This interview with Dmytro Matviiv, CEO of HackenProof, explores the key cybersecurity challenges facing the cryptocurrency industry today. He explains how security audits and bug bounty programs help projects identify vulnerabilities before attackers do, and discusses the growing role of artificial intelligence in both cyber defense and cybercrime.
Dmytro also examines the most common causes of crypto hacks, highlighting the importance of asset diversification, secure wallet management, and greater transparency from blockchain developers. The conversation provides practical insights into how the industry can improve security and build trust among mainstream users.
The Path to Ethical Hacking and the Mission of HackenProof
Danylo: Dmytro, how do you explain what you do to your friends without using difficult words?
Dmytro Matviiv: We help companies find their own security problems before criminals do. We manage a global community of ethical hackers who search for vulnerabilities, report them, and get paid for their findings so the company can fix the issue before anyone gets hurt.
Danylo: You have a deep background in cryptography and public key infrastructure (PKI). How did you enter this field?
Dmytro Matviiv: I’ve been in cybersecurity for 15 years, even pursuing a PhD in information security at a state level. Before crypto, I worked on end-to-end encryption and GDPR compliance. In 2020, I realized there was a massive security gap in the crypto space because many teams cared more about launching tokens and investments than protecting their users. I joined HackenProof to help those projects protect themselves.
Audits vs. Bug Bounties: Why You Need Both
Danylo: Can you explain the difference between a standard security audit and a Bug Bounty program?
Dmytro Matviiv: An audit is typically a 2-to-4-week review of code by a specific team that provides a final report. A Bug Bounty program has no timeline; it is continuous and available 24/7 for researchers worldwide to submit reports. While an audit team reviews everything from scratch, Bug Bounty hunters focus on their specific areas of expertise, such as gas optimization or business logic, where they are most likely to find a flaw.
Danylo: How large is the community involved in these programs?
Dmytro Matviiv: HackenProof has a global community of over 70,000 registered white-hat hackers. We also have a dedicated "triage team" of 10 security engineers who validate incoming reports to ensure they are legitimate before passing them to the projects.
The Cost of Insecurity: Rewards and Vulnerability Stats
Danylo: How much do projects actually pay for these findings?
Dmytro Matviiv: It depends on the potential losses. Smaller projects might pay $5k to $50k, but major foundations like Near or Sui pay millions. For example, Near has paid out over 3 million through our platform. And one more fact, in January, a single researcher earned 1 million for finding a critical issue.
Anatomy of a Hack: From Smart Contracts to Zoom Calls
Danylo: How do these hacks actually happen?
Dmytro Matviiv: There are several main vectors:
- Smart Contract Bugs: Logic errors that allow attackers to drain funds.
- Private Key Compromise: Attackers gain access to the keys controlling the treasury.
- Bridge Vulnerabilities: Cross-chain bridges are complex and hold huge amounts of capital, making them prime targets.
- Phishing and Social Engineering: This is very common.
Dmytro Matviiv: I’ve personally been targeted six times in the last year. Hackers often compromise a trusted person's Telegram and invite you to a Zoom or Google Meet call. The red flag is often the absence of a link in the calendar invite; they send a malicious link just before the call to try and gain access to your system.
The Role of AI: A Double-Edged Sword
Danylo: Is AI the next step in security, and does it help the attackers or the defenders more?
Dmytro Matviiv: AI learns from data sets. HackenProof uses a data set of over 60,000 vulnerability reports to train models that can now verify 100 reports in one hour — a task that used to take two people two weeks. However, attackers also use AI to learn from their mistakes and find holes faster.
Danylo: Who will win this race?
Dmytro Matviiv: Defenders are historically slower because they have to protect everything, while an attacker only needs to find one hole. The winner will be whoever builds a better AI-driven security solution and integrates it into the development cycle from day one.
Moving Toward Mass Adoption and Safety
Danylo: What needs to change so that "normal" people feel safe using crypto?
Dmytro Matviiv: Crypto is currently designed for engineers, not regular users, which is the biggest blocker for mass adoption. We need Security-First Product Design. Security should be a default feature, not a configuration added later. Additionally, there must be transparency: when a project is audited or has a Bug Bounty, that information and their adherence to response times (SLAs) should be verifiable by everyone.
Danylo: What is your personal strategy for staying safe?
Dmytro Matviiv: I use crypto daily for groceries and payments via Trustee Plus, but I follow the principle of diversification. I never keep all my funds in one place or on an exchange. My "top three" for the long term are Bitcoin, Ethereum, and Sui.
Final Advice: Ask, Verify, Diversify
Danylo: To wrap up, what are your top recommendations for our viewers?
Dmytro Matviiv: First, if you use a project, ask them about their security. If they haven't done an audit, ask when they will. Second, double-check everything; don't trust AI or automated messages blindly — verify with friends or experts if you have doubts. Finally, diversify your assets; it's the same as not buying 10 apartments in the same building — spread your risk.
Recommended Media from Dmytro Matviiv:
- Books: Tracers in the Dark by Andy Greenberg (how blockchain tracks criminals) and The Infinite Machine (the story of Ethereum).
- TV/Movies: Mr. Robot (best hacking show for technical accuracy) and the documentary Zero Days.
Danylo: Thank you, Dmytro. Crypto isn't inherently good or bad; it depends on how we use it. Ask, Verify, Diversify.
