28 March 2024 - Leading blockchain RegTech firm RigSec recently delivered an insightful security sharing session to over 40 members from the Hong Kong Security and Futures Commission (SFC), shedding light on how to protect users from smart contract and decentralized finance (DeFi) risks and attacks.

Led by RigSec RigSec Chief Security Consultant Dr. Wu, the 2-hour interactive session provided a comprehensive overview of smart contract vulnerabilities, tools for reproducing hacks, and techniques for tracing stolen funds across decentralized and centralized platforms. Attendees gained valuable knowledge on how we identify and mitigate risks arising from smart contracts and digital assets. 

During the presentation, Dr. Wu delved into an in-depth explanation of vulnerabilities, including approve/transferFrom bugs, reentrancy attacks, and flash loan exploits, and showcased how to analyze and reproduce these attacks using popular tools like Foundry and Phalcon. The session also covered RigSec’s comprehensive tracing methodology, which involves analyzing hacks using blockchain explorers, forensic analytics suites like MistTrack and MetaSleuth, and gaining insights into the movement of stolen funds through mixers and exchanges. In the end, Dr. Wu also provided insight into the smart contract auditing landscape, outlining top security firms that conduct audits as well as crowdsourced auditing platforms and bounty programs that help improve code quality through validation and incentives.

"We were pleased to share our insights with the SFC to help safeguard Hong Kong's growing digital asset sector," said Sarah Ye, CEO of RigSec. "As the industry expands rapidly, ongoing collaboration between regulators and industry is crucial for addressing security challenges and building user trust."

Established in 2018, RigSec has helped numerous digital asset businesses in Asia obtain key regulatory licenses through its portfolio of compliance and security services. This latest session with SFC reinforces RigSec's commitment to building blockchain technology responsibly through knowledge transfer and protecting consumers in regulated markets.