WhaleFin Beneath the Surface: Interview with our Head of Blockchain Security Chiachih Wu

5 min readNov 2, 2022

Every two weeks, tune in to listen to the experts that make up our company.

Since 2017, Amber Group has been working hard to provide high-quality services to our clients, from small to expert investors, and ensure security, transparency, and profitability through our digital asset platform WhaleFin.

The secret? Experts, professionals, and veterans of the blockchain industry as well as of the traditional financial sector that can delve into the cogs of a promising yet complex technology that is reshaping our present, i.e., distributed ledger technology, while also understanding how to plug it into the existing financial structure.

This interview is a bite-sized deep-dive into our security efforts, expounded upon by none other than our Head of Blockchain Security, Dr. Chiachih Wu (@chiachih_wu on Twitter).

As the head of the team, Chiachih boasts extensive experience in the cybersecurity sector, covering certifications and training spanning Computational Applied Logic, Computer and Network Security, and Design and Analysis of Algorithms, among others.

Follow us on Twitter @whalefinapp to stay abreast of our updates, and the upcoming WhaleFin Beneath the Surface videos.

Amber Group’s security team ranked 6 out of 445 at the Paradigm CTF Hacking competition, the world cup of Web3 security. What does it consist of? 03:45–05:59

Paradigm CTF is one of the most challenging Web3-focused security competitions — amazing for blockchain security folks, this competition consists of challenges created by some of the brightest minds in the field. The blockchain security team at Amber Group, led by Chiachih, participated as team Amber_Labs and ranked #6 from a total of 445 teams.

Read more about the competition here.

Are security hacks a long-term issue for crypto security? 06:00–07:14

The industry will evolve, and improve. What we are experiencing is the beginnings of the blockchain and Web3 industry, and as such, devs should hire security experts, but there is also strong development going on with automated tools to ensure and implement security protocols.

Are cross-chain bridges one of the weakest points for blockchain security? Is it harming the multi-chain narrative? 07:15–08:30

Bridges are indeed a weak point because they need to process info from multiple chains, and that opening presents a vulnerability that at times can be more easily breached by hackers and exploiters. Nonetheless, our knowledge of security and defending these vulnerabilities is also improving, thus empowering us with more tools to prevent and foresee exploits, and insulate from the consequences.

Take the Wintermute hack, for example.

You can read more about it, and how we reproduced it, here.

What are the red flags to look for to evaluate new projects from a security standpoint? 08:40–09:57

Reading the project’s whitepaper, reviewing the protocol’s public posts, social media and github, learning more about the team and the experience and career trajectory of the founder(s) should all be factored in when assessing the value of a new project.

Should I use a custodian or self-custody? What is the difference? 09:58–11:21

The average person may benefit from using a custodian due to the complexity of current tools that exist to interact with crypto. For those that choose to self-custody, it’s very important to understand all security best practices, back up everything, use a “cold” hardware wallet, and secure the device that you use.

Watch our video to better understand the difference and the implications of using hot vs. cold wallets.

How does WhaleFin secure the assets of its users? 11:22–12:32

At Amber and WhaleFin we use MPC and HSM solutions to prevent single-points of failure with professional security teams to deploy those systems with certificates such as SOC II, ISO 2701 and others. Additionally, we have solid contingency plans in place for anything unexpected. Security and our track record is one of our core value propositions as a company and as a service provider.

Curious to learn more?

Watch the interview and subscribe to our YouTube channel to receive notifications on our latest uploads!

WhaleFin, powered by Amber Group, is an all-in-one digital asset platform designed to empower you to diversify, manage, and grow your wealth digitally in a secure manner. On WhaleFin, you can buy, sell, trade, and invest in crypto with ease.

Download the app here.

Amber Group is a leading digital asset platform operating globally with a presence in Asia, Europe, and the Americas. We provide a full range of digital asset services spanning investing, financing, trading, and spending, backed by some of the best investors across the world such as Sequoia Capital, Temasek, and Tiger Global Management.

For more on WhaleFin’s announcements and news, please follow us on social media.


For support and assistance, please contact us at service@whalefin.com

This material is strictly for information purposes only, and does not constitute or shall not be considered as, an offer, solicitation, or recommendation, to deal in any products. The information provided is not intended to provide a sufficient basis on which to make an investment decision. It is intended only to provide observations and views of certain personnel and has not been reviewed by any regulators elsewhere, which may be different from, or inconsistent with, the observations and views of Amber Group.

Amber Group assumes no obligation to update or otherwise revise this material, Amber Group does not represent or warrant its accuracy or completeness and is not responsible for losses or damages arising out of errors, omissions or changes or from the use of information presented in this material. Contents in any third-party sources (if any) in this material are completely beyond the control of Amber Group. As such, Amber Group shall not be held responsible for the accuracy, completeness and legality of the contents of such third-party contents. Any reference to third-party contents does not imply an endorsement, representation or warranty by Amber Group. No liability will be accepted for any loss or damage arising from or in reliance upon the contents of this material or these independent third-party contents provided here.

This material is not directed to or intended for distribution to or use by, any person or entity who is a citizen or resident of or located in any locality, state, country or other jurisdiction where such distribution, publication, availability or use would be contrary to law or regulation or which would subject Amber Group to any registration or licensing requirement within such jurisdiction.

This material does not purport to contain all of the information that an interested party may desire and, in fact, provides only a limited view. Any headings are for the convenience of reference only and shall not be deemed to modify or influence the interpretation of the information contained.

All rights reserved. This material is not to be reproduced, in whole or part, without the written consent of Amber Group