A complete switch to Web3 will require careful consideration of many factors, especially when you consider the promises of decentralised internets using public blockchains. Security is the most important feature of all, as Web3-powered tools and apps hosted on the blockchains become more and more mainstream.
Although the blockchains are indeed invulnerable to hackers (except maybe small public blockchains which can be subject to the well-known 51% attack, which is not really a “hack”), the smart contracts of Web3 apps can be hacked. A recent study revealed that attacks against decentralized finance platforms (DeFi), have increased dramatically. In fact, $1.6 billion worth of cryptocurrencies were stolen through smart contracts vulnerabilities during the first quarter 2022. DeFi, although it is only a part of the Web3 ecosystem spectrum, currently represents the largest vulnerability in the ecosystem.
Web3 entrepreneurs should probably redirect their marketing budgets to core development: hackers have been able to steal large amounts of assets, resulting in permanent losses to investors. These attacks can sometimes lead to an indirect collapse of the related ecosystems.
Internal attacks (i.e. from employees) do also occur : Velodrome Finance, an automated market maker, had one of its wallets drained by one of its team members. Although the company was able to identity the thief and recover all the loot, this kind of breach can be avoided by using fail-safe systems that restrict access to employees.
The bear market and countless hacks over the past six months forced investors in crypto to realign their investment with safer ecosystems. Web3 entrepreneurs must take steps to ensure their offering’s long-term success. Bug bounty programs are one way to reduce the risk of being attacked. Whitehat hackers are attracted to bug bounty initiatives because they can identify weaknesses from the hacker’s point of view. Entrepreneurs can also set up multisig wallets to store funds, and prevent centralized control. When these measures are implemented throughout the system, they provide greater decentralization, and protection against orchestrated attacks.
[…]
