THE DAILY ENCRYPT

[date-today format='F j, Y']

Isn’t Web3 Meant to be Secure – What About All these Recent Hacks?

The promise of Web3 is that we'll get all the stuff we like about the internet, but with more privacy and a blockchain-based architecture to...
person using MacBook Pro
Photo by Fabian Irsara

Web3 promises that we will get all the information we want about the internet but with more privacy, a blockchain-based architecture and more security.

That’s the theory. Web3 is quickly becoming a security nightmare. A series of recent hacks have left many wondering if Web3 should be turned over to Mark Zuckerberg.

The most recent security incident involves the play-to earn game Axie-infinity-ronin-ethereum, which is supposed be the model for Web3. In case you didn’t know, hackers broke into The Ronin “bridge” that links Axie to the Ethereum blockchain. They robbed it of $552 million (now worth $630million, since ETH has been up). This is a shocking amount, even in this crypto gilded era.

The attack itself is even more shocking. Molly White , a Web3 engineer, explains that Axie’s crew set up the bridge so that it needed only nine trusted validators. This means that a hacker would only need to compromise five accounts in order to gain the keys to the kingdom. That’s exactly what happened. It took six more days to realize that $630 million of Ethereum had been stolen and to inform users.

A Web2 or bank security team would be fired if they behaved in this manner. They could also face criminal or civil negligence charges. Axie leadership, however, has only offered vague comments to indicate how shameful this is. (Axie founder Jeff Zirlin tweets Tuesday, “It’s a tough day,” and two hour later, “This will be when we prove what we’re made of.” Matt Levine, a Bloomberg blogger, observed that “Nobody cares more about information security than the creators of cryptocurrency projects.”

This is not a unique Axie incident. Two months ago hackers stole Wormhole – a popular bridge to Solana’s blockchain – for $320 million. Users were fortunate that the venture capitalists beyond Wormhole recognized the horrible optics and decided to stop the losses , even though the engineers responsible shrugged their shoulders. Last week, $28million was taken from Solana stablecoin Protocol Cashio. Last August, Poly Network had been hacked for more than $600 million.

Web3 users have been robbed in many other cases, mainly because their platforms are filled with security holes.

More than two dozen Web3 companies including Circle and BlockFi revealed last month that they were attacked. In this case, hackers stole customer data from one their marketing vendors. This data is being used in phishing scams and other attacks.

Web3 could inherit the most serious security flaws of the internet, but no accountability. Big banks at least have insurance that covers customers if they are robbed. Big tech firms, however, employ sophisticated security teams to protect their data. Web3’s most prominent names, however, seem to be focused on making money by selling tokens and not caring about the users who have to navigate a hostile landscape on their own.

Many have forgotten the original values that gave rise crypto. These include building secure architecture, as well as remembering Vitalik Buterin’s Blockchain Trilema, which states that it is easy to reach two of the three goals (decentralization, scale and security), but difficult to achieve all three. Vitalik also spoke out about bridges in January, warning that they are not as secure than Layer 1 projects such as Ethereum and Bitcoin.

Speaking of Bitcoin, this is one instance where the wider Web3 world should learn from Bitcoin maximalists. The maxis may seem obnoxious, but they are correct that the Bitcoin blockchain is battle-tested and more secure than any other crypto. This is one of the main reasons Satoshi’s creation has remained the most valuable cryptocurrency in the world. Web3 founders need to take more time building their projects than just hoping for a token payout. Web3 could lose the credibility it has built if they don’t.

This is Roberts On Crypto, a column by Decrypt Editor in Chief Daniel Roberts and Decrypt Executive editor Jeff John Roberts. To receive the DecryptDebrief email newsletter every Saturday, sign up. Read last week’s column: Vitalik is the Crypto Hero We Do Not Deserve.

Vitalik Ivanov

Vitalik Ivanov

Vitalik is a speaker / journalist. He has spoken and given presentations at many blockchain events across the world. Vitalik is based in the UK, he loves to travel and calls Dubai his "crypto home". Vitalik has enjoyed speaking at blockchain events and has a main focus on CBDC's, NFT's and altcoins. Vitalik says "Everything, and i mean everything will be an NFT one day".
Vitalik Ivanov

Vitalik Ivanov

Vitalik is a speaker / journalist. He has spoken and given presentations at many blockchain events across the world. Vitalik is based in the UK, he loves to travel and calls Dubai his "crypto home". Vitalik has enjoyed speaking at blockchain events and has a main focus on CBDC's, NFT's and altcoins. Vitalik says "Everything, and i mean everything will be an NFT one day".

© 2022 The Daily Encrypt. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Latest News
PRESS RELEASES