End User Scams and Phishing Attacks in Web3: Are They Being Underreported?
According to Christian Seifert, an expert in cybersecurity, end users in the cryptocurrency space are facing numerous attacks that often go unreported. In order for widespread adoption to occur, it is necessary to address the security concerns of Web3 technologies and increase the trust of end users in these systems.
Seifert told Cryptonews.com that the Web3 space is filled with attacks targeting protocols. And it is mostly only the biggest hacks that get reported such as the Ronin bridge attack seen in March this year and Wintermute in September.
Cybercriminals often target Web3 companies in order to steal the private keys associated with their protocols' addresses. These keys can be taken through phishing attacks or by exploiting vulnerabilities that allow attackers to gain control of the addresses. As the industry becomes aware of these vulnerabilities, they are usually fixed with updates to the protocols.
Some protocols do not regularly update their contracts, leaving them vulnerable to attack. In addition to these threats, there is also a variety of malware that can steal private keys or alter transaction addresses.
However, argued Seifert,
“One thing to keep in mind is that protocols should really not be structured in a way such that they rely on trust of one address or one developer.”
No one person should be able to, for example, change a role on a contract. Instead, it should be controlled by something like a multisig, with multiple people or a community approving a decision, so “even if I am compromised with malware, and my private key got compromised, I by myself cannot do anything.”
Related to this is the question of being able to pause a blockchain. For example, major crypto exchange Binance paused Bitcoin
Read more on cryptonews.com
