Although much of the initial hype around the crypto economy hinged on its use of blockchain technology, more and more people in recent years (especially after the decentralized finance boom of 2020) have begun to realize that the revolution Ongoing Web3 is much broader than its underlying technology.

To put it another way, Web3 represents an entirely new paradigm for the world wide web (Web2), one that is rooted not only in the spirit of decentralization and shared ownership of data, but also in transparency.

However, like any other technology, Web3 also has its problems. As this sector has grown in recent years, so has the entry of bad actors and hackers. Since these individuals have financial incentives to carry out their nefarious schemes, it is possible for them to illegally acquire millions of dollars through a single exploit, which is completely unheard of in the world of traditional Web2 systems.

To elaborate, even though there are currently several well-established security/privacy systems in the Web3 market (such as OpenZeppelin’s secure contract library, Immunefi’s bug bounty, Peckshield’s scam token, and site protection from phishing), continues to face an increasing number of hacks, seemingly every month. For example, in early October, Binance’s BSC Token Hub bridge was emptied of more than $500 million after hackers were able to fake artificial withdrawal proofs. Similarly, Axie Infinity’s Ronin Bridge was hacked earlier this year for $650 million.

How can Web3 become more secure?

At the outset, it’s worth mentioning that no single magic solution can make Web2 and Web3 systems completely airtight. However, we can employ a comprehensive, layered security approach to minimize risk, including monitoring and incident response.

In this sense, decentralized real-time threat detection networks capable of reinforcing the security of Web3 platforms, while providing monitoring of blockchain activity, can be very useful. In addition, it can be useful to incorporate features such as community incentivization because they allow the participants of these platforms to shape the future of the network and own the value they generate.

That being said, analyzing the similarities and differences between Web2 and Web3 can reveal great opportunities to strengthen and innovate in Web3 security. So, without further ado, let’s get straight to the heart of the matter.

A look at the similarities between Web3 and Web2

Many have argued that blockchain transactions exhibit a high degree of atomicity; However, when it comes to Web2 systems, hackers have to go through a lot of complicated steps to facilitate their illegal actions. In essence, atomicity refers to the idea that a single transaction contains many different actions, all of which must be correct to be accepted. In other words, if any individual part of the transaction is incorrect or conflicting, the entire transaction will fail.

That said, when it comes to Web3 platforms, attackers still need to undertake multiple steps of action, including funding, staging, exploiting, and ultimately laundering the ill-gotten funds. But each of these steps allows security vendors to monitor, prevent, and mitigate potential attacks.

Another key similarity between Web2 and Web3 is the element of social engineering attacks. As the digital infrastructure underlying Web3 still lags behind its centralized counterpart, better solutions are required to hinder social engineering attacks within Web3.

the distinctions

When looking at Web2 technologies, the issue of ‘attacker/defender imbalance’ is always important, as an attacker only needs to be right once, while security defenders need to be right all the time. However, with the distributed configuration of Web3 systems, the tables are reversed: while an attacker only needs to hit once, only one out of many thousands of defenders has to hit at least once.

In addition, the data contained in the blockchains is available to all network participants, contrary to how Web2 systems work, since only selected parts of the information are made public, especially from a security point of view. . Thanks to the distributed nature of Web3, the potential to foster innovation by the broader security research community (through the use of various approaches) is much greater.

Another clear difference is that when it comes to Web3, it’s easier to assess losses because all of an attacker’s transactions are available on a public ledger. As a result, it is possible to design superior risk quantification models capable of providing robust cyberinsurance risk mitigation strategies and protocols.

Finally, attacks in the Web3 realm have some sort of purpose, thanks to the immutable nature of the blockchain. However, when it comes to Web2, things are much grayer as stolen details (such as personal credentials) can result in continuous unchecked losses. Therefore, in Web3, this will likely lead to new mitigation strategies and lead to the adoption of cyber insurance in the short to medium term.

What awaits the Web3 ecosystem?

As is probably evident by now, the Web3 technology paradigm is poised to completely revolutionize the way people around the world operate on a day-to-day basis; however, at the same time, it also faces several challenges. That being said, in recent years an increasing number of skilled developers have entered this rapidly evolving niche, helping to innovate and solve many of the pressing security challenges facing Web3 users today.

Christian Seifert is a security researcher in the Forta community who previously spent 14 years working on web security at Microsoft.