Other Pages
- Opinion Poll
- About Us
- Send Your Story
- Contact Us
- Newsletter
- Privacy Policy
- Terms and Conditions
Until recently, under less-than-expert climes and discourse, web3 came off as some watertight web technology capable of outwitting the well-known cyber criminals of the world terrorizing legitimate cyber activities and businesses.
Going by Wikipedia accounts, Web3 (also known as Web 3.0) is an idea for a new iteration of the World Wide Web which incorporates concepts such as decentralization, blockchain technologies, and token-based economics.
Some technologists and journalists have contrasted it with Web 2.0, wherein they say data and content are centralized in a small group of companies sometimes referred to as "Big Tech".
The term "Web3" was coined in 2014 by Ethereum co-founder Gavin Wood, and the idea gained interest in 2021 from cryptocurrency enthusiasts, large technology companies, and venture capital firms.
Thus, some commentators argue that Web3 will provide increased data security, scalability, and privacy for users and combat the influence of large technology companies.
They also raise concerns about the decentralized web component of Web3, citing the potential for low moderation and the proliferation of harmful content.
Some have expressed concerns over the centralization of wealth to a small group of investors and individuals or a loss of privacy due to more expansive data collection.
Others, such as Elon Musk and Jack Dorsey, have argued that Web3 only serves as a buzzword or marketing term.
Advocates of web3 will tell you that the decentralized web brings greater resilience and security compared to Web 2.0 thanks to its underlying blockchain-based technology.
Web 2.0, which first debuted in the early 2000s with a focus on user-generated content, rich user interfaces, and cooperative services, also brought with it a new wave of security threats, including malware, phishing, social engineering, spoofing, cross-site scripting, SQL injection, and data breaches, to name just a few.
Web3, a term encompassing several technologies such as cryptocurrencies, NFTs, and DAOs, certainly gives the impression that it will make such threats a thing of the past.
Not only does web3 give people more control over their data, but it relies on distributed technologies, such as blockchain, to smooth out the many flaws of its predecessor.
In reality, however, web3 is no more secure than Web 2.0, and it’s already creating a new playground for opportunistic cybercriminals.
That is because although it represents a shift in what the internet can do and will be used for, it doesn’t change how the internet fundamentally works.
While it promises to be fully decentralized, web3’s user-facing components mainly operate on Web 2.0 technology, such as APIs and endpoints, despite being built on blockchain technology.
This means that users of web3 services and decentralized apps, or “dApps,” continue to rely on legacy technologies for making transactions and ultimately means that web3 is vulnerable to all of the classic security issues that plagued its predecessor, from DNS hijacking to cross-site scripting.
Web3 companies also have to communicate with their users, mostly through Web 2.0 technologies such as email or online messaging which are also prone to legacy security issues.
Perhaps unsurprisingly, web3 phishing has also arrived. While attackers have previously focused on gaining access to information such as a user’s login details, they are now turning their attention to cryptocurrency wallets and users’ private keys.
Humans will always be vulnerable to manipulation, and that’s why hackers will continue to employ this simple but effective technique.
Data shows that phishing campaigns abusing web3 platforms increased by almost 500% in 2022, while a recent report from Immunefi, the bug bounty and security platform, revealed the crypto industry incurred losses of $3.9 billion in 2022 due to various hacking, fraud and scam-related incidents.
The Nomad hack demonstrates that not only is web3 vulnerable to existing Web 2.0 security flaws, but it also introduces its own category of vulnerabilities, a fact that was recently highlighted by malware researcher Marcus Hutchins in a social media video in which he claims that web3 is in fact less secure than Web 2.0.
Smart contracts are self-executing programs that run on a blockchain, and they are used to automate the execution of various functions, such as financial transactions.
If a smart contract contains a vulnerability, it can be exploited by an attacker to steal funds.
Bugs in smart contracts were also responsible for the theft of $31 million from MonoX in 2021.
Vulnerabilities in decentralized applications are also cause for significant concern.
Although built on top of blockchain platforms, they are subject to security risks such as denial-of-service (DoS) attacks, hacking attempts, and exploits.
Security experts have also sounded the alarm about many other issues unique to web3 technology, such as flaws in cross-chain bridges and attacks on the governance processes, all of which require specialist knowledge and expertise to address.
Web3 has been a fundamental driver for startups and venture capital over the past few years.
Its startups globally raised a record $29.2 billion in 2021, and while that dipped slightly the following year, they still raised $21.5 billion in 2022.
With that in mind, it’s perhaps no surprise that startups have been quick to embrace web3 technologies, many likely unaware of the potential security risks.
To ensure they’re not falling victim to the security downfall of web3, it’s key that startups prioritize security from the outset and embrace the methodology of security by design.
Bogdan Botezatu, the director of threat research and reporting at cybersecurity firm Bitdefender, explained that this should include carrying out risk assessments during the product and service design stages, following best practices for secure software development such as source code auditing, regular penetration testing and hiring in-house or for-hire security teams (if they can find the relevant skills).
Web3 has a lot of potential, promising to give ordinary users more power and to inspire next-generation companies, products, services, and experiences.
However, at the end of the day, the software is software, and web3 is only as secure as we make it.
0 Comment(s)