Source: news.google.com
DeFi security expert explains short-term and long-term mitigation for Web3 companies
Rashmi Ramesh (rashmiramesh_) •
December 2, 2022
Web3 companies are under attack by cybercriminals all year long. After a compromise occurs, how should organizations respond? In Part 2 of this interview, Martin Derka from Web3 security firm Quantstamp discusses short-term and long-term mitigation steps and how to defend against cryptocurrency theft.
See also: Live webinar | How to Meet Your Zero Trust Goals Through Advanced Endpoint Strategies
Victim companies should be aware of the damage the exploit caused and talk to centralized exchanges to freeze funds in case the attacker uses their platform to divert stolen money, he said. They should also communicate with stakeholders about what happened during the hack and how they are mitigating the damage.
“Web3 is a lucky space. You have a lot of communities actively involved in projects, so usually [hack] the analytics are free,” says Derka, head of new initiatives at Quantstamp. Security companies can actively discuss the exploited vulnerability on Telegram and Twitter and track stolen funds by following transactions at the attacker’s wallet address.
In Part 1 of a two-part interview, Derka describes how threat actors find and exploit vulnerabilities in Web3 systems. In Part 2, he talks about:
- What Web3 companies should do immediately after an attack;
- Why criminals find it harder to collect stolen funds;
- The new challenges posed by Web3 and how they overlap with the risks of Web2.
Derka has years of experience developing Ethereum-based smart contracts and platforms, specializing in decentralized financial security and economic manipulations. At Quantstamp, he helps both protect projects before implementation and crisis management after an exploit.
Read More at news.google.com