain that they won’t be scammed right afterwards.
Crowdfund Insider: For the past 5 years, you’ve been helping business innovators make great progress, develop strategic plans and bring them to life.
Please walk us through how you help your clients achieve their online security goals.
Galina Likhitskaya: When we started our company, a lot of our clients came to us with almost no knowledge of blockchain technology. We consulted them on what things can be done and what can’t or shouldn’t be done, helping them find the best way to achieve their goals. We developed technical solutions or audited their code if it was written by another team.
We also consult projects when a team needs advice in developing brand new functionalities. One of the cases where we assisted in such a manner is MetaHash. HashEx collaborated with MetaHash in regards to helping them develop their Yellow Paper, architecture of their TraceChain and MetaApps technology, and audit of MetaHash blockchain security.
Conducting such audits helps crypto projects boost confidence among their audience, since potential users and investors know that an audited project is protected from accidental mistakes, thus reducing the risk of financial losses.
Crowdfund Insider: There have been numerous smart contract hacks and exploits over the past few years.
Tell us how you think platforms can develop a comprehensive security strategy to prevent such attacks? What would be some good preventive measures?
Galina Likhitskaya: Security of a project does not stem from just one place. A variety of factors play their parts in this, with the fundamental among them being the project’s team itself. If you want to put together a secure project, then, before anything else, you will require talented developers who can write quality code.
Additionally, while in the development phase, projects shouldn’t take any shortcuts, cutting down the time dedicated to designing and testing the project’s infrastructure. To do so is tantamount to inviting all kinds of mistakes that will reveal themselves later, potentially damaging your project’s reputation.
It would be advisable to use automated software testing, aiming to achieve 100% code coverage always. During development, write tests for your code and perform regular reviews. Use reliable and trustworthy solutions.
As far as design, coding, and testing are concerned, it is always wise to leverage existing checklists or prepare your own, so as to ensure that you don’t miss anything. If you are developing something new in the field that your team is not acquainted with, always make certain to consult with experts.
And of course, any crypto project that deals with assets that are worth something needs to undergo an audit. With the gradual development of the crypto market over the years, this practice has become a necessity for every team that seeks to launch a blockchain project. In fact, those that take security particularly seriously tend to order audits from several companies. Each auditing company makes analysis based on its own experiences, so having more independent checks means a lesser likelihood of a bug or an exploit remaining unidentified in your project.
A proper release for the project is also important, as it includes the final sign-off. It is more preferable to use automated scripts for deployments, so as to avoid running the risk of man-made errors. And even once the release is taken care of, it doesn’t mean that you should rest easy. It is crucial to maintain caution in matters of support and incident handling.
The chances are high that hackers will come after your project at one point or the other. So it would be a good idea to consider in advance, how to deal with their attacks. Creating a bug bounty program is a sensible option, as it would allow you to further test your system for vulnerabilities from the outside.
Crowdfund Insider: What are the main ways that smart contract hackers carry out their exploits and how can company workers be trained to make sure they learn to use their work computer safely?
Galina Likhitskaya: Most of the famous exploits are made by means of targeting the existing bugs in smart contracts. But this does not make it less important to secure the user’s computers. With crypto projects, you always need to be sure that private keys of your accounts are safe. Utilizing cold wallets is a good choice for greatest security.
These are the wallets that do not have direct access to the Internet, which makes them far less vulnerable to hackers. But if a user finds hot wallets more convenient, then there are multi-signature mechanisms that require you to sign a transaction with several accounts, before it can be conducted. And, of course, the more traditional ways of computer security – antiviruses, strong passwords, etc. – should not be neglected either.
Crowdfund Insider: What are your plans for the remainder of this year and in 2022?
Galina Likhitskaya: By the end of the year, we’ll develop additional security services under the CryptEx brand. As part of the next launch suite we will be releasing a constructor of smart contracts. And the first element of the new toolkit will be a token constructor: a tool for creation of well-tested and audited tokens with various economic models. Following it closely will be a staking service.
There are also blockchain analytics services under development. Such tools help us track errors in the smart contracts that we are developing and also in smart contracts that we’re auditing. After polishing these tools internally we’ll make some of the features public.
We are also conducting automation of the audit process, so that auditors can focus more on finding serious bugs and less on some of the routine work. We have developed many interesting tools for automating the work of auditors and developers. Initially, we did this for our own internal use, but now we understand that it can be relevant for other teams as well. We intend to launch a training project and, perhaps within the framework of said project, we will provide access to these tools and teach how to use them.
We have many plans and they are quite ambitious. We have grown a lot this year and continue to develop further. In regards to the company’s success, I would like to note our team’s expertise and vast experience, as we have been working in this field for many years.