Businesses should adopt Web3, but do so with caution

Despite much initial skepticism and suspicion, Web3 has emerged as a source of real value, paving the way for a new generation of decentralized applications (dApps) built on blockchain. These dApps offer forward-thinking companies an incredible opportunity to transform their business operations and improve efficiency.

A 2023 survey of 600 business decision makers in the US, UK, and China found that nearly 90% have implemented some form of blockchain technology, and 87% plan to invest in blockchain in the next year. I answered yes. This reflects companies’ fears of being left behind as blockchain development accelerates globally. According to Deloitte, 73% of financial executives believe their organizations will miss the opportunity to gain competitive advantage without implementing blockchain and digital assets.

Web3 proponents believe that blockchain makes the decentralized web more resilient and secure than previous versions because it ensures that all transactions are public and verifiable, improving record-keeping and data integrity. I admire you for being so good.

However, despite the promise of improving blockchain security, the increased adoption of Web3 technology has not eradicated security risks, only transformed them. His 2023 State of Web3 Security Report by Salus shows that cyberattacks on the Web3 industry caused more than $1.7 billion in losses last year. It highlighted a wide range of threats in a decentralized world.

Related: Confused about Web3? Steve Aoki breaks down your business and shows you how you can make money.

New security challenges

Although Web3 avoids some of the security issues of Web 2.0, it introduces several new issues, almost all of which are industry-specific.

This year’s biggest attacks include a $200 million attack on Mixin Network, a cloud-based blockchain service provider. $197 million attack on Euler Finance. The North Korean-linked Lazarus Group attacked both cryptocurrency exchanges Poloniex and Atomic Waller, stealing more than $126 million from the former and $100 million from the latter.

The majority of Web2 attacks target users. However, most of the threats facing the Web3 industry leverage vulnerabilities in the code of decentralized applications and protocols. Access control issues accounted for 39% of all Web3 attacks, but to maximize the impact of other forms of attack, such as exploiting bugs in smart contracts or manipulating cryptocurrency asset prices on exchanges. The flash loan protocol in which flash loans are used contributed. Affects over 16% of attacks.

As mentioned above, user-targeted attacks are “less popular” in Web3. Phishing attacks use social engineering tricks to manipulate unsuspecting users into disclosing data, spreading malware infections, or giving access to restricted systems, making up just 4 of all attacks. It’s only %.

In addition to software vulnerabilities, retail investors continue to fall victim to exit scams and “lag pulls,” fraudulent cryptocurrency projects that persuade the community to support them before taking home the funds raised.

It is possible to reduce

Rest assured, there are concrete steps businesses can take to reduce their chances of falling victim to each of these threats. With proper care and due diligence, there is no reason to ignore Web3’s many potential benefits.

Related: 5 Top Tips for Successful Web 3.0 Ventures

Enhanced authentication

Introducing more robust authentication and authorization mechanisms, such as decentralized identifiers (DIDs), access tokens, biometrics and multi-factor authentication, will mitigate many security threats such as access control-based vulnerabilities and phishing attacks. Businesses must always adhere to the principle of least privilege. This is an important step in staying safe online for both Web2 and Web3.

Increased complexity

As in the real world, cyber attackers like to move in and out quickly to avoid detection, so the increased complexity of participating in a Web3 project reduces the likelihood of an attack. Her DeFi protocols that offer flash loans can protect themselves from threats by introducing minimum borrowing amounts and term limits, as well as additional fees to increase costs for attackers. Similarly, attacks on oracles can be mitigated in a number of ways, including avoiding the use of illiquid markets for price prediction and using TWAP (time-weighted average price) to increase the attacker’s operating costs. can. )mechanism.

Hardware wallets (using physical technology to store your private encryption keys online until you need them) can also help avoid hacking. It is virtually impossible for cybercriminals to access the hardware wallet, which resembles a USB drive, without physically stealing it itself.

implement the check

Similar to Web2, businesses must regularly update permissions to avoid flaws in their security defenses. Furthermore, all smart contract code should be thoroughly audited as it is often prey to re-entry vulnerabilities. It should also follow the check effect interaction model.

Conducting due diligence

Penetration testing allows organizations to discover and exploit their vulnerabilities before attackers do. Extensive employee training is also important to help individuals identify and avoid phishing attacks and other threats.

Finally, avoid falling victim to a rug pull scam by carefully researching your new project and its team to ensure they have a reliable track record. Prioritize projects that have undergone a transparent security assessment by a trusted auditor.

Related: How to own your story online — even if the internet owns you

Adopt Web3, but do so with caution

Web3’s high exposure to fraud is one of the major obstacles to mass adoption of decentralized technology. However, while the total losses in 2023 were very large, they were lower than the 2022 numbers. This suggests that the overall landscape is becoming safer as more businesses adopt the necessary precautions.

As Salus points out, the $1.7 billion loss remains an alarming number and highlights the importance of improving security and educating users about the risks of Web3. Technology-specific vulnerabilities are spread across multiple areas, requiring a multifaceted approach to security. This can be strengthened by prioritizing platforms and protocols that implement the strongest security measures.

My main takeaway from this report is that businesses need not hesitate to embrace Web3 and all the possibilities it offers. However, any technology implementation must be subject to extensive checks and investigations, and the same rigorous security standards adopted by legacy technology systems must be adhered to.