Hacken Team had an exciting Q&A session with WEMIX, a Korean-based GameFi company that has partnered with us to secure its expanding DeFi operations.
Hacken Representative: I would like to know more about your company — history, mission, vision, and so on.
Ian: So I’ll do a basic introduction first. Wemade, our parent entity, started out as a traditional online game development & publishing company back in 2000.
Over the years, we’ve built quite a reputation with some of our games garnering massive online popularity and attention. One of our flagship game series – Legend Of Mir, was a huge hit in Asia and China. At the peak of its popularity, Legend of Mir was the most popular MMORPG in China and had over a hundred million players.
As time progressed, Wemade got listed on the Korean Stock Exchange, solidifying our foothold within the online gaming industry.
Fast forward to 2018, Wemade launched ‘WEMIX’, a subsidiary of Wemade and entity behind ‘WEMIX Ecosystem’. WEMIX was created to push the boundaries of game development by exploring blockchain gaming. This is what we now know as ‘GameFi’.
WEMIX started its R&D with blockchain technology and explored different use cases on how best we can incorporate traditional gaming elements within a blockchain infrastructure and a play & earn mechanism behind it. It wasn’t until 2021 where we had a breakthrough and was ready to launch our first game MIR4 on the blockchain.
MIR 4 is a sequel to the Legend of MIR 3, but we repackaged it and released it in a play & earn version.
Needless to say, we launched MIR 4 at the right place and the right time — where the play2earn narrative was peaking in popularity. It was a huge success! At one point of time, the game was so well received that for a couple of months, we had more concurrent players than Axie Infinity. For illustration purposes, at the peak of MIR 4 popularity, the game grossed around 1.4 million concurrent players.
With this success came a lot of interest from our executives. They essentially decided to explore different use cases within the subsectors of the blockchain industry. This is the primary reason why we decided to dive into the DeFi sector. One of the first services that WEMIX released was a leveraged yield farming service on the Klaytn blockchain, known as the Kleva protocol. I can let Jason take over from here.
Jason: After the launch of Kleva protocol, we had a lot of attention because we are a listed company and no publicly traded company was trying to open a DeFi service in Korea.
This didn’t faze our executives. Instead, they believed in the technology so much they decided to double down on developments within the DeFi space.
Right now, we are preparing to launch two more DeFi services. While I cannot share much in details at the moment, we are planning on launching them by the end of this year.
With multiple DeFi services in our pipeline, we needed a reputable smart contract audit company to aid us in our development and make sure our services run smoothly. This is the main reason we’ve partnered with ‘Hacken’.
Hacken Representative: Would you please explain how you see the difference between the Asian and Western markets?
But for now, most of our customers are based in Korea. One lesson we learned is that Korean blockchain native users mainly stick to Web3 companies originating from Korea. Most of the time, they only use Korean-made blockchains and Korean-made DeFi services. Primarily because of the language barrier. Secondly, the services, for example, chains like Ethereum and BNB, are a bit more sophisticated and challenging from a user perspective. So I think that’s why for now Korean blockchain enthusiasts rather use Korean made products/services. This will definitely change in the future. That’s how I see it.
Ian: As Jason said, from a cultural adoption standpoint, the Korean crypto users are very much used to Korean-based services. That’s why one of the goals of WEMIX is to expand our services in public chains thus ushering a wave of Korean native users to become more involved with other blockchains and protocols.
By introducing WEMIX’s DeFi services to Korean users, when we expand our services multi-chain, Korean users are more comfortable to tag along because this allows them to first interact with what they’re comfortable with and they will have the opportunity of slowly becoming more comfortable with other use cases within DeFi. This makes the most sense for Korean users as well as in ease of adoption for our services.
That’s one of our goals in terms of mass adoption because Korea is a country that speaks a language no other country uses. There are a lot of barriers to entry in terms of adoption for other kinds of blockchains and services.
It’s a challenge for them to use other services. Most communities within web3 use English as their main mode of communication, right? White papers and documentations are usually published in English.
For many of these native Korean users, English is sometimes the second or third language. This presents a challenge to them. Hence, WEMIX aims to use our brand name to open their eyes and introduce them to real use cases of blockchain technology. As a Korean based company, we help them feel a little bit more comfortable and feel a little bit more at home while at the same time giving them an opportunity to explore this revolutionary technology.
Hacken Representative: Okay, I see. Thank you. What about government regulations? It’s interesting because I know that in the US, regulations regarding the exchanges are pretty strict. But for other segments, and I wouldn’t say they are unbending, it’s not hard to launch new projects. What about Korea or Asia in general?
Jason: At this point in time, there are still a lot of gray areas when it comes to regulations within the crypto markets. This of course presents a lot of opportunities, but at the same time a lot of risks. While there are no laws restricting companies from building DeFi services, there is a potential risk that in the future there’s going to be strict laws implemented within the DeFi space.
What WEMIX is trying to solve is ‘what are the ways to essentially legitimize this experience and to create a safe structure for investors in this environment?’ – With the understanding that going into the industry is super scary.
We see in the headlines every single day that we have all kinds of exploits, rug pulls, hacks, and scams worth a couple hundred million dollars. This is a massive barrier to entry for a lot of retail users who just want to experience blockchain technology but at the same time don’t want to get hurt.
One of our main goals is to create a safe structure for our users and become an industry leader. We want to lead by example. Thus, we take security to the utmost seriousness and importance. That’s why one of our many rules for DeFi protocols within WEMIX is to run an audit with a specialized 3rd party company every time the code gets edited. No matter how minor the change, it’s our mandate.
As stated above, in the future, regulation needs to happen one way or another. It will be easier for us as a company to move forward because we are playing by the rules right from the beginning. We also try not to venture into gray areas whereby it might be deemed illegal.
My main driving point is: ‘We take security and regulations very seriously.’
Hacken Representative: Regarding Web3 in general, I would like to hear your thoughts about the crypto winter.
Jason: The main cause of the crypto winter is that many players, including institutional investors, used too much leverage irresponsibly. It’s ok if they only use capital off their balance sheet, but many more often than not, these firms also irresponsibly mess around with investors’ money. Pair this with the bleak macroeconomic environment, we are experiencing a full-on crypto winter.
After the terra incident, people started to understand how risky and unregulated the crypto space is.
What we’re experiencing now, I don’t feel like terming this as ‘crypto winter’. Rather, I feel like it’s a process where the bubble is breaking and the blockchain space is going through a process of maturity.
At the end of the day, this process is a purification process between people who use this technology to fulfill their greed and the people who truly believe in this technology. Once we’re past this stage, blockchain technology and the industry will have real intrinsic value.
Jason: We’re sending all the bad actors in the market away, implementing ethical regulations, this I feel, is the right way for crypto to head towards mass adoption.
Ian: It’s time to build, right? These pump and dump schemes and cash grab projects need to go. We are filtering these scam projects out. Also, because there’s not much liquidity being injected during crypto winter, the big legitimate protocols are the only ones that can continually innovate and operate. Again, we’re here today. This is an evolutionary process, and I believe WEMIX is here to stay.
Hacken Representative: I would like to hear the most recent and most important cases in cybersecurity. I would like to hear what it was, what happened, and why you started to think about cybersecurity.
Jason: When building a DeFi service, our team learned that no matter how much we try to avoid mistakes, it is way too complicated for us to thoroughly manage all the risks that could happen. And it is not always about hacking & exploits. One other example is that maybe the code doesn’t run the way it should.
For us, it’s crucial not to make mistakes. As much as possible, we try to avoid making mistakes but there is only so much we can foresee. That is why it is essential to engage the help of a professional partner that can help us see what we didn’t and guide us through what might go wrong.
A single line of code might lead to an exploit. That’s the reason why we consider cybersecurity very important.
To add on, when operating Kleva, we noticed that even though we have gone through multiple professional audits, there are always slight errors and loopholes. So I don’t think it’s possible to avoid every mistake. But it is definitely necessary to get professional audits services and employ a professional 3rd person perspective on our code to potentially spot shortfalls that our team didn’t happen to see.
Also, on the business side, these kinds of mistakes would be considered very lethal because we are a listed company. If we make a mistake, it tends to not go well for us. There is a lot of bad media. They exaggerate a lot and most of the time they don’t understand what they’re talking about. As long as it can grab the attention of the public, they exaggerate these news.
We want to control the media’s negative portrayal of WEMIX and give them as little a reason to paint a bad light on our company.
Hacken Representative: I see that you care about these reputational damages, not just financial. How do you evaluate the value of risk regarding cybersecurity in your case?
Ian: Cybersecurity is vital for our reputation. We want to create a safe environment for investors to be exposed to this new technology. That’s why we don’t try to skimp on costs when it comes to cybersecurity because DeFi users trust us with a large portion of their net worth when they interact with our protocols.
Everything in the cybersecurity sense, must be taken care of to the utmost of our abilities.
When someone invests money into your protocol, they expect you to uphold it and trust you with the safety of their funds. We cannot betray that trust. This is our number one priority. That’s why we mentioned just now that for every code change in our smart contracts we must undergo a full audit from a credible partner, even if it is a minor change.
We wanted to entrust and outsource this responsibility to a company like Hacken to bring in a fresh perspective. After all, you guys specialize in crypto audit and cybersecurity services. If we were to do our audits internally, this perspective could sometimes be clouded, especially when we are focusing on developing our project. If we don’t engage with an external company for auditing and stuff like that, there’ll most certainly be shortfalls.
No doubt, we can do audits ourselves, but sometimes details are overlooked and it’s always good to get a fresh perspective from an expert like Hacken. That’s where we stand with cybersecurity.
Hacken Representative: Trust is the main currency in what we do. It’s numeric, it’s going to be zero or one trust. What are the next steps after you get the audit report?
Jason: So after we get the audit report, we go through the risks that the auditor highlighted for us. We analyze these risks and the likelihood of it happening.
Then, we improve our code accordingly and get it re-audited. The most important part of getting an audit is, of course, the opinion of professional auditor companies about how the code was made and whether it is okay. If the code is not okay, we need feedback and want to fix those loopholes that can turn into a potentially very big risk. We also want the community to know that we have been audited by a prestigious audit company like Hacken. So those three are the main things we are thinking of when we get an audit.
Hacken Representative: Beginners realize they need audits or other cybersecurity services but don’t know who to trust. How to define the right pool of companies to work with?
Jason: I think you should always go for quality over price. Some prestigious companies can be expensive, but nothing is as expensive as losing your reputation after your protocol gets exploited. After all, if a protocol gets exploited, you will spend even more money repaying your investors and on service recovery.
My opinion is : ‘spare no expense when it comes to engaging a professional auditor and just get it done right’. Nothing is as expensive as losing trust. You don’t want to get exploited and lose the most valuable intangible asset a company can have.
Ian: You can go through the auditors’ GitHub reports and take a look at the past projects that they’ve audited. Take a look at how many vulnerabilities had been exploited after an audit from an auditor. The best in the industry don’t come cheap. And that’s why we always prioritize the quality of the auditing company over its price. That’s our main driver.
Hacken Representative: I don’t have more questions. It was exciting. Guys, it’s a pleasure for me to hear your thoughts. Thank you. Let’s give some advice for future entrepreneurs in crypto. For someone just thinking, ‘Should I start a new project now or wait?’
Jason: For crypto entrepreneurs, I would say it is the best time to build their projects right now. Learn from the mistakes of others. If you’re not working in this space, it’s the best time to dive deep and start making services.
Ian: Yep! I’m going to end off with a cheesy quote. ‘The best time to start was yesterday. The next best time to start is now.’
Subscribe to our newsletter
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.