Web3 brings a structural change in the need for security
By Marcus Naughton
When people browsed the internet in the early 2000s, the main attraction on offer was downloading content and less so social interaction – which paved the way for viruses to wreak havoc and produce financial gain for attackers. This was an inconvenience for the average user, which led them to start using antivirus software to provide some level of protection. People quickly learned not to click random pop-ups, download weird files, and become more skeptical of websites they used to pirate movies and music. Limewire was an infamous example.
As the Internet evolved in the 2010s, the avenues of attack also evolved. Identity theft has become a lucrative source of financial reward, with the growth of centrally controlled platforms operated by large commercial enterprises. Attackers could focus on single targets for greater gain. Users are starting to pay less attention to their own security overall, as they stick to the platforms they know and trust, and then entrust those same platforms with the protection of their data. The failure of these platforms (like in 2019, where internal Facebook data was exfiltrated), has begun to erode this long-standing trust.
But with the rise of Web3 and the underlying thesis of “ownership” for all users, the cost-benefit analysis of security as being a “good to have” has become structurally a “must have”. Users again said they were in control of their property and data.
Credit: Dylan Calluy on Unsplash
Web3: more to own, more to lose
Even though Web3 is still in its infancy, this next expanded version gives users the ability to own some of their experience over the Internet, but this time free from the need to manage and host their property (like they were required to do this in the early days of Web2, such as via phpBB.)
“It’s the vision of the read/written/clean web”, harvard business review journalist, Thomas Stackpole, written in april. “In theory, a blockchain-based web could break monopolies over who controls information, who makes money, and even how networks and businesses operate.”
But the very changes that make Web3 appealing also expose consumers to more risk. Hackers weren’t explicitly targeting individual users because they didn’t own/have nothing of value to steal in the past – they were targeting companies and those who centralize user data. Web3 changes this paradigm with individual users having digital assets worth hundreds or even tens of thousands (or millions) of dollars in their possession as they browse the Internet.
And the biggest risk? Unlike Web2 where users can call their institutions, there is no real institution to claim back your funds if they are stolen during a hack in Web3. Although it should be noted that Ethereum decided as a community to reverse the damage of the DAO, leading to the creation of Ethereum Classic – so this course of action is only available at the collective level.
Consider BAYC Discord was hacked where attackers stole over 100 ETH, or where Opensea Discord was similarly attacked.
This fatality is a significant problem for Web3, and requests for creating solutions to mitigate the attacks are growing. After all, property is inherently valuable; if people spend their time and resources developing their crypto and NFT collections, they should know that their blockchain assets will be safe from harm. Unlike Web2, security can’t be an afterthought – it needs to be a core part of the Web3 experience.
Users must once again take the reins of understanding effective ways to protect their assets from harm on Web3, just as Web2 users have done before them. But this time we have a host of new players in the space to avoid a repeat of the past decades.
A new generation of security companies is tackling this problem
With Web3 communities being targeted by many sophisticated social engineering and phishing attacks, a new breed of security startups are being created to solve particular problems.
To mitigate smart contract hacks, Quantstamp, a YC Company, has used its smart contract auditing technology to secure over $200 billion in total smart contract value.
To protect Web3 communities, now more than ever we need to learn from security and anti-spam tools from the past two decades and combine them with advances in large-language AI models (like GPT-J or OPT) to take a ahead. in the race to protect this new frontier.
As Web3 seeks to onboard the next billion users, ensuring those users are safe and protected from hacks and scams is a critical requirement for Web3 to become truly mainstream.
About the Author:
Marcus Naughton is an Entrepreneur First graduate who started Chatsight as an AI security solution to help community managers moderate content and prevent scams. Marcus has been programming since he was eight years old. He obtained an LLB (with economics) from the University of Limerick in 2019, while experimenting with AI/NLP projects. He was the 2019 national winner of the Red Bull Basement competition and has a first Dan black belt in taekwondo.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.