At the beginning of 2019, Prof. Martin Vechev, Dr. Petar Tsankov, and their team signalled for and thus prevented a security flaw in a planned software update to Ethereum, the biggest blockchain platform. If this hadn’t happened, after the update the system could have provided attackers with a loophole in the code to steal user funds all over the world. Exactly a year later and after becoming a client of their startup ChainSecurity, PwC Switzerland buys the technology in an attempt to become the world’s leading provider of blockchain Smart Contract Assurance.
“As part of PwC Switzerland, the ChainSecurity team will focus on accelerating PwC Switzerland’s blockchain audits, including technical audits of smart contracts and blockchain platforms as well as risk protection services for clients who own cryptosystems,” said Andreas Eschbach, Partner and Leader Risk Assurance of PwC Switzerland and Europe.
ChainSecurity, which is a spin-off from the Swiss technology university ETH Zurich in 2017, has so far worked mostly with startups, and is now aiming to diversify its client base adding bigger players. “Trends show that the market is shifting toward larger companies. This transaction will allow us to access the PwC clients’ network and thanks to its established brand to offer ChainSecurity services and products to larger corporations. The company will continue to work with innovative startups,” tells us Petar Tsankov.
Blockchain vulnerability and security
For Vechev, Tsankov, and their co-founders Matthias Egli and Dr. Hubert Ritzdorf it all started with the first major hack in a popular Ethereum contract in 2016. Back then a security bug allowed an attacker to steal over $150M. Shortly after the incident, researchers from ETH (indeed the second-best university for computer science globally, according to current rankings) investigated the attack and explored different ways to ensure that smart contracts are free of vulnerabilities.
The group came up with a novel technique able to inspect all potentially vulnerable behaviors within minutes and published the result. As an open-source prototype based on the technique was made publicly available to users, the team received such positive feedback, that they decided to incorporate the company. And so was ChainSecurity born.
From academia for business
The complete version of the tool – a scanner for security vulnerabilities in Ethereum smart contracts, called Securify, was released in June 2018. After this, the team designed another product – VerX, a system able to automatically verify the functional correctness of smart contracts. VerX marks a major milestone in smart contract verification as it reduces the effort required to formally certify a contract by orders of magnitude, reads a blog post by ETH Zurich.
Since its incorporation in October 2017, the company has worked with 75 organizations – mostly blockchain startups, but also two banks from Brazil and Switzerland, tells us Tsankov. The acquisition of an undisclosed amount will allow the team of 12 to further develop its product and tweak it for the needs of larger corporate organizations.