Author: Alita Btckevin
Translation by: Sam
In the world, one should avoid showing off, and even more so, avoid forcing it. As long as you have done something, the blockchain will leave a trace.
I deeply understand that the relationship between a company and its employees is mutually beneficial; without either party, the achievements at that time could not have been realized. I did not wish to speak ill of others, but having been provoked again, I will clearly recount the story of my joining and leaving SlowMist, so that everyone can understand what kind of security company it is.
Story One: How I Met Yu Xian
I met Yu Xian in Beijing in 2014, when I accidentally encountered him at an event attended by Dao Ge (Wu Hanqing, https://developer.aliyun.com/article/741176, you can learn what a true security expert is through the links). Later, I got to know other members of the Zhidao Chuangyu security team through WeChat, where he was the Deputy Director of Security. At that time, blockchain was not as popular as it is now. I was working on a major project for a subsidiary of a listed company in Beijing, collaborating with the Chief Hardware Scientist of the parent company, while also researching BTC mining as the Chief Hardware Scientist from Tsinghua University. It was during this time that I came into contact with BTC mining and people trading unknown altcoins in QQ groups (who are now big names).
Story Two: Why I Joined SlowMist
Later, I left Beijing and returned to Shenzhen. Due to some exchanges in the security circle, I ended up attending a small security technology sharing salon organized by Yu Xian during the Dragon Boat Festival in Xiamen. After getting to know him better, we occasionally communicated privately. At that time, I had some research on traditional security, but being from a development background, my curiosity led me to want to understand what true hacker experts (or security companies) were like. I felt like I was standing at the door of the security industry, curious about the dark unknown inside, wanting to push the door open and explore.
I remember it was around 2018 when Yu Xian left his company, Zhidao Chuangyu, where he had worked for ten years from internship to departure, and established a small security studio in Xiamen. I learned about this when I attended the security salon in Xiamen. Suddenly, one day in the group, someone suggested we start a blockchain security company. Wanting to transition from the Internet Web2 to the blockchain field, I excitedly left my comfortable job in Shenzhen and went to Xiamen. At that time, SlowMist had just been established, and the office was still in the space left by the previous company, which had not yet been renovated. I remember the previous company was involved in land quality testing, as the desks and office signs were still there.
Story Three: My Experience at SlowMist
(1) I can say that I was the first official employee of SlowMist (if Yu Xian's wife insists that she is the first employee because she ran around registering the company, then I can be considered the second). Thus, I joined SlowMist Technology and became the first official employee in the office. A week later, Qi Fu left Wangsu Technology to join SlowMist. At that time, our office shared space with another company, Yuelingyi (the security studio Yu Xian registered in Xiamen), and there were only four or five of us in the office during the first year.
(2) I admit that as a senior Java development engineer, my understanding of smart contracts was almost zero. Of course, at that time, everyone was at a zero foundation because Ethereum's smart contracts had just been launched. During my time at SlowMist, I learned a lot about blockchain and experienced many scenarios of exchanges being hacked. However, all of this was based on my personal efforts and the drive of the business, which allowed me to learn and absorb quickly (basically, I slept four hours a day researching different vulnerabilities and attacks while also being online 24 hours to assist security consulting clients and send out the latest vulnerability alerts). We were looking at https://github.com/OpenZeppelin/openzeppelin-contracts for best practices in smart contract security while auditing clients' ERC20 Tokens. I remember our first client was a local enterprise in Xiamen, and the first smart contract audit report was something I produced after three days of hard work (which could be considered the first smart contract audit report in the country; the report template is still being used with some minor modifications). Later, this first client was also caught years later for doing a very popular DeFi project, but of course, their arrest was not caused by SlowMist, as they had done too many projects and exchanges that exploited investors.
(3) My first public appearance was when SlowMist discovered the Ethereum Valentine's Day theft vulnerability (https://x.com/SlowMist_Team/status/1012525355922419712). At that time, many people online reported that their coins in their nodes were inexplicably transferred away, and some came to inquire about the reason. Due to Yu Xian's background in PR, he arranged for the team to create a special interview page, marking SlowMist's first public marketing effort. The effect was undoubtedly good, as being a veteran in traditional security, he still had some connections and influence. Thus, SlowMist appeared in front of everyone.
(4) Lei Jun once said, "Pigs can fly when they are on the wind." SlowMist's sudden business explosion occurred when Boss Cai's Meichain BEC was suddenly over-issued, and exchanges suddenly realized the security risks of smart contracts. At that time, exchanges like Huobi, Binance, and OKEx all came to request audits of all the Token contract codes they had listed. This led to an industry standard that project parties must undergo security company audits and provide qualified audit reports before listing tokens. We caught the wave, and from then on, the smart contract audit business exploded…
(5) In SlowMist's first year, I was responsible for the mid-year summary report. After compiling the list of all security consulting clients and contract audit clients, I felt that the hard work of that year was worthwhile, and this achievement deserved recognition. In that first year, the four or five of us served 25 or 27 clients, with annual revenue of about 17 million. Of course, this was not solely my achievement; I merely fulfilled my responsibilities as the security lead and partner, providing the necessary technical services to help clients avoid attacks and theft.
(6) Let me talk about the highlight moment between me and Yudan. After EOS launched, many exchanges quickly integrated for traffic, but there was a fatal fake recharge vulnerability in EOS. As the best security company to cooperate with during EOS's launch, SlowMist had a good reputation in the EOS community at that time. However, the actual technical researchers did not include Yu Xian, as he did not understand specific blockchain security technologies; he was only responsible for gathering intelligence and marketing in various groups. This often led to situations where big names in the group would ask technical questions, and he would have to forward them to us for answers, which he would then relay as a spokesperson for marketing. However, the core technical personnel on EOS were Yudan and another colleague. When we discovered the fake recharge issue with Yudan, we conducted tests on the fake recharge. In the early hours of the morning, around 2:00 AM, we found that a well-known exchange had this fake recharge vulnerability. As a professional security practitioner, Yudan and I were tested; we urgently contacted the exchange's owner and technical team. We tested the recharge amount, which was already in the billions of dollars. If our integrity and ethics had failed that night, we could have easily achieved financial freedom (or ended up in jail). As for why Yu Xian spoke ill of me after I left, telling my investors that I was just a kid who didn't understand technology, and even told my CTO that I had character issues, which my CTO showed me in a screenshot, I do not understand. I even find it hard to believe that his integrity and moral standards could be so low.
(7) The recent incident of a Venus whale being phished occurred after Yu Xian's public marketing failed. As a former employee, Yudan merely spoke a few truths, saying he threatened others, and the entire SlowMist company became agitated, publicly attacking a technically capable individual on Twitter and in social circles. If a company can only survive through marketing, then it is not far from collapse.
Does this mean that as long as you criticize SlowMist, the consequence is that I will no longer consider using legal means to protect my and the company's rights? No matter where you are or what business you do in the future, we will always remember what you have done and hold a grudge.
I believe that if SlowMist threatens the community in this way, making others afraid to criticize you or speak ill of you, that is impossible. As a former victim, I will not allow bullying to happen to me or to the brothers I once fought alongside.
Story Four: Why I Left SlowMist
Many people have asked me why I left SlowMist at its peak. I either downplay it or, with close friends, I might complain a bit.
(1) SlowMist's equity structure has four shareholders, each holding 25%, creating a deadlock.
(2) Yu Xian's wife is responsible for finance and HR in the company.
(3) Some actions of CEO Huang Bigan are unworthy of being a CEO.
(As the technical lead, every business trip was a partnership between Huang Bi and me. However, since he didn't understand technology, I was always the one communicating with clients, making him feel somewhat redundant and unable to contribute. This led to Huang Bi breaking down emotionally during a company meeting, crying and scattering the decorations on the table, accusing me of stealing his thunder and insisting that I accompany clients for drinks. In the first year's annual meeting, I ended up drinking too much and fainted in the bathroom, requiring emergency services to take me to the ICU for a night, with only a close friend staying behind to look after me. Consequently, within half a month of being discharged, I couldn't even remember my computer password, which resulted in spinal injuries and memory loss. Such a company is no different from a ruthless machine that exploits employees with a 996 work culture, showing no compassion towards them.)
(4) Of course, there was also disappointment and a feeling of being underpaid.
(When I first joined SlowMist, I was told that we were all brothers starting a business together, so the salary would be lowered a bit. As someone who moved from Shenzhen to Xiamen, I had to lower my salary expectations to a monthly salary of 15,000 to 20,000. At that time, it felt like low pay for a lot of work far from home, but I accepted it voluntarily, which is understandable. It was a mutual agreement, but at that time, I was responsible for 25 projects in a year, generating 17 million in revenue, and the year-end bonus was only two months' salary, 40,000. Looking back, I felt that this kind of company could only share hardships, not joys, so I decided to let it go; the boss's vision was too narrow.)
Story Five: The Final Departure is [Different Paths Do Not Conspire]
After experiencing various unfair and disheartening events, what I found most unacceptable was the hypocrisy of the company and its people. Shortly after the launch of EOS, a project called EOS Werewolf was released, which was initiated by SlowMist's shareholders and internal members. However, the person who worked on this project ended up taking the blame. I want to clear their name here; they are innocent because the ones who profited the most were actually the people from SlowMist (if you're interested, you can check https://zhuanlan.zhihu.com/p/40861640).
This is the EOS account of SlowMist Technology's CEO, aby. If you're interested, you can research it yourself to see the actions taken at that time.
Of course, the next day, aby gave me a wallet containing 500 EOS, which I accepted. If proof is needed, it can be provided.
SlowMist Technology was also the auditing company for the EOS Werewolf project, and the disparity in character and ethics is evident.
If you act like a prostitute, don't set up a monument. This time, the industry needs to know more of the truth.
Over the years, Yudan and I have been spoken ill of by them. I believe that anyone who leaves SlowMist will receive lawyer letters and public announcements from SlowMist. If you don't believe it, just wait until you leave; our experiences will be your endgame.
When I left, I kindly advised: "Gong Jin, be cautious in warfare."
Unfortunately, being stubborn and walking down a dark path, today's events are not surprising.
It's just a pity for the brothers I once fought alongside, both in work and in feelings. I want to apologize to you; it was never my intention. They wanted to eliminate us completely, and Yudan and I had to expose their ugly faces.
Goodbye, once SlowMist; this is the endgame.
I have personally destroyed the company I once created.
To conclude this article, I borrow a line from "The Three-Body Problem": Weakness and ignorance are not obstacles to survival; arrogance is!!!
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
