Blockchain Security

Providing professional security auditing and penetration testing services for exchanges, blockchains, contracts, wallets, mining pools and other blockchain projects.

Security Requirements

In order to achieve security, systematic and distinctive protections that can keep pace with or even surpass the development of attack techniques is necessary. This requires us to first correctly understand the security threats in blockchain ecosystem. Blockchain system faces 2 types of threats: one is the known attacks against the traditional internet technology stack, the other is the new risks bred by the uniqueness of this industry.

  1. Application Layer Security Requirements

    Derived from business scenarios and echosystem roles Such as exchanges, defi, wallets, miners, mining pools

  2. Technical Layer Security Requirements

    Derived from the system architecture and the tech stack Such as blockchain infrastructure, smart contracts, web sites, mobile apps, hardwares

Customer Scope

Inspired by the security requirements analysis, the blockchain ecosystem can also be classified in 2 dimensions: business scenarios & technology stacks.Based on this, various of security requirements can be practically and properly broken down and reorganized.Chaitin provides services to all the following customers, precisely and conveniently covers their security requirements in a professional way.

Service Solution

Chaitin blockchain security service solution provides comprehensive protection to all kinds of customers.

  1. Blockchain Security Audit

    In-depth security audit on layer1/2 blockchain source code by professional experts, including 90+ basic checks and 0day vulnerability discovery in both implementation and design, to improve the core security of blockchain infrastructure.

  2. Blockchain Deployment Consultancy

    Comprehensive mainnet launch consulting including initial parameters, configs, PKM and topology, based on in-depth analysis of blockchain network, ledger model, architecture features, node types etc., to ensure a secure and proper launch procedure.

  3. Smart Contract Security Audit

    Professional manual security audit on contracts by professional experts, including 50+ basic checks, 0day vulnerability discovery, unknown risks identification, and contract optimizations, to ensure the security and efficiency before contract deployment.

  4. Exchange Penetration Test

    Simulates real attacks on exchanges by the leading pen test team and eliminates potential security threats before blackhat hackers' attack, ensure the security of funds.

  5. Mobile Wallet Penetration Test

    In-depth security pen test on mobile wallet apps by advanced mobile security expert team, to prevent attackers from obtaining private keys in remote interactions, and strengthen the protection under physical access conditions, improving wallet's security.

  6. Hardware Wallet Penetration Test

    In-depth security pen test on wallet hardwares by advanced IoT security expert team, including 40+ basic checks, to improve the resistance to malicious attacks and help wallets to achieve higher security.

If there are other security needs for mobile applications and hardware devices, Please contact Chaitin Technology for detailed solutions.

Service advantages

  • Comprehensively covers various ecological roles such as exchanges, wallets, blockchain applications and miners. Well understands the business characteristics for the segmented scenarios.

    Full coverage of ecological roles

  • Provides standardized, specialized and customized security services based on the analysis of ecological roles and technology stacks.

    Customized services based on two-dimensional quadrants

  • Comprehensively covers various technologies such as chains, smart contracts, web sites, mobile apps and hardware devices. Well understands the technical architecture and security risks.

    Full coverage of technology stacks

  • Technical experts often get invited by and win awards in world-famous security conferences and competitions. Combining years of traditional security experience with cutting-edge blockchain security research, far surpass the attackers.

    Professional expert team Well developed services

Cases

A Large Centralized Exchange

Security Requirement:

  • Protect the security of funds, platform privileges and individual accounts; Prevent attacks from internet (website) and leaks from inner net (insider).

Service Solution:

  • Exchange penetration test service.
  • Mobile application penetration test service.

Customer Benefit:

  • After several rounds of test before reach to us, the exchange still exists several critical vulnerabilities and identified by the technical team. By fixing all the issues with the help of the pentest team and the pentest report illustrating the vulnerability details, the exchange customer avoided potential severe financial loss.

A Famous Public Blockchain

Security Requirement:

  • Optimize the underlying architecture; Protect the development security; Guard the platform runtime operation.

Service Solution:

  • Blockchain source code security audit service.
  • Wallet client source code security audit service.

Customer Benefit:

  • Technical team identified several vulnerabilities that can cause blockchain forks, node crashes, double spending, coin stolen and other hazards. By finishing the complete audit and adopting remediation recommendations in the report, the blockchain project became more secure and stable.

A Multi-Currency Wallet

Security Requirement:

  • Protect the security of private key, assets; Ensure the tx processing procedure and wallet app are secure.

Service Solution:

  • Mobile wallet penetration test service.

Customer Benefit:

  • By fixing all the identified issues such as decryptable database, debuggable application, breakable encryption and signature scheme, the security of wallet product was significantly improved and avoided potential leakage of user private key and tx cross-chain replay attacks.

An ICO Project

Security Requirement:

  • Ensure the security of contracts; Eliminate the risks introduced during the development.

Service Solution:

  • Smart contract source code security audit.

Customer Benefit:

  • By fixing security issues caused by defects in lock-up logic and ERC20 standard, the customer avoided potential severe financial loss and DoS attacks.