Our latest installment in the "Behind the Startup" series welcomes Eskil, the visionary behind GoPlus Security, who shares not only his intriguing transition into the Web3 domain but also his profound commitment to crafting a safer digital future for all.
Ishan Pandey: Hi Eskil, I am delighted to welcome you to our "Behind the Startup" series. Can you elaborate on your journey from being an expert in Web2 security to founding GoPlus Security? What motivated you to transition into the Web3 security domain?
Eskil: Hello everyone, this is Eskil. Truthfully I've never been a security expert in the Web2 era. I would describe myself as more of an enthusiast when Mike Lee, my co-founder, shared his vision to launch a user security project in its early stages., I quickly realized this project could be monumental and particularly aligned with our background.
Mike is a seasoned professional in Web2 security who has observed numerous friends transitioning to Web3 fall victim to online scams. He recognized that although the burgeoning Web3 space offered vast opportunities, it was also fraught with chaos and pervasive risks. He noted a significant imbalance in the allocation of security resources within Web3, with a substantial focus on protecting projects, leaving individual users exposed and vulnerable.
Leveraging his extensive experience in Web2 and a solid understanding of Web3 technologies, Mike began addressing these user security issues. As the number of individuals seeking his assistance grew, it became clear these were not isolated incidents. With Web3's rapid expansion, a vast number of users were in dire need of protection.
Motivated by this, we resolved to assemble a team committed to advancing Web3 security and ensuring the safety of regular users.
Ishan Pandey: What specific challenges did you observe in the Web3 space that led you to establish GoPlus Security? How does GoPlus address these challenges differently from traditional Web2 security approaches?
Eskil: There are several key points to elaborate on regarding our position at the cutting edge of tackling the novel and distinct security challenges within the Web3 ecosystem. This area diverges significantly from the traditional Web2 environments in several crucial aspects:
Firstly, the Web3 ecosystem lacks an operating system-level security suite comparable to those found in Web2 environments, such as Windows Defender. This type of integrated protection plays a vital role in traditional digital environments safeguarding users from various cyber threats by scanning for malware, executing real-time protection measures, and providing automatic updates. However, in the Web3 space, this layer of security is conspicuously absent, leaving users more exposed to potential threats.
Secondly, the nature of wallet usage in Web3 introduces additional risks. Most Web3 users opt for non-custodial wallets, which offer them complete control over their cryptographic keys and, consequently, their funds. While this empowers users, it also strips away the financial risk management layers that are inherent in Web2 infrastructures, such as fraud protection and customer dispute mechanisms provided by banks or online platforms. In Web3, if a user loses their private keys or sends funds to a scammer, there is no central authority to intervene and reverse the transaction.
Thirdly, Web3 users are susceptible to distinctive threats that can be categorized into three main types:
Asset Risk: This includes scenarios like 'Rug Pulls,' where developers abruptly withdraw all funds from a project, leaving investors with worthless tokens; the proliferation of 'Scam Tokens,' which are designed to defraud investors; and the creation of 'Fake NFTs' that masquerade as legitimate digital assets but are worthless.
Interaction Risk: This encompasses dangers such as phishing attacks, where users are lured to malicious websites through fake URLs, leading them to inadvertently approve malicious contracts or sign harmful transactions. These risks are particularly insidious because they exploit the trust and interaction required within the Web3 space.
Emerging Potential Risks: This area includes threats such as 'Maximal Extractable Value' (MEV) attacks, where transaction ordering within blocks can be exploited for profit by miners or validators, at the expense of regular users. These types of risks are relatively new and represent a more sophisticated and potentially devastating breed of security challenge compared to traditional Web2 issues.
In conclusion, the security issues confronting end users in the Web3 environment are not only different but are also potentially more severe than those in the Web2 domain. As these risks continue to evolve, the need for dedicated, advanced security solutions tailored specifically to the unique requirements of the Web3 ecosystem becomes increasingly critical.
Ishan Pandey: GoPlus has achieved significant milestones, including partnerships with major dApps and projects. Can you discuss how these partnerships have contributed to GoPlus's growth and reputation in the Web3 security landscape?
Eskil: There are three phases during GoPlus’s development with all these partnerships: engage, empower and lead.
In the initial stages, our focus was on attracting new partners, especially leading projects. Initially, GoPlus struggled due to the novelty of User Security and our relative obscurity in the field. However, by making our API open, permissionless, free, and easily accessible, we began to attract early-stage projects and anonymous developers interested in new opportunities, much like us. We prioritized user feedback and continuously improved our Security Engine and algorithms, leading to partnerships with larger entities committed to enhancing user safety.
During this "empowerment" phase, our data's impact grew significantly, reflected in the supportive communities that emerged on platforms like Telegram and Slack. These groups, alongside our tech support, played pivotal roles in addressing user and project feedback, and dealing with inaccuracies, acknowledging that perfection in security is unattainable. Despite challenges, including mislabelling and threats, the majority acknowledged and appreciated our commitment to enhancing Web3 security standards, which in turn fuels our optimism for the evolving Web3 landscape.
By 2023, we had become integral to the User Security field, with major data websites, wallets, and dApps using "Powered by GoPlus." This marked our leadership and the industry's growth. There's still more to achieve in building the ultimate User Security Network, but the trust and recognition from our partners have elevated us and advanced the model to protect Web3 users.
Ishan Pandey: How do you expect "SecScan" and "SecWare" to influence the security landscape for developers and users in the web3 industry?
Eskil: "SecScan" and "SecWare" are poised to significantly reshape the security framework within the Web3 space, offering a dual approach to safeguarding both the development and user interaction phases. SecScan, a security risk detection engine, has evolved into a critical tool for developers by handling up to 20 million detection calls daily. With the integration of advanced AI algorithms, its capabilities have been substantially broadened, providing an in-depth and wide-ranging user risk analysis.
This allows developers to develop checkers accurately and promptly. The significance of SecScan extends beyond mere detection; with the planned opening of the platform, Web3 developers worldwide will gain access to sophisticated security tools, enabling them to customize their own security service.
On the other hand, SecWare aims to revolutionize user security by offering a full-spectrum protective service that extends through the entire lifecycle of on-chain interactions. By embedding this middleware across different blockchains, SecWare ensures that users are protected at every touchpoint, from initiating transactions to finalizing smart contracts. This multi-chain protection is crucial for building trust and reliability in Web3. Furthermore, SecWare's middleware approach enables seamless integration and user experience, significantly reducing the complexity traditionally associated with blockchain security. Users benefit from native on-chain risk control mechanisms that operate quietly in the background, safeguarding their assets without disrupting their experience.
The ease of use is essential for encouraging broader adoption of Web3, as it removes one of the significant barriers for new users: the complexity and fear associated with security risks.
Together, SecScan and SecWare address the urgent need for comprehensive security solutions that cater to both ends of the Web3 spectrum – from development to end-user experience. By providing robust tools for developers and seamless security integration for users, they contribute significantly to the growth and sustainability of the Web3 ecosystem. As these tools become more integrated into daily Web3 operations, we can expect to see a significant reduction in incidents and breaches, leading to a safer, more trustworthy Web3 future. This, in turn, could catalyze the mass adoption of Web3 technologies, as both users and developers gain confidence in the security and reliability of the ecosystem.
Ishan Pandey: How do you plan to decentralize the data network and ensure the reliability and integrity of the security data provided by various contributors?
Eskil: The GoPlus network's data layer is designed to be decentralized, transparent, and open, consisting of three main components: data contribution nodes, data verification engine, and decentralized storage solutions.
Firstly, our data layer will be accessible to anyone meeting the set conditions, ensuring the network's openness and decentralization. Individuals and organizations can become data contribution nodes by staking tokens, which not only democratizes the process but also assures the quality of contributed data. Staking acts as a form of quality control, as contributors delivering poor or malicious data risk being slashed, thereby safeguarding the reliability of the data.
After data is contributed, it undergoes validation through our specialized data verification engine. This engine employs techniques such as zero-knowledge proofs (ZK-proofs) to ascertain the validity and authenticity of the data while maintaining the privacy of certain information. This step ensures the integrity and reliability of the data within our network.
Lastly, verified and valid data is stored using decentralized storage methods. This ensures the durability and accessibility of the data while allowing data owners to set varying levels of access and permissions for viewing and downloading. By implementing this three-pronged approach—comprising contribution, verification, and decentralized storage—we aim to maintain the reliability and integrity of security data provided by various contributors within the GoPlus network.
Ishan Pandey: Could you elaborate on GoPlus's revenue model?
Eskil: Currently, Goplus offers several primary components within its User Security suite. The first is the user security service subscription fee from SecWareX, a comprehensive user security portal; And the second is the “Gas fee” with the integration with blockchains. The third is User Security Data, running by the AI-driven Security engine “SecScan”, available via open API/SDK.
Three Main Products provided by GoPlus to earn revenues
Service Subscription fee from SecWareX(User Security Service Center)
The recent introduction of SecWareX in March 2024 has been a monumental success, attracting over 500,000 users within its first week, and surpassing 30,000 premium subscriptions within ten days( around $400K within three weeks), reflecting substantial user trust and engagement. This will be the strongest and main revenue stream for GoPlus
Gas fee income from “User Security Modular” (In planning)
After we have integrated with different chains, we will also have the income generated from gas fee burnt by Users Premium Version of the User Security Data(API)
Additionally, although the API model is not the primary source of revenue, GoPlus enhances its API services through various partnerships across the blockchain ecosystem, including public chains, data websites, wallets, and dApps. A premium API/SDK version is also available for third parties seeking advanced data solutions, which comes with an optional Service Level Agreement (SLA) guarantee. We will also enlarge the part of the income once we are in a better market position later.
Ishan Pandey: Given the dynamic regulatory landscape surrounding cryptocurrencies and Web3 technologies, how does GoPlus navigate compliance and ensure its services remain accessible and legal in various jurisdictions?
Eskil: At the core of our mission is a steadfast commitment to user safety, manifesting through our proactive compliance strategy. Understanding the dynamic nature of regulatory landscapes, we've integrated compliance into our operational ethos, ensuring that our users' interests are protected at every turn.
Our compliance framework is bolstered by diverse partnerships, each selected to enhance our regulatory agility and insight. Firstly, regional regulations, for instance our collaboration with the HKVAC epitomizes our proactive stance. We engage in continuous dialogue, ensuring that our User Security data align with the evolving CEX compliance standards in Hong Kong, thereby setting a benchmark for regulatory adherence.
Next is Industry Experts, our alliance with the CEX Risk Management and Compliance department is a testament to our dedication to excellence. By tapping into their vast reservoir of risk management and compliance acumen, we significantly reinforce our compliance frameworks.
Thirdly the Tech Giants and Cybersecurity Pioneers, our engagements with leading Web2 technology companies and cybersecurity firms are crucial. These relationships facilitate a seamless exchange of knowledge and keep us at the forefront of security and compliance innovations.
In-House Vigilance:
Lastly in-house vigilance, which refers to our commitment extending beyond external collaborations. We are equipped with a dedicated internal compliance team, vigilant and informed, constantly navigating through the complexities of global regulatory environments. This internal mechanism ensures our services are not just compliant but exemplify the highest standards of regulatory conformance across all jurisdictions we operate in.
Ishan Pandey: How does GoPlus differentiate itself from these competitors, and what advantages does it offer to its users?
Eskil: The GoPlus User Security Network stands out in the Web3 space, where few entities share similar values or objectives. When comparing GoPlus to potential counterparts like Blockaid, Token Sniffer, De.fi, Hapi, and Quick Intel, the distinction becomes clear. Unlike these entities, which may focus on singular product offerings, GoPlus is committed to a comprehensive Web3 user security approach that is open, permissionless, and user-driven.
The differences between GoPlus and the rest of the companies is that, GoPlus distinguishes itself by offering a unique solution to Web3 user security issues. From the outset, GoPlus has maintained a commitment to openness, permissionlessness, and user engagement, striving to address the centralization that plagues many existing security services. By decentralizing data sources, computing power, and services, and incentivizing diverse roles within the “User Security Network”, GoPlus ensures its framework remains open-source and verifiable, contrasting sharply with competitors who may rely on proprietary models or even utilize GoPlus's data without contributing to its ecosystem.
Furthermore, GoPlus's strength in user security is unparalleled. As one of the inaugural projects in the Web3 user security domain, it emphasizes verifiability, collaboration, and domain expertise. The GoPlus Security team, composed of cybersecurity veterans from major tech companies, leverages their extensive experience to develop advanced security engines and contribute significantly to the Web3 security landscape through peer-reviewed research. This expertise allows GoPlus to stay abreast of emerging Web3 trends and threats. Additionally, GoPlus Security's reach extends across more than 20 chains, making it one of the most utilized security services in the Web3 ecosystem, highlighting its superior capability and broad impact in enhancing user security.
Last but not least, GoPlus aims to facilitate Web3 mass adoption and the team believes user education is a crucial element in achieving this vision. GoPlus’ product SecWareX visualizes user risk and makes security both enjoyable and comprehensible, reflecting the firm’s commitment to enhancing user experience alongside cutting-edge technology.
Ishan Pandey: Looking ahead, what are the biggest challenges or opportunities you foresee for GoPlus Security in the Web3 security landscape, and how does the company plan to address them?
Eskil: As GoPlus Security navigates the evolving landscape of Web3 security, we stand at a crossroads of unprecedented challenges and opportunities. Our journey forward is twofold: transitioning from offering singular security solutions to providing holistic personal security risk management.
The advent of Web3 introduces complex scenarios blending security needs with financial risk control – a frontier not previously encountered. The dual need to thwart technical attacks while systematically identifying and mitigating financial risks elevates the demands on our services. Consequently, our mission extends beyond traditional security measures. GoPlus Security is adapting by spearheading the development of a comprehensive risk management system.
This initiative involves enhancing our existing security engine with upgraded risk control data, implementing cutting-edge risk strategies, and ensuring our services swiftly adapt to cover all conceivable risk scenarios in the Web3 domain.
Amid these challenges lies an immense opportunity, the expansion of user reach through security modularization. By embracing modularized public chains and adapting our services to accommodate non-modularized ones, GoPlus Security not only simplifies secure RPC access for users but does so without necessitating changes in user behavior. Our strategy includes providing innate, decentralized security risk controls for public chains. This approach is set to capitalize on the potential for scaling our user base significantly, ensuring GoPlus Security remains at the forefront of user-centric security solutions in the Web3 space.
As we move forward, GoPlus Security remains committed to addressing these challenges head-on while seizing the opportunities to enhance and expand our services, ensuring a safer Web3 experience for all users.
Don’t forget to like and share the story!
Vested Interest Disclosure: This author is an independent contributor publishing via our brand-as-author program. Be it through direct compensation, media partnerships, or networking, the author has a vested interest in the company/ies mentioned in this story. HackerNoon has reviewed the report for quality, but the claims herein belong to the author. #DYOR