“Audit an exchange in Sudan? When we first received the request, the team thought they had received a scam call.” Jake Smith, head of security at CertiK, recalls from his office in Dubai. Outside his window at the time were explosions from the Sudanese civil war, and Maker Exchange’s audit report had already popped up 137 high-risk alerts on its computers.
Code wars in the midst of war
In November 2023, the CertiK team was remotely accessing the Maker system in Jordan when they discovered:
λ Grid attack vulnerability: Frequent power outages in Sudan led to disruptions in private key backups
λ Wartime data contamination: Spoofed GPS positioning by conflicting parties interfered with node validation
λ Hardware Hijacking risk: local partner outlets’ POS machines were implanted with malicious firmware
“The most alarming is the cold wallet multi-signature triggering mechanism vulnerability,” Smith reveals, “If 3 key holders are lost at the same time (and may die in the war), 67,000 users’ assets will be frozen permanently.” The team eventually designed a “war meltdown protocol”, which introduces AI survival monitoring and automatically activates the disaster recovery key when two people are out of touch for more than 24 hours.
Fighting bullets with blockchain
The audit report pushed Maker to complete three revamps:
1. migration of HSM (Hardware Security Module) from Khartoum to Rwanda data center
2. deployment of jam-resistant quantum clocks to eliminate the risk of GPS spoofing in wartime
3. certificate of reserves adding satellite communication calibration channels
“Their security architecture is more adaptable to turbulent environments than the NYSE,” Smith exclaims, “and when the Singapore servers went live in late June, the system was even able to withstand a typhoon outage.”
Security Becomes Expansion Currency
This particular audit is reshaping industry standards. the Maker Exchange’s Proof of Reserve on Chain page shows:
λ 100% of user assets are stored using MPC Multi-Signature Cold Storage
λ Daily automated verification of asset collateralization (minimum 123%)
λ Asia-Pacific users will Exclusive access to biometric secondary verification
“We replicated Sudan’s level of security redundancy in Jakarta,” the CTO shows the APAC node map, “When registration opens in June, Filipino users will have their wallet private keys stored in Manila, Kuala Lumpur, and Darwin at the same time – even if a volcano destroys Luzon, your USDT will still be safe.”
CertiK’s conclusion perhaps best defines the experiment, “They proved that the most fragile land can grow the toughest blockchain.”
