Turkish Crypto Exchange Thodex CEO Faruk Özer Sentenced to 11,196 Years in Prison for Collapse
DeFi and Credit Risk
International Regulatory Authorities Unveil Comprehensive Global Cryptocurrency Policy Blueprint
In order to stop breaches that are clearly avoidable, Polygon Chief Security Officer Mudit Gupta has recommended Web3 companies to recruit traditional security specialists, contending that immaculate code and cryptography are insufficient.
Speaking to Cointelegraph, Gupta explained that rather than being the product of badly constructed blockchain technology, many of the recent crypto thefts were actually the result of Web2 security flaws, such as private key management and phishing attacks to obtain logins.
Furthermore, Gupta underlined that obtaining a certified smart contract security audit alone is insufficient to safeguard a system and users' wallets from being compromised.
I've been pressuring at least all major corporations to hire a specialized security professional who genuinely understands the value of key management.
"You have API keys that have been in use for many years. There are therefore appropriate best practices and processes that one should adhere to. to safeguard these keys. These should be subject to appropriate risk management and audit trail logging. However, as we have observed, these crypto firms have just ignored everything.
The implementation of conventional cybersecurity measures around elements like Domain Name System (DNS), web hosting, and email security should always "be taken care of," according to Gupta, even though blockchains are frequently decentralized on the backend because "users interact with [applications] through a centralized website."
In addition, Gupta underlined the significance of managing private keys, citing the $600 million Ronin bridge hack and the $100 million Horizon bridge hack as textbook illustrations of the requirement to strengthen private key security protocols:
The coding was sound, thus those hacks had nothing to do with blockchain security. Everything was perfect, including the cryptography. The essential management, though, wasn't. The architecture was such that if the private keys were compromised, the entire protocol would also be compromised because they were not held securely.
The current attitude, according to Gupta, is that "you fall for a phishing attempt, it's your issue" from blockchain and Web3 companies, but he stated that "if we want mainstream adoption," Web3 companies must take greater responsibility rather than doing the bare minimum:
"For us, the bare minimum of safety to prevent responsibility is not enough. Because we want customers to be able to use our product safely, we consider potential pitfalls and work to safeguard consumers from them.
Developers may create scalable and user-friendly decentralized applications using the Polygon interoperability and scaling framework for Ethereum-compatible blockchains.
Now that Polygon has ten security specialists on staff, Mudit urges all Web3 businesses to adopt the same strategy.
According to blockchain analytics company Chainalysis, the total value of cryptocurrency breaches has now topped $2 billion following the $190 million Nomad Bridge heist in August.
=============
