We rank the top 10 performing blockchain security firms offering services such as smart contract audits, blockchain security analysis, penetration testing, formal verification, and security audits. Security audits are extremely important – this year we’re seeing the rise of Decentralized Finance (DeFi)— a new application of decentralized Blockchain technology that is poised to replace the trillion dollars Global Finance industry. However, recent events such as the dForce hack have shown us that hackers can exploit weaknesses in smart contracts and steal money. It’s almost like robbing a bank, except in this case the bank is flush with crypto AND can’t defend itself. In the case with dForce, the hacker stole $25,000,000 USD (talk about a good haul) and with crypto transactions, we know this is not reversible.
Consequently, security solutions, tailored to the volatile nature of blockchain technology and its components, have started making moves to isolate and neutralize security threats common in the blockchain terrain. In this article, I will highlight and explore the workings of the top companies in the blockchain security niche.
It is therefore extremely important for security audits of projects, exchanges and blockchains to be done. Users must also know what security tests have been performed and if any red flags were raised.
Hacken
Website: https://hacken.io/
Hacken performs a wide range of security services for its clients. These suites of services include blockchain security consulting, web/mobile penetration testing, coordination of bug bounty programs, crypto exchange ratings, among other things. Although Hacken offers a long list of services targeted at blockchain and crypto firms, its ecosystem, however, encompasses security products ideal for IT companies as a whole. The company has built a commendable reputation as a security risk assessment for companies requiring a digital environment to create or enable services for their consumers.
Hence, it comes as no surprise that Hacken has provided security services for non-blockchain giants like Air Asia. Furthermore, it has proven its commitment to blockchain technology by sponsoring and engaging security experts worldwide in security meetups.
Hacken has also created the HackenAI security platform designed to protect the end user from security risks and account compromises. Key features such as Darknet monitoring immediately alerts users of compromised passwords and possible darknet attacks. HackenAI is available on Android and Iphone devices.
Quantstamp
Website: https://quantstamp.com/
Quantstamp is a blockchain security startup unveiled at YCombinator W18 Batch. The security team of Quantstamp has experience in top IT companies like Google, Facebook, and Apple. And this is evident in the platform’s wide array of blockchain security tools and services. For one, Quantstamp has developed a decentralized security network for smart contract auditing. With this solution, users can perform automated smart contract security review on a “global network of decentralized security nodes.”
Additionally, the platform provides expert security audits for clients blockchain projects and a 24/7 security monitoring software tool.
Trail of Bits
Website: https://www.trailofbits.com/
Trail of Bits prides itself as a network of developers with the capabilities of identifying and fixing loopholes in software, devices, or codes. In other words, the solution provides an array of software security services that encompass smart contract audits, blockchain security research, software development, and so on. Over the years, Trail of Bits has developed formidable security tools for smart contracts. Some of these blockchain-focused solutions are Crytic, Slither, and Echidna.
Apart from that, Trail of Bits developed the popular AlgoVPN. As well, it has a lot of security publications on GitHub, including public reports for 0x Protocol, Compound, NuCypher, and MakerDAO, which are some of its clients.
OpenZeppelin
Website: https://openzeppelin.com/
The OpenZeppelin team is mostly known for its development of Solidity libraries known as OpenZeppelin Contracts. These libraries are used in most Solidity projects as a tested and standard template for contracts deployable on decentralized applications. Developers can integrate this solution through OpenZeppelin’s native SDK. Besides development, OpenZeppelin has a strong focus on smart contract security and audit services.
Also, OpenZeppelin was one of the first teams to reinvent blockchain security by introducing elements of gamification to identify loopholes in smart contracts. Another of its products, Ethernaut, is a Web3/Solidity war game, which entails gamers to hack smart contracts to move to the next level.
ConsenSys Diligence
Website: https://diligence.consensys.net/
US-based ConsenSys is one of the biggest and prominent blockchain incubators in the industry. Unlike other security firms mentioned on this list, ConsenSys dedicates its resources and technological know-how to the development of Ethereum blockchain applications and software, especially financial infrastructures. As such, its product, ConsenSys Diligence, offers security analysis for smart contracts. This audit product is at the cutting edge of sophisticated “cryptography, blockchain technology, and crypto-economic incentive analysis.”
Another of its products, MythX, is one of the most powerful automated scanners for Ethereum smart contracts. This solution provides a robust API, which developers can use to access security analytics tools.
Certik
Website: https://certik.io/
Certik is a security company looking to utilize topnotch formal verification technology in collaboration with some of the best cybersecurity experts to create end-to-end services. On its website, Certik claims that it has audited over 188,000 lines of codes and secured over $6.32 billion worth of assets. The team offers to mathematically validate the safety of smart contracts
Therefore, it has developed Certik Chain, a public blockchain focused on leveraging Certik’s Formal Verification platform, to secure decentralized projects. Certik is officially a partner company of Binance, and it is backed by prominent investors, including Binance Labs, Lightspeed, Matrix Partners, and DHVC.
LeastAuthority
Website: https://leastauthority.com/
LeastAuthority is a cybersecurity consulting firm with its main focus on privacy. It classifies itself as an enabler of private and disruptive storage solutions. At the moment, the platform has two major products available to its users. The first, Privatestorage (formerly S4), is a centralized system that provides storage infrastructure to end-users and offers them the autonomy over the collection, processing, and distribution of their private data. On the other hand, its second product, Tahoe LAFS, enables a decentralized, distributed, and fault-tolerant storage facility.
In addition to providing different storage architectures, LeastAuthority has published security reports for Ethereum, Tezos, and others. It also works with developers throughout their development cycles to ensure that their projects are not susceptible to security threats.
PWC Switzerland (former Chainsecurity)
Website: https://www.pwc.ch/en/services/risk-assurance/smart-contract-assurance.html
Chainsecurity has joined PWC Switzerland to perform security review projects and create security solutions for the emerging blockchain industry. With this partnership, PWC Switzerland offers consultant services to blockchain projects from the exploration stage to the post-deployment stage. This platform assesses smart contract designs, tests their viability, and monitors metrics detailing their performances after deployment. It excels in its ability to combine automated analysis tools and the expertise of security professionals to identify and eliminate potential threats.
As Chainsecurity, this blockchain team developed several security tools, including Securify and VerX. It makes sense to expect this team to continue its successful run in the blockchain security sector since it now has access to PWC Switzerland’s vast resources.
Slowmist
Website: https://www.slowmist.com/en/
Slowmist is China’s leading blockchain security company. They perform extensive blockchain security services that include smart contract audits, blockchain security audits, wallet security testing, and much more. Slowmist also has a safe staking project for blockchain ecologies, which delivers real-time data on the growth and security patterns of EOS, Cosmos, Vechain, and other top blockchain projects. Another interesting bit of detail about this platform is its powerful firewall project for EOS smart contracts, named FireWall.X.
Likewise, Slowmist is constantly tracking and publishing data and stats about security situation on crypto exchanges through their Blockchain Threat Intelligence (BTI) service.
Runtime Verification
Website: https://runtimeverification.com/
Runtime Verification is a research and development company focused on formal verification. According to the information on its website, this solution designs standard models for high-value applications and uses them as templates to develop security-sensitive products. Runtime Verification has developed two main smart contract security products. On the one hand, it offers smart contract correctness proofs with the help of the K framework to prove the viability of Ethereum and Cardano’s smart contracts. On the other, Firefly is a test coverage analysis tool for Ethereum smart contracts.
Additionally, Runtime Verification has worked with Ethereum Foundation on building a formal framework for Ethereum 2.0 testing.
Top tier smart contract auditing companies include Hacken, Trail of Bits and OpenZepplin
Great List! Thanks for Sharing
Missing a big one: Solidified
Nice List! I also wanted to suggest one more company “Immune Bytes”
You probably did not know about Coinbae at this point! http://www.coinbae.org/audit
Has anyone heard of TechRate or MythX?
I saw several popular blockchain firms having their smart contract audited by AnChain.AI recently: https://www.anchain.ai/smart-contract-auditing-sandbox
Solid list, but you somehow missed Halborn. They’ve provided smart contract auditing for:
– Coinbase
– Stellar
– Bancor
– Blockfi
– Ava Labs (Avalanche/AVAX)
and many others…
Yes, was going to say the same thing! Any reason Solidified isn’t near the top of this list?
Too expensive.