Event

Introducing MATZIP - SOOHO.IO's First Security Seminar

Sep 29, 2022

Author: Seney | Brand Communicator

A few days ago, the security research team 'MATZIP' at Sooho.io had its first meeting. Sooho held a blockchain security seminar last August and recruited MATZIP team members to improve their technical skills through collaborative research. Today, I would like to introduce the story from the seminar to the birth of MATZIP!



Why Sooho's first official seminar?


Audit (penetration testing) is a project that has been ongoing since the release of the first report in 2018, forming the basis of Sooho. There was a wish to spread the word about Audit and Sooho and to encourage interested people to get closer to us.


Sooho plans to operate a red team specializing in offensive research, going beyond just audits. However, since blockchain security is not a well-known field, gathering personnel was not easy. Therefore, we thought there was a need for opportunities to inform security professionals or web3 developers who want to enter the blockchain space about blockchain security and spark their interest.



Bug Hunting Smart Contract for Fun&Profit


The seminar TF team formed to define who the target audience was and listed potential groups to focus on for promoting the seminar. We also thoughtfully considered seminar topics that would match the target audience's level and pique their interest. Our target audience was those who have an understanding of either 'blockchain' or 'security', but seek to learn more about 'blockchain security', so we planned a seminar that could explore topics from basic to advanced over three sessions.

  • SESSION 01 : Introduction to Web3 and Smart Contract

  • SESSION 02 : Common Vulnerabilities and Case Study

  • SESSION 03 : How to find real-world bugs?



Next, we worked with brand designer Juju to plan the poster design and copywriting. Drawing inspiration from the keyword 'Bug Hunting,' we decided on a concept of wanted posters for vulnerabilities and used the maximum bug bounty reward (a whopping ten million dollars…!) as a hook. We posted the fantastic poster and promotional copy Juju created across various channels like SNS, open KakaoTalk rooms, and meetup platforms, and sent out cold emails. Given how small the industry is, it seemed that word of mouth spread quickly after promotions began!



Sudden emergency meeting?


Since this was the first seminar hosted by Sooho, we initially thought we would start with a small gathering of about 10 people. However, as the number of applicants exceeded the café's capacity, a sudden emergency meeting was convened. (We were flustered but a bit excited too! 🤣) Instead of cutting off applicants on a first-come-first-served basis, we decided to conduct the seminar online simultaneously to accommodate as many people as possible. Consequently, we carried out an online/offline re-survey for all applicants and quickly prepared for a webinar recording.


As a result, we were very surprised that more than about 170 people showed great interest in Speaker Jasper and the seminar topic. The future of blockchain security looks bright… 😲





After everything is ready


While the seminar TF team prepared everything except the content, our speaker Jasper stayed up for several nights creating the most crucial seminar materials 😢. From pre-reading materials to GitHub code and videos for demonstrations…! I believe the high satisfaction rate of this seminar participants was mainly due to Jasper's thorough preparation. Those interested in the seminar materials can check them out at this link!



On the day of the seminar, my heart was racing. With a trembling heart, I sent out guidance messages to participants and began setting up the equipment. The webinar equipment was quite extensive and complex, and I'm sure that if Cha Cha, who is usually knowledgeable about equipment, had not been there, an accident would have surely occurred. 🤯 "Why isn't this necessary equipment here?" "If this doesn't work, we can't broadcast." One hour before the seminar started, Cha Cha calmly resolved the myriad of problems that arose. Thanks to that, we were able to successfully finish the seminar without any incidents.


Moreover, many Sooho members volunteered to help prepare beverages for the participants. 😭🙏 Jasper continued to explain smoothly without any interruptions, and he truly was a presentation genius.



We also provided special rewards for seminar participants, including Sooho merchandise and NFT tokens with benefits for café usage! We utilized POAP (Proof of Attendance Protocol), which only seminar participants could receive. Those who hold this NFT can enjoy benefits such as unlimited 1+1 drinks and a free meeting room rental (1 hour) at the Sooho café until the end of this year.


After successfully completing the first session, we took some time to reflect on the next session. We shared feedback on areas where we felt we could improve and received helpful suggestions from various participants as well.

  • Display guidance messages from entry to attendance checks, receiving goods and drinks, and seating.

  • Take a break during the presentation for a Q&A session.

  • Highlight the parts being explained during the source code review (e.g., red pen).

  • The introduction to Sooho should be given by our representative Jitgu!

  • Rent an additional large screen.


We improved these disappointing aspects and applied them to the next session. As a result, we were pleased to receive feedback stating, "It was much smoother than the first session!"




Thankful feedback 😭🔥 Here are just a few of the messages we received.



After the seminar


As a result, about 100 people attended the seminar both online and offline, showing such enthusiasm that during each session, the dropout rate was less than 1%. In the satisfaction survey, we received a high score of 4.65/5 along with warm feedback, reinforcing that all our efforts were not in vain. It was also surprising that acquaintances of Sooho members or people we met at events were all aware of the seminar and requested to participate! It feels rewarding that Sooho's technical prowess seems to be more widely recognized.


Above all, I want to thank the TF team members who worked hard for a month—Zen, Jasper, Juju, Cha Cha, and all the Sooho members who stayed late to help with the seminar 🙏. Through this TF activity, I got to glimpse the fantastic abilities of other squad members I didn't frequently interact with.



Blockchain Security Hotspot


A total of 17 participants from the seminar showed continued interest in security research activities and ultimately joined the MATZIP team. Going forward, the MATZIP team plans to report various vulnerabilities through research and analysis on several Web3 products and enhance the security of the blockchain industry. Please stay tuned for their future endeavors! We hope to see MATZIP's name in various bug bounties and CTF competitions 🙏



Want to learn more about blockchain security? Contact Sooho.io!

👉 Contact us



SOOHO.IO Official Channels