Beosin is a global blockchain security company. It offers a variety of security services and products for the Web3 blockchain ecosystem, aiming to enhance the safety and reliability of blockchain technologies.^[1][2]

Overview

Beosin, established in 2018 by Xia Yang and Wensheng Guo, is a global blockchain security firm. Co-founded by professors from esteemed universities, the company includes over 180 security experts, with more than 40 holding PhDs. Based in Singapore, Hong Kong, Japan, and other regions, Beosin aims to enhance the security of the blockchain ecosystem through a range of services.

Beosin offers smart contract audits, on-chain risk monitoring, KYT AML, and crypto tracing. The company has assessed over 3,000 smart contracts, including notable projects like PancakeSwap and Ankr. Their KYT AML services assist over 100 institutions, such as Hashkey and Cobo, in maintaining compliance and security within the blockchain sector.^{[1][2][3][4][5]}

Products

KYT

Beosin KYT (Know Your Transaction) aims to provide real-time monitoring of blockchain transactions to support compliance with AML (Anti-Money Laundering) and CFT (Countering the Financing of Terrorism) regulations. It identifies and alerts clients about transactions and addresses posing potential risks, aligning with Virtual Asset Service Providers (VASPs) regulatory policies.

Through Blockchain Security Incident Analysis and AI technology, Beosin maintains a Malicious Address Library encompassing security threats such as attacks, dark web activities, and fraud. The platform continuously updates and monitors OFAC, EU, and UK sanctions lists to ensure data accuracy. It conducts quantitative risk assessments on transactions and addresses to enhance transparency and empower informed decision-making.

Beosin's address monitoring includes an abnormal transaction behavior engine, designed to provide ongoing surveillance and mitigate the risk of asset loss and reputational harm. The platform aims to support clients in meeting regulatory requirements (AML, CFT), enabling secure interactions with blockchain protocols, and minimizing risks for VASPs.^[4][6]

Verification as a Service (VaaS)

Beosin's Verification as a Service (VaaS) employs automatic smart contract verification based on formal methods to detect vulnerabilities and business logic issues. Its goal is to identify both known and unknown security risks upon contract upload, providing suggestions for remediation. VaaS supports customized configurations for various blockchains and verifies properties between contracts.

It generates detailed vulnerability reports, offering recommendations for modifications. Beosin has extensive experience in formal verification technology, contributing to advancements in blockchain security auditing. VaaS supports ETH, BSC, MATIC, AAVE, ONT, and EOS, and simplifies formal specifications directly within contract languages.^[4][7]

Smart Contract Audit

Beosin conducts Smart Contract Audit services for a wide array of blockchain projects globally, having reviewed over 3000 contracts. Utilizing formal verification technology, Beosin aims to ensure the security and operational integrity of smart contracts across multiple blockchain platforms. Audits focus on identifying traditional vulnerabilities and verifying business logic correctness to align code with intended functionalities.

Areas of audit include Asset Security, Business Logic, Backdoors, Flash Loans, Arbitrage Attacks, Reentrancy, and Code Standards. Beosin performs thorough Source Code Inspections to detect potential risks.

Audit reports present detailed findings categorized by severity levels (Critical, High, Medium, Low, and Informational) along with recommendations for addressing identified issues. Visual representations such as charts provide additional insights into the audit results.^[4][8]

Blockchain Security Audit

Beosin conducts comprehensive Blockchain Security Audits using multi-dimensional approaches to enhance blockchain security. Their audits encompass node communication, storage, consensus mechanisms, and authority management. Beosin offers three audit types: Black Box, Gray Box, and White Box testing.

These audits aim to address Language Coding Security, Block Production and Governance, Accounts System Security, Assets Security, and Application Layer Security. The audit options include White Box Testing, Grey Box Testing, and Black Box Testing to ensure robust security across blockchain platforms.^[4][9]

Cryptocurrency Tracing

Beosin's Cryptocurrency Tracing service investigates incidents involving stolen, blackmailed, or transferred cryptocurrencies, including those through platforms like Tornado Cash. It aims to prevent fraud and aid in cryptocurrency theft investigations.

Key features include AML Risk Assessment, Transaction Analysis, Crypto Address Monitoring, Real-time Intelligence Notification, and Forensics Reports for law enforcement. AML Risk Assessment evaluates wallet address risks for compliance. Crypto Address Monitoring tracks suspicious addresses in real-time.

Transaction Analysis uses Big Data and AI to trace stolen funds, especially through mixers like Tornado Cash. Real-time alerts notify stakeholders of stolen funds deposited into exchange addresses. Forensics Reports provide detailed insights into crypto transactions, aiding in identifying suspicious activities and supporting investigations.^[4][10]

BeosinAPI

The BeosinAPI functions as a Web3 security and data analytics platform designed to support various stakeholders including VASPs, VCs, and project teams. Its capabilities aim to assess risks associated with deposits and withdrawals, ensuring funds are free from illegal activities. It also provides evaluations of EOA addresses to understand potential risks related to entity identities.

Additionally, the platform conducts comprehensive evaluations of token risks, covering aspects such as contract code security and entity identity verification. Users can utilize the API to query information about suspicious addresses and entities, including those associated with malicious activities or commercial blacklists, facilitating adherence to regulatory guidelines such as travel rules.^[4][11]