Product reviews, deals and the latest tech news

Opportunities for Web3 security and lessons from Web2 that we need to remember

Despite the fact that the usage of blockchain technology was at the centre of much of the original buzz around the crypto economy, more and more individuals in recent years (particularly after the rise in decentralised finance in 2020) have started to see that the current Web3 revolution is much more than just its underlying technology.

In other words, Web3 offers a whole new paradigm for the internet (Web2), one that is based on the principles of transparency as well as decentralisation and shared ownership of data.

Web3 does, however, have its share of issues, just like any other technology. Over the last several years, as this industry has expanded, unscrupulous actors and hackers have also entered. It is conceivable for these people to unlawfully obtain millions of dollars with a single exploit since they are financially motivated to carry out their evil plans. This is completely unheard of in the world of standard Web2 systems.

To explain, despite the fact that the Web3 market currently has a number of well-known security/privacy systems (such as OpenZeppelin’s secure contract library, Immunefi’s bug bounty, Peckshield’s scam token, and phishing site protection), it still experiences an increasing number of hacks, seemingly every month. For instance, earlier in October, when hackers were able to create fake withdrawal proofs, Binance’s BSC Token Hub bridge was emptied of more than $500 million. Similar to this, Axie Infinity’s Ronin bridge was compromised for $650M earlier this year.

How can safety in Web3 be improved?

It’s important to note right off the bat that there is no silver bullet that can render Web2 and Web3 systems bulletproof. However, we may use measures like as monitoring and incident response as part of a tiered, all-encompassing security approach to reduce vulnerability.

In this respect, blockchain activity monitoring and decentralised, real-time threat detection networks that can strengthen the security of Web3 platforms are quite useful. Community incentivization, which gives users a stake in the network’s success, is another feature that might be useful for these kinds of platforms.

However, by comparing and contrasting Web2 with Web3, we can spot promising areas where Web3 security might be improved and expanded. Let’s cut to the chase and get to the meat of the issue at hand.

A comparison of Web3 with Web2

Blockchain transactions have been claimed to have a high level of atomicity, however in Web2 systems, hackers need to take a number of laborious procedures to accomplish their malicious goals. A transaction is considered atomic if and only if all of its constituent activities are valid. In other words, the whole deal will fall through if even one small detail is wrong or contradictory.

Nonetheless, attackers on Web3 platforms still need to go through a series of steps, such as gathering resources, securing infrastructure, exploiting a system, and laundering the proceeds. But security services can now track, avoid, and lessen the effects of assaults thanks to all of these measures.

There is also the element of socially engineered assaults in both Web2 and Web3. As Web3’s digital infrastructure is not yet as robust as its centralised equivalent, more effective measures are needed to prevent social engineering assaults.

In contrast,

Since an attacker only needs to be right once, but security defenders must be accurate all the time, the topic of “attacker/defender imbalance” often comes up when talking about Web2 technology. A Web3 system’s distributed architecture flips this dynamic, requiring only a single defender out of potentially thousands to be accurate at least once while an attacker only has to be right once.