Danish Blockchain Lab: the 3 Biggest Risks for Blockchain Security
Danish Blockchain Lab is a fully remote organization with security engineers based in Denmark, Singapore, Germany, the Czech Republic, the United Kingdom, Turkey, Ukraine, Poland, and Cyprus. Their approach is to ensure the security of any blockchain network, through a combination of manual and automated code review. The company recently received two prestigious awards: “Emerging cybersecurity business of the year 2022” and “Innovation Award for Blockchain Security Analysis 2022”.
I had the absolute privilege to interview Niklas Agerbech, Founder and CEO of Danish Blockchain Lab. We talked about the challenges faced by his company as well as their plan for 2023.
Danish Blockchain Lab was born in 2021: how did you come up with this idea?
Right before Danish Blockchain Lab, we started out focusing on DRM licensing and anti-piracy. We generated a list of 100 Danish software companies, where we had a good feeling their license handling may be vulnerable to pirate copying. I was very excited when I called up the first company, but after being turned down by the 20th company with almost the same reply “well nothing is 100% secure”, we decided to close down the idea. My partner at that time called me up three weeks after to tell me, he successfully had gotten access to a Blockchain and potentially could withdraw coins. I called up the CEO and was quite sure I would have the same reply as the 20 other DRM companies, but instead he lost faith in his development team and hired us as their security partner. We learned a lot that day and especially that blockchain vulnerabilities are way more mission-critical than piracy of licenses. This is now 3 years ago, and shortly after Danish Blockchain Lab was a reality.
What are the challenges that you have faced so far?
Our biggest challenge has been to educate potential clients about differences in security audits and why a security strategy is important. That a smart contract certificate does not necessarily prove your overall security level and keep hackers away. This year, over 4 billion dollars was stolen in the crypto space by hackers, all these companies had received a smart contract audit at some point. Increasing security is about adjusting the whole organisation form; Tokenomics, smart contracts, apps, and password handling to infrastructure, and architecture. This of cause address a need for different strategies within every aspect. We therefore often get contacted by web3 companies, who want a smart contract review so they can get listed on an exchange, instead of spending their focus on increasing their security.
Blockchain security: what are the 3 biggest risks?
If we dig into the numbers of this year’s hacks, phishing and misconfigurations have been the largest causes for hackers to steal funds. This is also due to missing resources, and the difficulty in finding experienced developers. If a web3 company are assembling a team of 20 developers, chances are that most of them have not commercially built anything like this before. This can open a lot of flaws, bugs, and vulnerabilities in the code produced. The biggest risks we see are the web3 companies missing focus on taking a security responsibility and being transparent about it. They may be able to do so, since the general non-tech user, generally think their funds are secure since it is based on Blockchain. And how would the general user know better? After all high security, has been told to be one of the unique selling points of blockchain.
What are your plans for 2023?
We have currently started to expand to Asia through Singapore, which will be the main journey for us throughout 2023. Right now, our headquarters are based in Denmark with clients in US and Asia. We are also looking into new services, where we soon can offer a 24/7 incident response team, and insurances for web3 organisations. With this service, our team is ready to respond to any threat right away all year round 24/7.