Polygon Chief Security Officer Mudit Gupta has urged Web3 companies to hire traditional security experts to put an end to easily preventable hacks, arguing that perfect code and cryptography are not enough.
Speaking to Cointelegraph, Gupta outlined that several of the recent hacks in crypto were ultimately a result of Web2 security vulnerabilities such as private key management and phishing attacks to gain logins, rather than poorly designed blockchain tech.
Adding to his point, Gupta emphasized that getting a certified smart contract security audit without adopting standard Web2 cybersecurity practices is not sufficient to protect a protocol and user's wallets from being exploited:
“You have API keys that are used for decades and decades. So there are proper best practices and procedures one should be following. To keep these keys secure. There should be proper audit trail logging and proper risk management around these things. But as we've seen these crypto companies just ignored all of it,” he added.
While blockchains are often decentralized on the backend, “users interact with [applications] through a centralized website,” so implementing traditional cybersecurity measures around factors such as Domain Name System (DNS), web hosting and email security should always “be taken care of,” said Gupta.
Gupta also emphasized the importance of private key management, citing the $600 million Ronin bridge hack and $100 million Horizon bridge hack as textbook examples of the need to tighten private key security procedures:
Gupta suggested that the current sentiment from blockchain and Web3 firms is that if “you fall for a phishing attack, it's your problem,” but argued that “if we want mass adoption,” Web3 companies have to take
Read more on cointelegraph.com