Polygon CSO blames Web2 security gaps for recent spate of hacks

3 years ago CryptoExpert
Polygon CSO blames Web2 security gaps for recent spate of hacks



Polygon Chief Security Officer Mudit Gupta has urged Web3 companies to hire traditional security experts to put an end to easily preventable hacks, arguing that perfect code and cryptography are not enough. 

Speaking to Cointelegraph, Gupta outlined that several of the recent hacks in crypto were ultimately a result of Web2 security vulnerabilities such as private key management and phishing attacks to gain logins, rather than poorly designed blockchain tech.

Adding to his point, Gupta emphasized that getting a certified smart contract security audit without adopting standard Web2 cybersecurity practices is not sufficient to protect a protocol and user’s wallets from being exploited:

“I’ve been pushing at least all of the major companies to get a dedicated security person who actually knows that key management is important.”

“You have API keys that are used for decades and decades. So there are proper best practices and procedures one should be following. To keep these keys secure. There should be proper audit trail logging and proper risk management around these things. But as we’ve seen these crypto companies just ignored all of it,” he added.

Phemex

While blockchains are often decentralized on the backend, “users interact with [applications] through a centralized website,” so implementing traditional cybersecurity measures around factors such as Domain Name System (DNS), web hosting and email security should always “be taken care of,” said Gupta.

Gupta also emphasized the importance of private key management, citing the $600 million Ronin bridge hack and $100 million Horizon bridge hack as textbook examples of the need to tighten private key security procedures:

“Those hacks had nothing to do with blockchain security, the code was fine. The cryptography was fine, everything was fine. Except the key management was not. The private keys […] were not securely kept, and the way the architecture worked was if the keys got compromised, the whole protocol got compromised.”

Gupta suggested that the current sentiment from blockchain and Web3 firms is that if “you fall for a phishing attack, it’s your problem,” but argued that “if we want mass adoption,” Web3 companies have to take more responsibility rather than doing the bare minimum.

“For us […] we don’t want just the minimum safety that keeps the liability away. We want our product to be actually safe for users to use it […] so we think about what traps they might fall into and try to protect users against them.”

Polygon is an interoperability and scaling framework for building Ethereum-compatible blockchains, which enables developers to build scalable and user-friendly decentralized applications.

Related: Cross-chains in the crosshairs: Hacks call for better defense mechanisms

With a team of 10 security experts now employed at Polygon, Mudit now wants all Web3 companies to take the same approach.

Following the $190 million Nomad bridge hack in August, crypto hacks have now surpassed the $2 billion mark, according to blockchain analytics firm Chainalysis.



Source link

Tags:
Fiverr

More Stories

How to Stake Crypto Safely and Legally in 2025

How to Stake Crypto Safely and Legally in 2025

14 hours ago CryptoExpert
Binance Delisting Announcement Causes Free Fall For 3 Altcoins

OKX Delisting Hits 8 Altcoins, NULS Faces 41.8% Decline

2 days ago CryptoExpert
Polyhedra’s Token Tanks 83% After Abnormal Trades

Polyhedra’s Token Tanks 83% After Abnormal Trades

3 days ago CryptoExpert
7 Solana ETF Issuers File S-1, Analyst Doubts Next Week Approval

7 Solana ETF Issuers File S-1, Analyst Doubts Next Week Approval

5 days ago CryptoExpert
SOL Rally To $200 Possible As ETF Approval Odds Rise

SOL Rally To $200 Possible As ETF Approval Odds Rise

6 days ago CryptoExpert
Aura (AURA) Token Skyrockets Over 3,500%, But Analysts Urge Caution Amid Rug Pull Fears

Is AURA Coin’s 3,500% Price Surge a Sign of a Rug Pull?

7 days ago CryptoExpert

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

JPMorgan Chase to pilot JPMD deposit token on Coinbase's Base

JPMorgan Chase to pilot JPMD deposit token on Coinbase’s Base

4 hours ago CryptoExpert
Ethereum (ETH) Price Stabilizes at $2,500 as Institutions Favor Bitcoin ETFs

Big Money Bets on Ethereum: $220M in ETH Bought Amid Price Dip

9 hours ago CryptoExpert
Theminermag Bitcoin Mining Update: May/June 2025

Theminermag Bitcoin Mining Update: May/June 2025

9 hours ago CryptoExpert
Thailand Exempts Crypto Capital Gains to Boost Global Hub Ambitions

Thailand Exempts Crypto Capital Gains to Boost Global Hub Ambitions

9 hours ago CryptoExpert
You have not selected any currency to display

Pin It on Pinterest

Ico-Investor
Fiverr
Ico-Investor
Polygon CSO blames Web2 security gaps for recent spate of hacks
Phemex
Fiverr
How to Stake Crypto Safely and Legally in 2025
Binance Delisting Announcement Causes Free Fall For 3 Altcoins
Polyhedra’s Token Tanks 83% After Abnormal Trades
7 Solana ETF Issuers File S-1, Analyst Doubts Next Week Approval
SOL Rally To $200 Possible As ETF Approval Odds Rise
Aura (AURA) Token Skyrockets Over 3,500%, But Analysts Urge Caution Amid Rug Pull Fears
Paxful
Ledger
JPMorgan Chase to pilot JPMD deposit token on Coinbase's Base
Ethereum (ETH) Price Stabilizes at $2,500 as Institutions Favor Bitcoin ETFs
Theminermag Bitcoin Mining Update: May/June 2025
Thailand Exempts Crypto Capital Gains to Boost Global Hub Ambitions
Blockchain security firm releases Cetus hack post-mortem report
JPMorgan Chase to pilot JPMD deposit token on Coinbase's Base
Ethereum (ETH) Price Stabilizes at $2,500 as Institutions Favor Bitcoin ETFs
Theminermag Bitcoin Mining Update: May/June 2025
Thailand Exempts Crypto Capital Gains to Boost Global Hub Ambitions