As web3 grows, so do the risks associated with decentralized applications (dapps). Here, we share practical advice to mitigate these risks.
At the forefront of emerging web3 technologies are decentralized applications, often called dapps. They use interlinked smart contracts to do specific tasks within the app, running on blockchain as code snippets. They are like a bridge between the current Internet (Web 2.0) and the developing web3.
Dapps leverage blockchain technologys inherent security, transparency, and indelibility to empower users with enhanced privacy and greater control over their data and digital assets.They function as the blockchain counterpart of traditional apps, covering social media, finance, gaming, and more.
Though the way you use a dapp might look similar to regular apps, whats happening behind the scenes is different. Instead of being stored on one big server, dapps are spread across many computers called nodes on a blockchain network.
The swift expansion of web3 has transformed the technological terrain. Yet, its also brought new security challenges.
Amongst the most prominent security risks associated with web3 and decentralized applications are phishing attacks. These occur when malicious actors create fraudulent websites or social media accounts to trick users into disclosing their private keys or other confidential information.
Another closely related threat is social engineering, a deceptive method cybercriminals use to trick users into sharing their login credentials.
Some security shortcomings stem from the interaction between web3 and Web 2.0 infrastructures, while others are inherent to protocols like blockchain and IPFS (InterPlanetary File System).
Web3 relies on network consensus, which can slow down fixing these and other vulnerabilities.
Some main security risks include:
On Nov. 17, 2023, blockchain security platform Immunefi unveiled its report on the root causes of the most damaging vulnerabilities in web3.
The report, announced at Web Summit 2023, attended by crypto.news, introduces a new vulnerability classification standard for web3. The research indicates that the root causes of hacks fall into three discernable categories:
While smart contract protocols often receive ample attention, Immunefi pointed out that the danger might lie in the overlooked infrastructure level.
According to the report, almost half of all monetary losses from hacks in 2022 were caused by infrastructure issues such as poor private key handling. Moreover, it found that nearly 37.5% of all incidents were due to developer mistakes in smart contracts concerning access control, input validation, and arithmetic operations.
The platforms CEO, Mitchell Amador, emphasized that even a well-designed smart contract could be compromised if the underlying infrastructure is vulnerable, leading to substantial losses.
Blockchains are open and permissionless environments. That means you are not just protecting against someone who has managed to sneak into your infrastructure like you were in traditional web, youre protecting against anybody who can see your contracts, anybody who can mess with your product.
Sharing his thoughts with crypto.news, Alex Dulub, founder of Web3 Antivirus, a blockchain security firm, pointed out that the real threat for web3 and decentralized apps lies in vulnerabilities arising from incomplete smart contract logic.According to him, while developers may use specific requirements to define how smart contracts work, theres always a risk of them being used in unintended ways.
Dulub noted that hackers are being more creative, experimenting with smart contracts and projects, searching for inconsistencies to exploit.
Unfortunately, detecting such complex issues with automatic tools or analyzers is nearly impossible. The best approach? Consider rigorous testing, careful logic development, analysis of all potential usage scenarios, thorough auditing, and implementing a bug bounty program.
His concern was echoed by Sipan Vardanyan, co-founder and CEO of cybersecurity firm Hexens, who said that a hackers job is to find what is not intended and to create new and more sophisticated vectors of attack.
Just knowing whats happening out there is absolutely crucial because its a small field and news travels fast, so all you have to do is keep your hand on the pulse.
Immunefis report shows that from January to October 2023, the web3 sector saw financial setbacks of more than $1.4 billion caused by 292 separate instances of fraud and hacking.
The report also indicated that hacks outweighed fraud regarding the cause of financial losses.
In October 2023, analysts attributed about $16 million in losses to hacking incidents, with defi platforms being the primary choice of attack for hackers and fraudsters.
Overall, in the third quarter of 2023, Immunefis analysis identified 74 hacks and scams, leading to a total loss across the web3 ecosystem of $685 million.
The amount involved $662 million lost in 47 hacking incidents and $22 million in 27 incidents of fraud. Two projects, the Mixin Network and Multichain, witnessed most of the losses in Q3 2023, amounting to $200 million and $126 million, respectively.
Per Immunefi, the figures reflect an almost 60% surge compared to Q3 2022, when bad actors made off with about $428 million.
The Mixin and Multichain heists comprised more than 47% of all losses in the third quarter of 2023. In that period, hacking was the primary cause of losses, accounting for 96.7% in comparison to scams, frauds, and rug pulls, which made up only 3.3% of stolen funds.
Additionally, attackers targeted Ethereum (ETH) and BNB Chain (BNB) the most, with Ethereum suffering 33 incidents, while BNB Chain faced 25.
There was also a significant spike in the number of web3 attacks, with the number of single incidents increasing 147% year-on-year from 30 to 74 in Q3 2023.
Overall, the period has witnessed the highest loss in 2023, most of it stemming from attacks by the Lazarus Group, who reports allege are behind high-profile attacks on CoinEx, Alphapo, Stake, and CoinsPaid.
In the attacks, the North Korea-linked group stole $208,600,000, representing 30% of the total losses in Q3 2023.
From a year-to-date perspective, the crypto ecosystem reported losses of $1,410,669,002 across 292 incidents. The third quarter of 2023 was particularly severe, with losses exceeding $340 million in September and $320 million in July.
Here are the measures web3 users can take to protect themselves and their assets from bad actors:
Ensuring web3 security is not a one-time task but a continuous process that involves proactive risk identification, strategic choice of blockchain design, regular audits, and constant learning.
Follow this link:
Staying safe in web3: your guide to dapps security - crypto.news
- Cosmos (ATOM), Chainlink (LINK), and RenQ Finance (RENQ) are ... - Crypto News Flash [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- Grupo Pro Arte y Cultura Announces Winners of the 2022 Mayte ... - GlobeNewswire [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- Solana vs Ethereum: How to Choose One With Better Features and ... - Cryptopolitan [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- Can Circle [USDC] turn things around with new plan? All you need to know - AMBCrypto News [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- Polygon Wallet Suite allows users to safely bridge, swap, and ... - Crypto News Flash [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- Global X rolls out three new crypto ETPs - ETF Strategy [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- The Arbitrum Foundation Announces Launch of Arbitrum Orbit: Layer 3 Chains for All - Yahoo Finance [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- Travolution Summit 2023: 'Blockchain will... - Travolution [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- Aave: The Basics Global X ETFs - Global X [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- Revolutionizing the Travel and Hospitality Industry with Blockchain ... - Hospitality Net [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- The arbitrability of Web3 disputes: An effective court of First World ... - Lexology [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- What Is Stacks? Smart Contracts on Bitcoin[Outlook &Upate] - DataDrivenInvestor [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- Smart Contracts in Healthcare Market Projected to Hit USD 5.6 ... - GlobeNewswire [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- Are Smart Contracts Integral to Blockchain or Just Useful Tools ... - Cryptopolitan [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- EU Parliament approves the Data Act, which requires - Kitco NEWS [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- Discover Tanglechains.org: Your go-to source for EVM and Smart Contract Chains on Shimmer and IOTA - Crypto News Flash [Last Updated On: March 16th, 2023] [Originally Added On: March 16th, 2023]
- How Can Blockchain 4.0 Technology Revolutionize Interactions with ... - Cryptopolitan [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- Australia's largest bank breaks blockchain barrier with Ethereum ... - Cryptopolitan [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- How Will Bitcoin DeFi Gain Importance in 2023? Cryptopolitan - Cryptopolitan [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- Helio Protocol: The revolutionary USD Destablecoin backed by BNB - AMBCrypto News [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- Project claiming to be AI-powered drains $1M from users - Cointelegraph [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- HashKey Group taps SlowMist for blockchain security and AML/CFT ... - FinanceFeeds [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- Revolutionary DeFi Protocol IPOR to be listed on Bitget on Mar 22nd ... - Yahoo Finance [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- Boba Network Announces Integration with NOWPayments - Cryptonews [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- Blockchain Could Soar Beyond 100,000 Transactions per Second With the Right Math - The Daily Hodl [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- Here's why blockchain is the future of the telecoms industry - Crypto Reporter [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- 5 Must-Have Blockchain Developer Skills - Blockchain Council [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- EU Data Act requires smart contracts to have kill switch, not be ... - Ledger Insights [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- Euro Parliament approves Data Act that requires kill switches on smart contracts - Cointelegraph [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- Europe introduces smart contract kill switch what it means for DeFi systems - AMBCrypto News [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- Smart Contracts in Peril? EU's Data Act Vote Stirs Controversy in the Web3 World - CryptoGlobe [Last Updated On: March 20th, 2023] [Originally Added On: March 20th, 2023]
- Inery Blockchain to Implement AI, Mainnet Rescheduled for Q2 2023 - EIN News [Last Updated On: March 22nd, 2023] [Originally Added On: March 22nd, 2023]
- The Emergence of Web3 and Its Impact on TradFi - LCX [Last Updated On: March 22nd, 2023] [Originally Added On: March 22nd, 2023]
- Stacks 2.1 deployed: Is BTC the catalyst STX needed all along - AMBCrypto News [Last Updated On: March 22nd, 2023] [Originally Added On: March 22nd, 2023]
- Blockchain-Based Debt Protocol Obligate Records First Bond Issuance on Polygon Network - Yahoo Finance [Last Updated On: March 22nd, 2023] [Originally Added On: March 22nd, 2023]
- What Is a Hybrid Blockchain, and How Does It Differ from a Regular ... - MUO - MakeUseOf [Last Updated On: March 22nd, 2023] [Originally Added On: March 22nd, 2023]
- Solana-based DEX Orca bans US users from trading in its platform - CoinGeek [Last Updated On: March 22nd, 2023] [Originally Added On: March 22nd, 2023]
- The Role of Self-Regulation in the Cryptocurrency Industry: Where do we go from here? - Finance Magnates [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- Cardano (ADA) is ready for a massive pump, Polygon (MATIC), and ... - NewsBTC [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- Best Web3 open-source tools 2023 - CryptoTicker.io - Bitcoin Price, Ethereum Price & Crypto News [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- How New Technology Will Disrupt The Oil And Gas Industry - Markets Insider [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- How Can Ethereum Account Abstraction Improve the Network's ... - Cryptopolitan [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- Stellar (XLM) Price Prediction 2025-30: Will XLM shake off its bearish ways? - AMBCrypto News [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- TRON: Stake 2.0 launch announced to significantly improve the ... - Crypto News Flash [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- Smart Contracts in Healthcare Market Size and Growth Most Recent Manufacturers Insight View with Top Countries - openPR [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- Future of Finance: EYs Brody on why tech history shows there can be only one winning blockchain - Fortune [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- Top 10 Blockchain Platforms to Consider in 2023 - Analytics Insight [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- Safemoon LP Drained of $9M in Smart Contract Attack - BanklessTimes [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- Chainlink (LINK) Price Prediction 2025-2030: Can LINK reach $10 in 2025? - AMBCrypto News [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- The Flare Time Series Oracle (FTSO) Ready to Serve Smart ... - Blockchain Reporter [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- How IOTA Smart Contracts Could Skyrocket the Value of MIOTA? - CryptoTicker.io - Bitcoin Price, Ethereum Price & Crypto News [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- Smart Contracts Deployed on Ethereum Have Plummeted 66 ... - BanklessTimes [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- How ChatGPT is Revolutionizing Smart Contract and Blockchain - Techopedia [Last Updated On: April 2nd, 2023] [Originally Added On: April 2nd, 2023]
- Oriental Overseas Insurance Company: Committed to Building a ... - Digital Journal [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- Trouble for the new crypto of Arbitrum - The Cryptonomist [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- Tokentus investment AG invests USD 300,000 in Hydra Ventures, one of the first Investment DAO Fund-of-Funds in the Web3 Space - Marketscreener.com [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- Introducing DogeFarm: The Pioneering Decentralized Real Yield ... - GlobeNewswire [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- California Governor Gavin Newsom Is Giving the Crypto Industry ... - Jacobin magazine [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- If History Repeats, Cardano (ADA) Price Will Reach ATH Very Soon ... - Coinpedia Fintech News [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- Crypto 4 A Cause Set to Deploy its Blockchain Within the Year After Successful Sandbox Georli Testnet Trial - EIN News [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- dcSpark CTO: 'Cardano Will Be a Top EVM Chain Next Month' - CryptoGlobe [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- Utah DAOs and Donts: New Law Provides Limited Liability for ... - JD Supra [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- Steps to A Blockchain Industry Consulting Career: Maximizing ... - Cryptopolitan [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- Justice Dept. Seizes Over $112M in Funds Linked to Cryptocurrency ... - Department of Justice [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- Stacks [STX] gains newfound attention from investors, but will its uptrend last - AMBCrypto News [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- Cryptocurrencies To Watch: Week of April 3 - Investopedia [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- The Role of Enterprise Ethereum: Applications, Benefits, and Challenges - Finance Magnates [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- Astar Network To Launch Smart Contracts 2.0 on the Mainnet on April 6th - The Defiant - DeFi News [Last Updated On: April 4th, 2023] [Originally Added On: April 4th, 2023]
- Is 2023 The Year For Shiba Inu (SHIB) And RenQ Finance (RENQ)? - Benzinga [Last Updated On: April 24th, 2023] [Originally Added On: April 24th, 2023]
- Coinbases Base network gets OpenZeppelin security integration - Cointelegraph [Last Updated On: April 24th, 2023] [Originally Added On: April 24th, 2023]
- What is the Best Cardano DEX, and Why is it WingRiders? - DataDrivenInvestor [Last Updated On: April 24th, 2023] [Originally Added On: April 24th, 2023]
- Attention Crypto Scammers: AI is on the Hunt - BeInCrypto [Last Updated On: April 24th, 2023] [Originally Added On: April 24th, 2023]
- VeChain explores Billion-$-KI industry with OpenAI - Crypto News Flash [Last Updated On: April 24th, 2023] [Originally Added On: April 24th, 2023]
- Automotive Blockchain Market is expected to represent Significant ... - Digital Journal [Last Updated On: April 24th, 2023] [Originally Added On: April 24th, 2023]
- Uncomfortable with the security of web3 transactions? Fire might be ... - Refresh Miami [Last Updated On: April 24th, 2023] [Originally Added On: April 24th, 2023]
- Blockchain As A Service Market is expected to Exhibit a Massive ... - Digital Journal [Last Updated On: April 24th, 2023] [Originally Added On: April 24th, 2023]
- Pi Network Reveals Tech and Product Updates for Pioneers - BSC NEWS [Last Updated On: April 24th, 2023] [Originally Added On: April 24th, 2023]
- Unleashing the Potential: Tools and Apps on the Ethereum Blockchain - Captain Altcoin [Last Updated On: April 24th, 2023] [Originally Added On: April 24th, 2023]
- XRP Ledger Makes Progress Towards Supporting Native Smart ... - The Crypto Basic [Last Updated On: April 24th, 2023] [Originally Added On: April 24th, 2023]
- Cardano (ADA) launches the future of smart contracts with Aiken in ... - Crypto News Flash [Last Updated On: April 24th, 2023] [Originally Added On: April 24th, 2023]