Web3.0 Entrepreneurship Column | Interview with Boesin CEO Joe Zhou: On-chain security giant, revealing the "blood and tears history" of Web3 payment security compliance

  • Interview Overview: Boesin CEO Joe Zhou discusses Web3 security and compliance challenges, sharing his journey from Hong Kong Securities and Futures Commission to founding Boesin, a Web3 security startup.
  • Career Transition: Zhou transitioned from traditional finance to Web3 after recognizing blockchain's potential for real-time settlement and its security risks.
  • Web3 Payment Challenges: Chinese companies expanding to Southeast Asia face security hurdles like fake websites, mnemonic leaks, and scams. Zhou emphasizes the need for Web3 wallet adoption and security measures.
  • Boesin's Solutions: Offers three-layer protection: a security label library (2 billion addresses), real-time transaction monitoring, and fund tracking to combat money laundering and fraud.
  • KYT (Know Your Transaction): Critical for Web3 compliance, leveraging blockchain transparency to tag high-risk addresses and warn users of suspicious transactions.
  • Security Awareness: 95% of incidents stem from user negligence. Zhou advocates for education but acknowledges many learn only after "paying tuition" (experiencing losses).
  • Affordability: Boesin's services (e.g., KYT at $5K–6K/year) are priced lower than U.S. competitors, targeting institutions, projects, and small merchants.
  • Web3 Career Advice: Suggests aligning skills (technical, business, marketing) with Web3 roles, experimenting with wallets, and networking at events like Token2049.
  • Industry Vision: Aims to be the security backbone for Chinese Web3, leveraging cost-effective solutions to counter U.S. dominance in the space.
  • Final Insight: Urges entrepreneurs to discern trends (e.g., RWA) and find niches matching their strengths, avoiding hype-driven detours.

Key Takeaway: Web3's growth hinges on overcoming security/compliance gaps—Boesin bridges these with practical tools, but user vigilance remains paramount.

Summary

Author: Mankiw Blockchain

Opening words

Startup Web3, chat every Wednesday!

"Startup Web3.0" is an interview program for Chinese Web3.0 entrepreneurs initiated by Mankiw LLP. Every Wednesday night, we invite industry leaders, first-line institutions, well-known entrepreneurs, etc. to share their views. Through positive voices, rational discussions, and experience sharing, we help the compliance development of China's Web3.0 industry.

The Web3 wave is sweeping the world, but security and compliance have become an "invisible minefield" for entrepreneurs. How to protect assets in a decentralized world? How should Chinese companies deal with the opportunities and pitfalls of Web3 payments when going global to Southeast Asia?

In this issue of "Startup Web3.0", Manquin Law Firm's lawyer Niu Xiaojing talks with Boesin CEO Joe Zhou. From the Hong Kong Securities and Futures Commission to exchanges, and then to Web3 security startups, Joe Zhou uses his ten years of industry experience to share "blood and tears lessons" and forward-looking insights into KYT (Know Your Transaction), and presents entrepreneurs with a practical guide to Web3 security!

(The audio transcription has been processed by AI and may contain omissions and errors.)

Welcome this episode’s guest, please introduce yourself to everyone!

Joe Zhou: Thank you Mankiw for providing such a great sharing platform. Today we are talking about Web3 entrepreneurship, and I will first talk about my own experience.

I didn’t start my own business right away. After graduating from Jiaotong University, I studied for an MBA at the University of Toronto and then worked in Hong Kong, first in investment banking. Later, by chance, I joined the Hong Kong Securities and Futures Commission (SFC), responsible for supervising fund management companies and public funds. This experience allowed me to meet many bigwigs from Chinese fund companies. At that time, it was still a new thing for Chinese institutions to obtain licenses in Hong Kong. As the only mainland compatriot in the SFC, I received Chinese bigwigs from all over the world and felt the rise of Chinese institutions in the Hong Kong market.

In 2016, I joined the Hong Kong Stock Exchange as Director of Market Development, responsible for attracting mainland investors to invest in Hong Kong stocks through the Stock Connect. During this period, I met many bosses of listed companies. They often asked how to invest in Hong Kong stocks and why they plummeted, which made me realize the importance of conveying positive market information and improving supervision. In 2018, the Bitcoin craze emerged, and I began to study blockchain technology, which I found very interesting. In 2021, I joined OSL, the first licensed virtual currency exchange in Hong Kong, and then joined HashKey (the second licensed exchange) in 2022. I also briefly came into contact with the preparations for OKX.

These experiences have made me pay a lot of "tuition fees" and also strengthened my entrepreneurial ambitions. In 2022, I founded Boesin, focusing on Web3 security and compliance, helping companies and individuals enter this industry and avoid pitfalls. I hope to use Hong Kong as a springboard to help Chinese companies go global, especially under new narratives such as RWA, to seize Web3 opportunities and improve the domestic "involution" problem. I look forward to sharing my experience with you today, and welcome more questions!

Q1: From the China Securities Regulatory Commission to Web3 entrepreneurship, what was the opportunity for your career transition?

Niu Xiaojing: Mr. Zhou has had a wonderful career, from the Hong Kong Securities and Futures Commission to the exchange, and then to Web3 security entrepreneurship, spanning regulation and industry. You mentioned that you love mathematics and programming. What opportunities triggered these career choices and changes?

Joe Zhou: This is very relevant to my background. I have loved mathematics and programming since I was a child. I am a computer enthusiast and particularly interested in new technologies. After joining the Hong Kong Stock Exchange, we caught up with the Bitcoin craze in 2018 and studied Bitcoin futures and blockchain technology.

I found that blockchain can greatly improve the speed of transactions and settlement. For example, the stock trading of Hong Kong Stock Exchange is T+2 (settlement two days after the transaction), which is inefficient because it involves multiple institutions and manual operations. However, the distributed ledger technology of blockchain can achieve real-time settlement, data cannot be tampered with, and it is anonymous, which is very revolutionary.

The essence of blockchain is an Internet-based accounting technology. Records are stored in online blocks. Without banks or brokers, wallets can display all assets. Transfers are visible in real time, data cannot be tampered with, and anonymity protects privacy. These features have accelerated the development of the financial ecosystem, but they are also easily exploited by criminals. This made me determined to devote myself to Web3 and study security and compliance.

After entering the industry, I learned a lot and discovered many problems, which strengthened my belief in founding Boesin. If I hadn’t joined this industry, I would never know how to do it!

Niu Xiaojing: I also remember that when I first met BTC in 2017, I felt that it was like a “trust machine”, which was particularly shocking.

Q2: How has your experience working at well-known exchanges such as HashKey and OKX shaped your understanding of Web3?

Joe Zhou: I must state that the essence of the work of compliant exchanges is not entirely Web3, but more like a centralized platform. Anonymity has been weakened by regulation because bad guys have used the characteristics of blockchain to do too many bad things. I understand the necessity of regulation. But my experience at OKX really allowed me to enter the Web3 world. They integrated centralized exchanges and decentralized wallets into one APP, which opened my eyes to Web3.

Web3 is the third generation of the Internet. Web1.0 is read-only, Web2.0 is read-write, and Web3 is not only read-write, but also "own". Your wallet is your asset library, without the need for a centralized institution to carry it, emphasizing personal autonomy. This makes Web3 play diverse and interactive.

For example, small merchants in Southeast Asia use Web3 wallets to trade directly, without even a bank account, and are developing very rapidly. This made me realize the power of Web3, and also discovered the huge problems of security and compliance, which strengthened my determination to start Boesin and provide security for the industry.

Niu Xiaojing: From centralization to decentralization, the exchange experience has really opened up a "new world" for Web3. Security and compliance are indeed pain points in the industry.

Q3: How does Web3 payment enable Chinese companies to expand overseas? What are the security barriers?

Joe Zhou: After Trump took office, the threat of tariffs became obvious, forcing Chinese companies to go overseas. From 2016 to 2018, I met business owners in the textile, toy, and home furnishing industries at the Hong Kong Stock Exchange. They had already laid out their plans in Southeast Asia because of the low tariffs, low labor costs, large young population, and great market potential. China is facing serious "involution" and the price war of e-commerce has reached an incredible level. Going overseas is a springboard.

Many residents in remote areas of Southeast Asia do not have bank accounts. Web3 wallets have become a tool for payment and making money, and are widely used. WeChat Pay and Alipay are convenient in China, but not in Southeast Asia. Web3 payment is a rigid demand. Chinese companies going overseas must embrace Web3 wallets and build related infrastructure.

But the security hurdles are huge:

1. Fake website: I have been fooled myself. I visited a fake website to link my wallet and my assets were instantly drained. The difference between the real and fake website may be only one letter, which is difficult to distinguish.

2. Mnemonic leakage: 90% of wallet thefts are due to mnemonic theft. Hackers implant Trojans through false identities (such as fake recruitment websites), gain computer permissions, and steal mnemonics.

3. Pig-killing and Ponzi schemes: Common in Southeast Asia, they exploit the anonymity of wallets to commit fraud.

My suggestions are: first, carefully check the authenticity of the website and don’t accept random projects; second, protect the mnemonic phrase and don’t save it on your computer or mobile phone; third, use Boesin’s tools to prevent and track. These are all bloody lessons!

Niu Xiaojing: Web3 payment is an opportunity for overseas companies, but there are too many security pitfalls!

Q4: How does Boesin provide security for cross-border payments?

Joe Zhou : The biggest pain point of cross-border payment is anti-money laundering. It is easy to receive "black U" (USDT from illegal sources), which will lead to the closure of wallets or exchange accounts. I myself have clients whose accounts were blocked by Tether or OKX. After investigation, I found that the counterparty was involved in money laundering. Boesin provides three layers of protection:

1. Security label library : We have a 2 billion wallet address label library, covering tens of millions of addresses in Southeast Asia, marking high-risk addresses such as money laundering, drug trafficking, human traffickers, online gambling, etc., and updating in real time.

2. Transaction monitoring : During each transaction, the system scans the counterparty’s wallet. If the risk exceeds the threshold (e.g. 0.1% comes from a sanctioned country), a warning will be issued to stop the transaction.

3. Fund tracking : If assets are stolen, we use blockchain records to track the flow of funds. If they flow into an exchange that holds KYC, we can work with Mankiw Law Firm to verify and recover the assets.

These services allow companies to collect payments with peace of mind and avoid account suspension or legal risks. Our database and algorithms are optimized with Chinese wisdom, with lower costs than our American counterparts and high cost-effectiveness.

Niu Xiaojing : A friend in the live broadcast room summarized it well: prevention (security audit), tracking (tracing platform), and labeling (security label library).

Q5: Why is the concept of KYT important? How to solve the compliance pain points of Web3?

Niu Xiaojing: Richard mentioned Boesin’s KYT (Know Your Transaction) concept. Can you explain the origin, importance and logic behind KYT?

Joe Zhou: KYT is a rigid requirement for Web3. Traditional finance relies on KYC (Know Your Client) to prevent money laundering. When opening an account, you need to submit your passport, source of funds, etc. However, the decentralization and anonymity of Web3 make KYC ineffective, and the identity of the counterparty is unknown, making it easy to receive black money. KYT uses the distributed ledger characteristics of blockchain to solve compliance issues:

1. Transaction transparency: All transaction records are on-chain, and transaction history and counterparty wallets can be retrieved.

2. Risk tagging: Boesin’s 2 billion tag library marks high-risk addresses (such as money laundering and online gambling platforms) and scans counterparties in real time.

3. Threshold warning: Users can set a risk threshold (such as 0.1% black money). If it exceeds the threshold, a warning will be issued and the transaction will be blocked.

KYT is the basic compliance operation of Web3 payment, ensuring that funds are legal and clean, and avoiding account suspension or legal risks. Our label library covers Southeast Asia and is updated in real time, which is particularly suitable for overseas companies.

Q6: How to improve Web3 security awareness? Is it a technical threshold or a psychological problem?

Joe Zhou: This question hits the nail on the head! Every time I join a new company, the first thing I receive is cybersecurity or anti-money laundering training, but no one takes it seriously, and I am no exception. I feel “who cares”. I regret not listening when something goes wrong. Security awareness is difficult to instill in a short period of time. 95% of security incidents are caused by users’ carelessness. For example, I have been attacked by a fake website myself.

Technically, Boesin can audit wallets and track funds, but it is up to the users to raise awareness. I hope to raise people's awareness through sharing articles and speeches, such as posting case studies on LinkedIn to remind people not to save mnemonics and click on fake links. But frankly speaking, many people have to pay tuition fees before they will be alert.

My vision is to let everyone actively raise awareness after listening to my sharing and avoid detours. This is not a technical threshold, but a psychological cognition problem, which depends on the industry's call and personal awareness.

Niu Xiaojing: Safety awareness does need to be promoted by the industry, but it also requires each individual to be aware of it.

Q7: What are the service targets and thresholds of Boesin? Can small merchants afford it?

Joe Zhou: Boesin takes an international and institutional approach, but its price is affordable, far lower than its American counterparts (which often cost tens of thousands of dollars per year). We use Chinese wisdom to optimize algorithms and serve project owners, financial institutions and individual users:

  • Institutions: such as cross-border payment companies, which require KYT database and anti-money laundering support.

  • Project party: The transformation of Web2 platform to Web3 requires the construction of encrypted cash register and security facilities.

  • Individuals: ordinary users or small merchants who need wallet audits and transaction warnings.

Cost:

  • The annual fee for KYT is approximately US$5,000-6,000.

  • A one-time security audit costs about a few thousand dollars.

  • It costs about 10,000 US dollars to build the Web3 system (including security and anti-money laundering).

  • The total cost is about 10,000 to 15,000 US dollars, which is very cost-effective.

Small merchants can fully afford it, especially users with large settlement needs, as the cost of avoiding scams far exceeds the service fee. We hope to popularize security services and help overseas expansion and Web3 transformation.

Q8: What career paths are there for individuals who want to get involved in Web3?

Joe Zhou: Web3 attracts many young people because it emphasizes autonomy, allowing them to work from home and make money on their own without being subjected to PUA in large institutions. But before entering, you should ask yourself what you can do. Web3 has many opportunities, but you need to match your skills:

  • Technical: Good at writing code, can develop wallets and smart contracts. I have a friend who entered the industry directly by writing code.

  • Business type (BD): suitable for organizing activities and soliciting leads. There are many activities in the Web3 community and the demand for BD is large.

  • Marketing type: likes socializing, can do marketing promotion and organize offline activities.

My suggestions:

1. Examine your own skills. Web3 emphasizes autonomy and finds the right direction.

2. Download the Web3 wallet, play around with the projects, and it’s okay to pay some tuition fees, but you’ll never be able to get in if you don’t try.

3. Attend more meetings, such as Token2049, get to know the big guys, and integrate into the community culture.

Web3 logic is different from traditional finance, and you have to pay a tuition fee to enter the industry. I have been in the industry for 5 years, so I am considered an old hand. I suggest young people try it first, and long-term cultivation will pay off.

Q9: I just participated in Token2049. What is unique about the Web3 running meeting culture?

Joe Zhou: Token2049 originated in Hong Kong and is one of the largest Web3 gatherings. It is not an academic conference, but more like a community party. Project owners promote and practitioners meet in person, and the atmosphere is relaxed. Its value:

1. Opportunities to meet face to face: Community friends who you have been chatting with enthusiastically online can meet offline to enhance trust.

2. Industry Trends: Side Events allow you to learn about new projects and industry trends in a relaxed environment.

3. Meeting culture: Web3 emphasizes community, and the founders are more approachable and easier to approach than those in traditional industries.

I am old and don’t like running, but I recommend young people to go more often. Don’t just take the peripherals (T-shirts, slippers), do your homework: check the agenda, find the target boss, take the initiative to ask questions or add contact information.

When I was young, I ran five or six races a day, and I was still chatting at three or four in the morning. I met many big guys. Offline running can see the expressions of the audience, the interaction is more complete, and it is more intuitive than online live broadcast. The community culture of Web3 needs offline integration, which is the unique charm of Token2049.

Q10: The Boesin website mentions "becoming the security foundation of the industry". How do you define this vision?

Joe Zhou: Boesin's vision is to become the security foundation of the Chinese Web3 industry. The Chinese started the blockchain craze, but most of the profits were taken by American companies. American security services are expensive and do not suit Chinese habits. We use Chinese wisdom to optimize algorithms, with low cost and high efficiency, to serve overseas companies and individuals, and help Chinese regain the right to speak in the industry.

Recently, a US state has listed blockchain assets as reserve currencies. The Web3 wave cannot be ignored. We hope to build a compliance alliance with partners such as Mankiw Law Firm, educate the market, and empower the industry.

Q11: Finally, please share your personal insights into the Web3 industry!

Joe Zhou: My insight is: Don't just follow the crowd, see the essence through the phenomenon. Web3 is full of opportunities, but the trend changes quickly (NFT, Metaverse to RWA), so you need to do research and find a path that suits you. Just like I love fitness, but running hurts my knees. The same is true for Web3 startups. Finding a matching track is the most important thing. Young people should try boldly, combine their own characteristics, take fewer detours, and create their own success.

Niu Xiaojing: Seeing the essence through phenomena is the compass for Web3 entrepreneurship. Thank you Mr. Zhou for your sincere sharing!

From the "blood and tears" of Web3 security to KYT's compliance tool, to Token2049's meeting culture, it's full of useful information! Web3 is an opportunity, but also a challenge, and security and compliance are the cornerstones.

Next month we will focus on RWA topics, welcome to continue to follow the live broadcast every Wednesday! That’s all for tonight, thank you everyone!

Starting a business is not easy, but your story must be cool!

Welcome to join Mankiw’s “Entrepreneurship Web3 Column” to inject real and fresh power into China’s Web3.

Share to:

Author: 曼昆区块链

This article represents the views of PANews columnist and does not represent PANews' position or legal liability.

The article and opinions do not constitute investment advice

Image source: 曼昆区块链. Please contact the author for removal if there is infringement.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
45 minute ago
1 hour ago
1 hour ago
5 hour ago
6 hour ago
6 hour ago

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读