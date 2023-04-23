Web3 Blockchain brings new points of vulnerabilities for applications that use the technology. These are in addition to the vulnerabilities already present in Web 2.0 legacy systems that interface with it.

All together we highlight 15 main points of vulnerability in our upcoming report “How to Mitigate Web3 Blockchain Risks and Security Threats”

Users of blockchain applications rarely access the blockchain directly without going through Web 2.0 protocols. If they did, their transactions would be more secure by orders of magnitude .

Our research suggests mitigating controls for these risks. Regulation of centralized actors will help accelerate adoption of a few of these controls, especially when it comes to counterparty risks, but users shouldn’t wait for compliance to drive their fraud and security progams.

Below is a diagram of the 15 vulnerability areas that my colleagues, Mark Horvath, Ray Valdes, and I examine in our soon-to-be-published research note:

Some of our report’s key findings include:

Centrally managed interfaces to blockchains are the main points of vulnerability used by bad actors to hijack transactions and applications, manipulate markets or tamper with data for their own gain. These interfaces include user endpoints and wallets, cross chain bridges, APIs, centralized exchanges, centrally controlled protocols and services, and other areas of hidden centralization.

Smart contracts are the primary new attack vector in applications that use blockchains and require specialized controls or countermeasures.

Private blockchains have the added threat of insider attacks that are not present in fully decentralized and byzantine fault tolerant blockchains.

Conclusion

Recommendations to mitigate these threats along with representative vendors that provide threat controls are highlighted in our upcoming report.

To make a very long story short – there’s a lot of work to be done in order to stop the types of threats and market manipulations that plague blockchain cryptocurrency markets.

Last Thurday, April 20, EU Lawmakers voted overwhelmingly (517 for, 38 against) to pass MiCA, the Markets in Crypto Act. These rules will enforce requirements on crypto platforms, token issuers and traders that should make it safer to engage with cryptocurrencies. They also highlight how far behind the United States is in regulating the industry, and how U.S. based blockchain entrepreneurs are likely to emigrate to Europe if the siutation remains the same.

Compliance in Europe will surely drive adoption of many controls that mitigate threats around centralized interfaces and actors. But there remains plenty of other threats , especially smart contract vulnerabilities and Web2 security weaknesses, that bad actors will exploit even in regulated markets.



It’s time to plug the holes.