Daryl Hok is Executive Vice President and Chief Operating Officer of CertiK, a NYC-based blockchain security firm founded by the Yale Computer Science department chair and a professor at Columbia University. CertiK pioneered the use of Formal Verification technology to mathematically prove whether smart contracts and blockchains are bug-free and hacker-resistant. Backed by notable investors including Binance Labs, Lightspeed Venture Partners, Matrix Partners, and NEO Global Capital, CertiK has secured over $5 billion in assets, including the successful audit of Binance’s recently-issued stablecoin, BGBP.
Previously, Mr. Hok spearheaded Corporate Development at FiscalNote, a global machine-learning legal tech company, where he accelerated growth by completing 3 acquisitions in 12 months, including a $180M purchase from The Economist Group. He was also the Product Manager responsible for creation and launch of the company’s software products and data infrastructure. He obtained a dual BA in Economics and Psychology from Yale University, and has a specific interest in behavioral economics.
The Politic: Tell me about your background!
Daryl Hok: At Yale, I was in Silliman and double-majored in Economics and Psychology. Straight after Yale, I joined a Washington, DC startup called FiscalNote. It’s a global AI company that uses machine learning on government data. I didn’t know at the time, but the company’s focus on legal regulations became relevant to my path into blockchain because they are so intertwined. I was one of the first employees there. I went from helping start the BD team, to later becoming a product manager responsible for the backend infrastructure, to leading acquisitions and integrations for accelerated growth.
While leading Corporate Development, I completed three acquisitions in a span of 12 months. For each acquisition, we would purchase a company with a pretty steady trajectory and apply a strategic integration plan that would result in synergies from the unified company. The largest and final acquisition that I was involved in was the acquisition of the Washington, DC arm of The Economist Group, which owns The Economist magazine. The company was called CQ Roll Call–a historical staple of Capitol Hill. The transaction size was $180 million, and FiscalNote more than doubled overnight, positioning itself well for even faster growth.
As you’d expect for a transaction of that size, it was a long process before the deal was fully completed. In late 2017/early 2018, in the prime of the bubble, I used this time to conduct research on the ever-booming ICO market. That’s when I dug real deep into the technology of blockchain and haven’t looked back since.
Through a mutual friend of mine from Yale, I eventually got connected to the cofounders of CertiK, an impressive blockchain security company with close ties to Yale. One of the cofounders was Professor Zhong Shao, the Chair of Yale’s Computer Science department. Another cofounder was Professor Ronghui Gu, who received his PhD at Yale and became a professor at Columbia University.
Using groundbreaking, proprietary technology that originated from their research at the Yale research lab, CertiK was on a mission to build a more trustworthy blockchain ecosystem for all. With my experience in BD and Product within a fast growing company, along with my experience in accelerating existing companies following acquisitions, the fit seemed natural, and I joined as the Chief Operating Officer of CertiK.
What’s your day-to-day?
That’s a little bit harder to define. I try to fill in the temporary vacancies of the company as we continue to grow, whether it’s recruiting or jumpstarting a new team. Recently, I worked on securing a new, larger office in Times Square, which will be our home for a handful of years. Last month, I was speaking at Asia Blockchain Summit in Taipei, which was a high quality conference with other speakers like CZ of Binance, Justin Sun of Tron, and Charlie Lee of Litecoin. Toward the end of that month, I was in Seoul to meet with our Korea team and attend the BUIDL conference. Although my day to day is pretty variable, I try to focus on the highest leverage activities to move the company forward.
CertiK – how does the blockchain and smart contract auditing work?
At its core, CertiK focuses on proving the correctness of software. For software to be truly correct, it should be bug-free and should only perform the intended actions–nothing more. Although the feat may sound unattainable, this can be achieved by utilizing a technique called Formal Verification, which happens to be what Professor Shao works on in his Yale Research Lab. Formal Verification uses mathematical proofs to reason about source code and compute the full set of possibilities of what the source code may do–with mathematics, you’re able to exhaustively prove that a certain adverse scenario will never occur. For instance, if you’re focused on the Account Balance of a digital wallet, you can prove that the Account Balance (let’s call it the variable, x) will never be a negative number. You can simulate the sending and receiving of any combination of integers, from <0.0001 to >1000, and if you never get a situation in which the Account Balance, x, is negative, then you’ve just proven that the wallet does not let you send money that you do not have.
Traditionally, Formal Verification has been used by NASA, Intel, and drone and airplane companies. It’s typically associated with mission-critical hardware applications, where it’s imperative that bugs do not exist. We’ve brought Formal Verification to blockchain. In an environment where there’s no help desk, it’s imperative that the code is correct because programs like smart contracts are self-executable and permanent.
Any way to quantify the number of errors prevented by CertiK software? E.g., 99% of errors are prevented.
For the most part, the checks of Formal Verification are binary: for the situation that you’re looking for (e.g. will the Account Balance, x, ever be negative?), it is a “yes” or a “no.” Formal Verification checks for the absence of bugs, whereas traditional means of testing will check for the existence of bugs. Although the differences may sound inconsequential, the implications are actually very significant. If you’re just looking for bugs, the fundamental problem is that you’ll never be able to know how many bugs exist in total–so you’ll never be able to be fully confident. However, if you apply Formal Verification to prove the absence of certain bugs, then you can be fully confident because the mathematical proofs have already calculated all possible outcomes. It is important to note, however, that you cannot formally verify everything (e.g. infinite loops) and that the verification is highly dependent on a proper specification–if someone intends that the code performs something that is incorrect, Formal Verification will only ensure that the code was correctly implemented (and in this case, it would correctly perform the incorrect action).
What are some projects that you’ve audited?
An advantage in being in the security space is that, as long as you’re helping improve the security of the ecosystem, people generally want to help you. We’ve been fortunate to work with top projects throughout the blockchain world who’ve realized that our rigorous verification method was the best way of ensuring security. We’ve audited several major smart contracts like Binance’s BNB and BGBP, TrustToken’s TUSD, and Bitfinex’s LEO.
How about a political perspective first, and then some career advice after?
This is not yet a political issue, but I think that a fascinating topic to watch with the rise of bitcoin is going to be the topic of bitcoin mining. Of course, there are already conversations around the environmental burden of mining bitcoin, but the less discussed topic is about whether more countries will increase their bitcoin mining. As of late, bitcoin (BTC) has seemed to be successful in articulating the “bitcoin is digital gold” narrative–the limited quantity of bitcoin fosters a natural scarcity, paralleling the limited, yet highly sought after, minerals on Earth. If this narrative holds, and if the price of bitcoin rises (or even stays steady), then the countries that have large bitcoin mining operations–such as China and Russia–will have amassed a huge portion of the commodity.
In the case of a commodity such as oil, geographically-located oil wells had led to several global conflicts among countries. If bitcoin is truly a commodity, it becomes very interesting because, unlike oil, diamonds, or gold, mining is not physically limited to any particular region. With mining hardware and electricity, anybody can mine bitcoin from anywhere. But from analyzing the density of mining operations worldwide, the distribution of mining is not very dispersed. It’s as if the price of gold is increasing in the market, but there are only a few countries interested in mining the gold. As I mentioned, this doesn’t seem to be a political issue at the moment, but I’m curious to watch if it later becomes a more political topic, similar to the conflicts associated with other scarce commodities.
And the career advice?
For any current student or recent Yale graduate, my advice is to use the early part of your career to find roles that emphasize learning skills–both hard skills and soft skills. Nowadays, people don’t work at a single company for their entire career; the first company you work for will probably not be your last. For that reason, prioritize learning skills that will guide you throughout your long career, whether it’s gaining poise from doing sales or internalizing cognitive biases from being a product manager. Personally, I’ve been fortunate to hold a variety of different roles in a short amount of time, and I’d credit that to going the startup route instead of the traditional, corporate route. A startup is certainly more “risky,” but as a recent Yale graduate, I’d argue that there’s no better time to take a risk. Plus, if you prioritize learning skills, as I mentioned earlier, then the success of the startup is less important that the skills that you gain from the experience.