Imagine that you are checking your social mediwa, and see that one of your favourite influencers has shared a link for minting free NFTs… What do you do next, do you just click on it, or wait for more details?
This happened to hundreds of users at the beginning of the month – and while they didn’t get the promised free NFT, they did lost dozens of their own NFTs to scammers.
The case illustrates just one of the risks that are out there in the Web3 realm right now and the state of its security. Thanks to the use of decentralization and blockchain, Web3 is expected to create a new fundamental step in the development of the Internet – but the implementation of these technologies also leads to emerging risks and new types of cyber attacks.
And cybercriminals that are looking to capitalize on such developments have been coming up with new ways of compromising the various products and services used in the Web3 space, such as smart contracts, cryptocurrencies or NFTs.
In 2021, protocol attacks and hacks in the domain caused damages worth more than $2 billion, a report from US blockchain analysis company Chainalysis showed.
According to intelligence analyst Michael Lambert, there already is a fragmentation in the Web3 security which can give a new dimension to the existing chasm that is present in cyberspace.
“On one hand we have the rather western systems (more open) and on the other hand the Russian, Chinese, and conservative religious systems (more closed). Decentralization and the essential role given to individuals rather than to providers such as large companies, which currently dominate the Web2, will lead to a multiplication of closed entities and groups, which will then allow the emergence of communication/meeting platforms for terrorist groups, for example, or cyber-pornography without or with less control,” Lambert tells The Recursive.
Decentralization as the main difference between Web2 and Web3
Decentralization has been a big topic in the blockchain community for a long time now. This is because it promises to solve many of the problems that are currently plaguing current centralized systems – including cybersecurity.
The technology can also help create new business models and economic systems that do not rely on centralized servers or databases which have been proven to be vulnerable to cyberattacks and data theft.
Another fundamental element is that this decentralization will no longer allow the same control over the piracy of videos, music, and other aspects of intellectual property that are already difficult to control on the Web2.
“Will it essentially remain a buzzword, Web3 is expected to have more security thanks to blockchain technology, yet way much less due to decentralization, that’s all the paradox,” Lambert adds.
During the past few months there has already been a significant number of cyber attacks targeting Web3 companies, such as compromised smart contracts, or using hijacked social media accounts to steal NFTs and cryptocurrencies.
As these cyberattacks are becoming more sophisticated, users need to watch how they interact with social media platforms that are popular in the Web3 space, such as Telegram or Discord for example.
“Web3 hacks are becoming more sophisticated, so the best advice for any basic users is to be careful with Telegram links, Discord links or other communication links because it might allow the hackers to connect directly to your crypto wallet and they can steal your money immediately. People should avoid sharing too much information online because that makes them vulnerable to social engineering attacks. Do not share sensitive information like transactional data linked to your primary wallet,” cybersecurity expert Suad Seferi tells The Recursive.
Increased audits and scans for vulnerabilities as the best deterrence
Cyber attacks that have already been quite popular in Web2, such as ransomware for instance, can also be used to target Web3 users as well, experts add.
“The potential large monetary gain from hacking web3 platforms motivates black hat hackers, but also the large rewards of bug bounty programs are increasingly attractive to white hat hackers. The biggest danger is social engineering, smart contract hacks and data security, which in combination can drain huge sums of funds from users’ wallets,” Skopje-based cybersecurity engineer Milan Popov explains.
According to him, what Web3 companies can do here is to have regular audits and scans for potential vulnerabilities.
“Web3 technology’s main motto is more privacy and no authentication, so before one gets into this tech, they have to study the market and know the risks and characteristics of the digital asset they are investing in,” Seferi adds.
For Filip Simeonov, cyber security expert at Skopje-based Network Equity Security Technology (NEST) Group, Web3 users should always be very careful with data manipulation and bypassing business logic and social interactions.
“For that reason, always be prepared with documentation and be compliant with regulations such as GDPR and others. To summarize, the main threats and risks for Web3 will be Unauthorized Information Access, Standardization of Trust and Proof, Malicious Script Injections, Social Engineering, Data Availability and Data Confidentiality,” Simeonov tells The Recursive.
While Web3 will certainly face new problems and challenges, they won’t be insurmountable, as there are also many cybersecurity companies who will seek to impose their presence in the space.
Additionally, while there are still many questions about how this technology will work in practice, there are promising solutions on their way to solve these issues, experts emphasize.
“To have their businesses in the Web3 realm, companies must be ready to operate in an abnormal environment where users will finally be put at the center of all business processes. Ecosystem companies focusing on security and education will surely become the fastest-growing brands in the new Web3 realm,” Seferi concludes.
