Polygon Chief Security Guard Mudit Gupta has advised Web3 companies to employ traditional security experts to place an finish to simply avoidable hacks, quarrelling that perfect code and cryptography aren’t enough.
Talking with Cointelegraph, Gupta outlined that some of the recent hacks in crypto were ultimately a direct result Web2 security vulnerabilities for example private key management and phishing attacks to achieve logins, instead of poorly designed blockchain tech.
Contributing to his point, Gupta emphasized that obtaining a certified smart contract security audit without adopting standard Web2 cybersecurity practices isn’t sufficient to safeguard a protocol and user’s wallets from being exploited:
“I’ve been pushing a minimum of all the major companies to obtain a dedicated security individual who really recognizes that key management is essential.Inches
“You have API keys that can be used for decades and decades. There are proper guidelines and operations you ought to be following. To help keep these keys secure. There must be proper audit trail logging and proper risk management around this stuff. But because we have seen these crypto companies just overlooked everything,” he added.
While blockchains are frequently decentralized around the backend, “users communicate with [applications] via a centralized website,” so applying traditional cybersecurity measures around factors for example Website Name System (DNS), website hosting and email security must always “be taken proper care of,” stated Gupta.
Gupta also emphasized the significance of private key management, citing the $600 million Ronin bridge hack and $100 million Horizon bridge hack as textbook types of the necessity to tighten private key security procedures:
“Those hacks had nothing related to blockchain security, the code was fine. The cryptography was fine, everything was fine. Except the important thing management wasn’t. The non-public keys […] weren’t safely stored, and exactly how the architecture labored was when the keys got compromised, the entire protocol got compromised.”
Gupta recommended the current sentiment from blockchain and Web3 firms is when “you be seduced by a phishing attack, it is your problem,” but contended that “if we would like mass adoption,” Web3 companies need to take more responsibility instead of doing the minimum.
“For us […] we do not want only the minimum safety that keeps the liability away. We would like our product to become really safe for users for doing things […] therefore we consider what traps they may fall under and then try to safeguard users against them.”
Polygon is definitely an interoperability and scaling framework for building Ethereum-compatible blockchains, which helps developers to construct scalable and user-friendly decentralized applications.
Having a group of 10 security experts now employed at Polygon, Mudit now wants all Web3 companies to accept same approach.
Following a $190 million Nomad bridge hack in August, crypto hacks have finally surpassed the $2 billion mark, based on blockchain analytics firm Chainalysis.