The dangerous flaws in Web3 security, according to a former hacker

The dangerous flaws in Web3 security, according to a former hacker

“New and improved” is the refrain of progress, but new technology does not always turn out to be an improvement. Regarding the evolution from Web2 to Web3, a former hacker revealed how recent changes have created a whole new avenue for potential attacks.

Recent updates were meant to tighten security. “Due to blockchain technology and its autonomous structure, it will also be more secure than previous internet versions,” the Spiceworks blog explained. “Hackers will find it extremely difficult to exploit the network, and even if they do, their activities will be logged.”

Except, in this case, those “improvements” have created additional concerns. The problem, for consumers and businesses alike, is that the “secure” aspect of Web3 – blockchain authentication of things like crypto wallets – can also pose a massive security problem.

A former hacker reveals new avenues of attack

Marcus Hutchins, a hacker-turned-security pro, revealed new Web3 security vulnerabilities in a video on social media.

“Web3 has introduced a huge new attack surface,” Hutchins said in the video.

Hackers now have access to a 51% attack, which is an attack on the blockchain by groups that control more than 50% of the blockchain. Those groups that take over 51% or more of the blockchain have all the power to control the network.

Hutchens explains that smart contracts, which did not exist in Web2, are another new problem. Smart contracts are programs stored on a blockchain that will run when predetermined conditions are met, according to IBM. They are used to execute deals without intermediaries and automate workflows. The smart contracts are hacked, creating a new attack surface.

See also  How to know if you have been hacked and what to do next

Assuming new technology is secure just because it hasn’t been hacked yet is a big mistake, Hutchins said. All technology is subject to vulnerabilities and exploits, and ignoring it just because something is labeled as a more secure option opens up your organization and your customers to countless risks.

What exactly is Web3?

To understand Web3’s security issues, we need to understand what Web3 is. The term was first coined nearly a decade ago by Gavin Wood, who developed one of the earliest and more successful cryptocurrencies, Ethereum. It is a decentralized technology, built on blockchain that allows users to have control over their own data and is intended to replace any internet interaction with traditional platforms.

Web3 aims to improve the user experience by putting the user in charge of the content. Without the need for a third-party platform to facilitate content, users will be in control of their own data, improving privacy and giving them the choice to monetize their personal information (rather than being sold and monetized by someone else) .

Web3 differs fundamentally from Web2, Spiceworks explained. Web2 focuses on reading and writing content, while Web3 is about creating content and at the same time increasing trust. This trust is supposed to extend to better security and privacy, but the reality is less optimistic.

Expand the attack surface

While blockchain hardens the infrastructure against potential cyberattacks, it does not close the door to all types of risks, including some unique to Web3.

Examining the potential of Web3—and the potential nightmares—Forrester examined the new technology and determined that there are two main problems with Web3. It is currently dominated by opportunists and investors in cryptocurrencies and various digital assets, particularly non-fungible tokens (NFTs), all of which operate within a largely unregulated environment. The other problem is that the core principles of Web3 are simply not applicable in today’s internet ecosystem.

See also  How to find out who hacked your phone

“Web3 applications (including NFTs) are not only vulnerable to attack, they often present a wider attack surface (due to the distributed nature of blockchains) than conventional applications do,” Forrester reported.

The apps are prime targets for threat actors, Forrester added, because tokens have a monetary value. They are prime targets for attack because the source code running on the blockchain is readily available. It is not protected by the type of security systems that protect an organization’s infrastructure. Instead, all a hacker needs is good technical skills, and they are included.

“The source code is also usually readily available, as running closed-source ‘smart contracts’ is frowned upon. The Web3 ethos is, after all, ‘open source,'” Martha Bennett, Forrester vice president and principal analyst and a co-author of the report, told TechNewsWorld.

Balancing user experience and security concerns

Digital wallets will be the key to data protection and security in a Web3 world. Just as a physical wallet contains everything a consumer needs – identification cards and various forms of currency – a digital wallet contains the same information, but with one big difference. The user can decide who delivers the contents of the wallet, such as the type of cryptocurrency or identifying credentials.

By putting control back in the hands of the user, organizations expect Web3 to improve overall consumer relationships and develop customer-brand loyalty. Several decades of data breaches, identity theft and misuse of information have eroded consumer/business relationships.

However, there is a big difference between a physical wallet and a digital wallet. If the physical wallet goes missing, the owner can lose the cash but replace credit cards, driver’s licenses and other pieces of identification. That is not the case with a digital wallet, where all assets are gone for good if an attack gains access to a wallet key. There is no fraud department in Web3 where a victim can report a theft. There is no FDIC to protect assets.

See also  Criteria for improving your privacy on mobile devices

The bottom line is that cybercriminals are always looking for ways to make money. They will find ways to break into Web3 and all of the blockchain’s built-in security measures. Cryptocurrency is their currency of choice already, and with Web3, money is already part of the fabric. And because there is no external security system built around Web3 and its data, threat actors have added incentives to break the code.

Web3 is the future of computing, and as it becomes more widespread, it becomes a more attractive attack vector for cybercriminals. They will break in; they always find a way to thwart security. It is now up to organizations to recognize that Web3’s security is foolproof and that protecting data needs attention before it is too late.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *