Anna Collard, SVP Content Strategy and Evangelist, KnowBe4 Africa
In its simplest form, Web3 represents a new, more equal version of the Internet. It incorporates cryptocurrencies, tokens, and NFTs into a platform built on blockchain-based infrastructure and maintained by peer-to-peer nodes. Communication network. A more complicated way to think of Web3 is a decentralized, user-owned internet rather than controlled by a few companies. Critics say this is technically impossible to achieve and will not necessarily benefit mainstream users. And for good reason. Simplify, improve efficiency, reduce costs, connect, or provide some level of control. Not everyone is keen on writing their own code, creating decentralized apps (dApps), or hosting their own nodes.
A key factor in the growth of Web3 is DeFi or Decentralized Finance, the Web3 version of a more transparent financial system. It offers financial products such as decentralized exchanges, payments, investments, lending, borrowing and staking solutions.
Web3 and DeFi innovations bring great opportunities for both new and traditional financial institutions, but also many cyber risks and fraud.
Consumers risk falling prey to typical social engineering attacks such as phishing and bogus investment scams. There is also specific malware written for users who play in this space. For example, Clipper malware targets cryptocurrency wallet addresses during transactions. A wallet address is like a cryptocurrency version of a bank account number. When an affected user applies copy-her-paste, Clipper replaces this address with the attacker’s address.
Another major risk to consider is that decentralized apps and smart contracts are human-written code, and humans make mistakes that introduce software vulnerabilities.
In the first quarter of this year alone, DeFi hacks cost $1.2 billion, according to Immunefi’s report. The attack on the Axie Infinity Ronin bridge, which resulted in a loss of $600 million, was the bulk of it.
One of the big problems with DeFi is that many of the new protocols that are launched have code vulnerabilities that hackers can exploit. According to Chainalysis, 21% of all hacks in 2021 utilized these code exploits. And according to the IMF’s Global Financial Stability Report, in most cases, more than 30% of deposits on platforms have been lost or withdrawn after cyberattacks. Cyberattacks not only steal assets, but also damage the platform’s reputation, often causing withdrawals by investors for fear of not being able to get their deposits back.
There are also business logic loopholes, as in the case of the $182 million flash loan attack against Beanstalk, a credit-based stable coin protocol project based on Ethereum, in April this year.
Flash loans work through a liquidity protocol. This allows users to instantly borrow and settle large amounts of virtual funds in a single transaction without providing collateral. Smart contracts enforce the terms of these loans, making the entire loan borrowing and repayment process almost instantaneous.
The attackers obtained flash loans from liquidity protocols and used these funds to obtain voting rights in the Beanstalk DAO. Voting rights were based on the amount of tokens held. Changed her one of the emergency governance mechanisms and was able to siphon through it. Put funds in this his or her wallet. The attackers then paid off the flash loan and kept the rest of the stolen funds.
The potential for fraud, direct access to money, and non-retaliation makes this space very attractive to cybercriminals. This explains why syndicates such as the infamous Conti ransomware as a service group would like to join this action. Earlier this year, he reportedly received evidence from ContiLeaks that one of his alleged Conti gang leaders, “Stern,” had commissioned his team to investigate various cryptographic schemes. became. He even sponsored a writing contest in the crypto space with $100,000 to identify his local talent.
Organizations interested in getting involved should assess what they are at risk and where their vulnerabilities lie. Make sure your developers have the proper training and have their contracts audited in detail before you start your project.
The rapid pace of change in the ecosystem is also challenging from a regulatory perspective. To solve these challenges, justify Web3 and DeFi, and make it a safer space for both platforms, retail investors, institutional investors, and consumers, stakeholders across protocols, security officers, and regulators. We need more cooperation between us.