Web3 continues to dominate the technology headlines, with companies like Google building out their own web3-focused team and crypto, NFTs, and other blockchain-based applications continuing to grow in popularity. But looking past the excitement and continuing investments, how to keep web3 secure is a major topic of conversation. That’s why Tech in Motion brought in leaders in cyber security and web3 for a conversation, “Cybersecurity Risks and Advantages in Web3.” Moderated by podcaster/startup founder/author Sam Kamani, the panel included Security Incidents Expert at Certik Daniel Jen, Chief Security Architect at Walmart Ira Winkler, and web3 entrepreneur and Founder of Ecosis Christopher Muller and went over a variety of topics on the security and concerns of web3. Read below to see some of the highlights or watch the entire event below.
Web3 is the Future, but is the Future Now?
The reason for the excitement of web3 is not just what is going on currently, but for the possibility of what can be in the future, according to Muller. One of the advantages of web3 is that “the person is doing the data, owns the data.” This simple fact opens up other new technologies such as de-fi and decentralized autonomous organizations (or DAO) and can bring a whole different future in tech, one where the individual is in control, not large companies.
However, Winkler shared his concerns. “When everybody is in charge, no one is in charge,” he said. The current issue as history has shown, criminals will always find a way to exploit a system, no matter how secure it appears to be. With decentralization, one of the main tenants of web3 eliminates the financial motivation to fully secure and investigate issues, let alone the jurisdiction of those investigations.
Jen also shared his concerns about web3, especially how adding things to a blockchain differs from how things are currently done. Developers currently work by getting things out there, then patching things on the fly once bugs are noticed. In blockchain, it does not work that way. “Once you post a contract onto the chain, it is stuck to an address, there are no updates,” Jen explained. “It’s not easy to launch a patch…when you find a problem, that contract is vulnerable for life.” For users, Jen sees one of the bigger issues is the uncertainty of what web3 is. “Not everything on the blockchain is decentralized,” he said.
Moderator Sam Kamani agreed, saying, “Not everything in Web3 appears as you think it should.”
Staying Safe in the World of Web3
Despite the concerns of those in the field, there are paths to make the web3 experience as secure as possible. “A lot of this (web3 security issues) can be fixed through education, a lot of it can be fixed through redesign, but it’s going to take a lot of work,” said Jen. When choosing projects to back in web3, Muller discussed even if you aren’t the most tech-savvy, you can still do research to make sure what you’re putting your money into is legit. “You don’t need to get into the code (of a project), just research the team behind it. Research the ownership. Who is owning the smart contract,” Muller told the group. For those that are a bit more advanced, you can look at how the code is structured and see if the owner can transfer funds from wallets. Finally, if a person is unsure about putting their money into any web3 enterprise, Muller said to just don’t. Don’t invest anything, don’t give away any of your info, but just keep an eye on projects that interest you, and see how they are doing before diving in.
Winkler agreed on doing the research when getting into web3. “There’s a lot of talk about encryption, do you really know what encryption is…Do you know what a public key is? Do you know how it works? Do you know what hashes are…Do you know why a hash is different theoretically than a blockchain and how verification works from one to another?” Winkler talked about learning the basics of the web3 world by going into things like Google Scholar to look at the underlying technologies. When looking at companies, Winkler took a free-market approach, saying the better use-cases will rise to the top of the industry, and with that rise brings more reference sources.
Getting back to the basics of security was advice everyone on the panel agreed on, with Kamani commenting that so many of the web3 hacks we’ve seen in the news have been phishing scams that have been used since the 90s but now making an appearance in web3. Winkler encouraged everyone to use different passwords and ID’s across the internet, as that is one of the main ways criminals can “hack” into your account. Computing power still isn’t at the point to hack encryptions, so right now much of the criminal activity is due to negligence of the individual. Finally, Muller stressed to never, ever share your crypto keys with anyone.