According to Christian Seifert, an expert in cyber security, end users in the cryptocurrency space are facing a number of attacks that often go unreported. For widespread adoption, it is necessary to address security concerns web3 technologies and increase the confidence of end users in these systems.
Phishing, vulnerabilities, malware, centralization – pick your poison
Seifert told cryptonews.com The Web3 space is full of attacks targeting the protocol. And it’s mostly only the biggest hacks that get reported like attack on ronin bridge seen in March this year and wintermute in September.
Cyber criminals often target Web3 companies to steal the private keys associated with their protocol’s addresses. These keys can be obtained through phishing attacks or by exploiting vulnerabilities that allow attackers to gain control of the addresses. As the industry becomes aware of these vulnerabilities, they are usually fixed with updates to the protocol.
Some protocols do not regularly update their contracts, making them vulnerable to attack. In addition to these threats, there are also several types of malware that can steal private keys or change transaction addresses.
However, Seifert argued,
“One thing to keep in mind is that protocols really shouldn’t be structured in such a way that they rely on one address or one developer trusting them.”
For example, no one person should be able to change roles on a contract. Instead, it should be governed by something like a multisig, in which multiple people or a community approve a decision, so “even if I’m compromised by malware, and my private key is compromised, I I can’t do anything myself.”
Related to this is the question of a blockchain being able to be halted. For example, major crypto exchanges binance were stopped bitcoin (btc) Withdrawal in June due to backlog, according to its CEO. And this is far from the only one who does this, many choose this option when attacked.
Stopping at the base layer — which is the blockchain itself — is concerning, Seifert argued, “because it shows the centralized nature of that particular blockchain.”
Blocking at the application layer, on the other hand, is a different story and a necessary measure to protect user funds during an attack, he said. For example, there may be a pause mechanism that is not affecting the entire protocol, but transactions at a certain value.
“The goal of these actions is to mitigate or slow down the attack, while also allowing legitimate users to continue working with the protocol,” says Seifert.
Furthermore, transparency about how security is implemented is essential, the expert said, allowing users to have all current information on security measures in place to decide whether or not to use the protocol. He argued that,
“Security by obscurity is not the way to go.”
Widespread but under-reported crimes against end users
So far we have talked about protocols and issues affecting companies, but again, the most affected is the end user. In addition to these major thefts, numerous smaller assaults also occur, for example, some $40,000-$50,000 in property is stolen.
“I think they’re really underreported,” Seifert said. “And I think what’s even less reported is essentially theft that end users are experiencing, because well, there’s really no reporting mechanism.”
End users are often being attacked through a variety of scams, and most commonly through ‘ice phishing’ – signing approval transactions that give the attacker access to digital assets linked to the user’s wallet.
Seifert also cited the example of a recent attack where end users were being scammed by tokens taking a rake for each swap – a few dollars being given to the token deployer in addition to the swap fee. He warned that these evasions are not clearly visible to the end user.
So, Seifert said, “We talked a lot about protocols, but we also need to think about end users. And what’s really important is that there are security services in place to protect end users, malicious As well as blocking accounts, there is also account abstraction which allows users to set policies on how applications can act on their digital assets.
How to protect end users
Asked whether these disruptive attacks threaten the existence of Web3, or are just a teething problem, Seifert said that “it’s a combination,” but it has a negative impact either way. This is definitely detrimental to adoption.
For example, if a user sees his crypto or non-fungible token (nft) stolen, they often “do not understand what happened; They’re basically facing an empty wallet,” Seifert said, adding:
“I think it doesn’t increase the chances of those people staying in Web3. And so I think victims in particular will probably move away from Web3. Doesn’t instill much confidence.
Meanwhile, the recent string of project failures and bankruptcies, notably ftx Exchanges, have once again brought the issue of centralization into the limelight, leading to greater reliance on decentralized finance (DeFi) and non-custodial solutions, the expert said.
But where there is money, there are bad actors too. Users are moving funds out of centralized exchanges, so there is likely to be an influx of users adopting the non-custodial aspects and participating in DeFi, however:
“I’m sure attackers will try to take advantage of this. I think there’s going to be a massive boost to phishing, ragpulls, all scams affecting end users.”
Therefore, there needs to be a better security layer that warns the user about potentially dangerous action, more education targeting users, and improvements in usability for end users, including greater simplicity of products, user-friendly wallets, Also included are helpful solutions. End users navigate Web3. It’s the complexities within products and transactions that aren’t comprehensible to an average user, Seifert said, that attackers are taking advantage of:
“Even large wallet providers need to adopt comprehensive security features to protect end users.”
At the same time, the industry is fairly young, and Seifert has seen “a lot” of security services coming online over the past few years that help end users and protocols protect themselves.
Seifert said some important components of a comprehensive security strategy are:
- Auditing: Auditing is the best adopted technique to secure a protocol, and one should not try to reinvent the wheel but should use already audited template libraries which are supported by many known eliminates bugs;
- Bug bounties: adoption of bounties has increased, security researchers are doing a good job in an ethical way; A protocol should encourage potential attackers to work with No Opposite it;
- Monitoring: Once a protocol is implemented, monitoring is of utmost importance as it will allow time to take action to mitigate the attack;
- Incident response capabilities: either automated or manual, required to be able to perform tasks and protect funds;
- Stop functionality: As discussed above, it helps to stop further withdrawal of funds;
- upgradeable contract;
- Cyber Insurance.
he said that,
“Ideally, these should be integrated from day one. But a lot of the protocols are small teams, innovating rapidly, and they want to get to market quickly. And security is not a top priority in that environment.
However, as they move into the market, and should they become successful, they will see an influx of users and their Total Value Locked (TVL) will increase – and this is where the risk profile of this protocol changes.
“Attackers see how much digital assets are in the protocol, and you become a target. And once you become a risk, you need to adopt a comprehensive security strategy.
Meanwhile, what we are seeing in the Web2 industry is a concentration of security services in managed service providers, where a small business can ask such a provider to protect them. “And I expect something similar is going to happen in the Web3 space,” Seifert said. There is the issue of centralization, and the industry has to find ways to reduce it.
Attacks are a major problem for users and protocols alike, and the industry is recognizing them as such, producing a “flurry” of companies, decentralized autonomous organizations (DAOs),dao), and the communities that are creating security services.
“And so I very much expect that in five years, security in the Web3 space will be more mature, and we’re starting to see that,” Seifert concluded.
,
learn more:
, Binance CEO Warns Users About New Hack Targeting Crypto Industry
, DeFi Protocol Anker Suffers From Infinity Minting Exploit – Here’s What Happened
, $160 million rug bridge? Crypto staking platform Freeway halts withdrawals citing ‘unprecedented volatility’
, Gamefy Rug Pull and Accidentally Closed Exchange – Beware the Risks in Crypto
, BTC mining pool Poolin suspends wallet withdrawals to ‘stabilize liquidity’
, Give us our money back: The problem with custodial wallets and the implications of stopping withdrawals on crypto’s reputation
Bitcoin Crypto Related Post