Media interview with CertiK co-founder Gu Ronghui: Custody security urgently needs regulatory attention

On April 25, on the eve of the U.S. Securities and Exchange Commission (SEC) Digital Asset Roundtable, the well-known Korean technology media Korea IT Times published an article citing the professional insights of Professor Gu Ronghui, co-founder and CEO of CertiK, on ​​issues related to crypto asset custody security.

Gu Ronghui pointed out that custody security is crucial to maintaining the integrity of the entire Web3.0 ecosystem. The recent incident in which the Bybit platform lost $1.4 billion in assets due to a vulnerability has sounded the alarm for the industry, "Custody service providers should accept formal verification. Only through rigorous mathematical proofs can we ensure that the code runs as expected and there are no exploitable vulnerabilities." He further proposed that crypto custodians should establish complete process standards covering key management, incident response mechanisms and regular security audits to systematically enhance risk resistance.

In addition, Gu Ronghui particularly emphasized the core role of "transparency" in custodial security, "Transparency not only enhances trust, but also helps investors make smarter decisions". Since 2020, he has led CertiK to implement the "transparency" principle of full disclosure of audit reports, relying on visual security tools such as Skynet to help users more intuitively evaluate project security. At present, CertiK is the only platform in the industry that fully discloses all audit reports, and its transparent audit model has set a security benchmark for the Web3.0 industry. According to a comment by the Korea IT Times, Gu Ronghui's insights provide an important reference for building a safer and more trustworthy digital asset ecosystem.

SEC Digital Asset Roundtable: “Know Your Custodian: Key Considerations for Digital Asset Custody”

NEW YORK - As the digital asset ecosystem continues to evolve at an astonishing pace, regulators such as the SEC are paying increasing attention to the challenges posed by this emerging industry. In an effort to promote technological innovation while protecting investors, the SEC is holding a series of roundtable discussions with key industry players in an effort to develop a more comprehensive regulatory framework. In the latest meeting, executives from Coinbase, Uniswap Labs, and the New York Stock Exchange gathered to discuss in-depth details of digital asset trading rules. A more critical dialogue will be held tomorrow (25th, Eastern Time), with the theme of "Know Your Custodian: Key Considerations for Crypto Custody". Ronghui Gu, professor of computer science at Columbia University and co-founder of CertiK, the world's largest Web3.0 security company, pointed out that custody security is crucial to maintaining the integrity of the entire Web3.0 ecosystem.

As cyber attacks become increasingly sophisticated, the importance of security issues is becoming increasingly prominent. Professor Gu emphasized: "At the SEC's roundtable on digital asset custody, security should be at the core of the discussion." Taking the recent $1.4 billion security breach suffered by Bybit as an example, the confidence of the affected investors has been severely hit. Obviously, more robust security measures must be taken in the Web3.0 field. Such incidents not only threaten the security of personal assets, but also impact the credibility of the entire digital asset industry as a viable alternative to traditional finance.

At this critical SEC meeting, discussions should delve into the rigorous security standards that custodians should meet. “Custody providers should be subject to formal verification,” said Gu, stressing that only rigorous mathematical proofs can ensure that code works as expected and does not have exploitable vulnerabilities. In an industry where transactions are based on smart contracts, the impact of weak security cannot be underestimated.

While regulation often lags behind technological advances, this is a time when the industry needs to take the initiative. “Formal verification is not an option, it is a necessity,” said Gu, adding that it is essential to maintaining investor trust and system stability. As the industry matures, custody solutions must be not only innovative, but also resilient to complex threats.

In addition to verification of smart contract code, Gu also proposed some non-negotiable security standards that must be integrated into the custodian’s operating system. He pointed out: "The generation and storage of keys must follow strict and auditable standards." In the field of Web3.0, key management is the cornerstone of security. Once handled improperly, the consequences may be extremely serious.

Establishing a sound security incident response mechanism is also a key link. "Adopting a forward-looking response strategy for potential security vulnerabilities is crucial to minimize losses." Professor Gu emphasized that rapid response can not only effectively control losses, but also enhance the confidence of customers and partners. A sound emergency plan should not only cover various threat scenarios, but also clarify the roles and responsibilities of different stakeholders in a crisis.

He also called on hosting service providers to conduct regular and proactive security audits to strengthen internal self-supervision. "Continuous security assessments can identify vulnerabilities in advance before they become crises." He said that such audits should not be reduced to a form of response to supervision, but should become an important guarantee for responding to network security risks.

In addition, Professor Gu emphasized that transparency should be a key part of the new custody system. He believes that custody service providers should disclose their security practices, security audit results and related security incidents to customers and regulators. "Transparency not only enhances trust, but also helps investors make more informed decisions." By making security protection measures clearly understood by stakeholders, the entire ecosystem can establish continuous trust, which is the fundamental guarantee for the long-term development of the Web3.0 market.

This upcoming roundtable will provide a valuable opportunity to address the above key issues. By drawing on the insights of professionals such as Professor Gu, regulators are expected to establish a more secure and regulated environment for digital asset custody. At this critical moment in the formulation of the regulatory framework, in-depth cooperation between academia and industry is crucial - only professional teams that truly understand the impact of technology and regulation can be competent for the task of custodying assets.

While all parties are paying close attention to the outcome of this important meeting, the importance of raising the security threshold for digital asset custody cannot be ignored. Calls for formal verification, transparency, and security-first considerations should run through the entire SEC meeting discussion process. Only in this way can regulatory measures protect the rights and interests of investors while laying a solid foundation for the next wave of innovation in the digital asset industry.

As the SEC is about to hold a discussion meeting that will influence the future direction of Web3.0 regulation, it must always focus on the two pillars of innovation and security. Insights from experts such as Professor Gu Ronghui provide a clear path for building a more secure and trustworthy digital asset future: while encouraging responsible growth, prioritizing the establishment of a solid security practice framework. Although the current challenges are high, the commitment to safeguarding the integrity of this transformative financial system must be even higher. Only in this way can the industry move forward steadily.