Cryptodapp

Cryptodapp

"metamask wallet usage" Polygon CSO blames recent spate of hacks on Web2 security breach

2023 07/19

Polygon's top security officer, Mudit Gupta, is urging web companies to hire traditional security experts to end preventable hacks, arguing that perfect code and cryptography are not enough.

In an interview with Cointelegraph, Gupta told Cointelegraph that several recent encryption attacks are ultimately the result of Web2 security vulnerabilities, such as private key management and phishing attacks to obtain login information, rather than poorly designed blockchain technology.

Gupta added that not opting to standardize the web`s certified smart contract security audits is not enough to protect protocols and users` wallets from being used:

"I've been pushing for at least all large enterprises to hire security professionals who really understand key management."

"You've had API keys for decades if not decades. So, follow proper best practices and procedures. Keep those keys safe. There should be a proper audit trail and risk controls. But as we've seen You see, these crypto businesses just ignore everything," he added.

While blockchain is generally decentralized on the back end, [users interact with [the application] using a centralized website" and thus traditional cybersecurity countermeasures such as web hosting and email security [with caution" around Domain Name System (DNS), ` said Gupta.

Gupta also emphasized the importance of private key management, citing the $600 million Ronin`s $100 million bridge hack, the Horizon bridge hack, as a textbook example of the need to strengthen private key security procedures:

[Hackers have nothing to do with blockchain security, the code is fine. The cryptography is fine, everything is fine. Except for the key management. [...] There is no secure storage, the way the framework works is that if the keys are compromised, the whole protocol will be Give way."

Gupta said that the current view of blockchain and Web3 companies is that if "you get caught in a phishing attack, this is your problem", but he believes that "if we want to choose at scale", Web companies must take more responsibility, rather than the bare minimum.

"For us [...] we don't want minimal security to avoid liability. We want our products to be de facto safe for users [...] so we think about what pitfalls they might fall into , and try to protect users from these scams."

Polygon is an interoperable and extensible framework for building blockchains suitable for Ethereum, enabling developers to build scalable, user-friendly decentralized applications.

Related: Cross-chaining: Hackers need better defense mechanisms

Today, Polygon employs a team of 10 security experts, and Mudit now wants all Web businesses to adopt the same approach.

According to the blockchain analysis company Chainalysis following the information after August 1. After the $900 million Nomad digital currency hack occurred, the price has exceeded $2 billion.


1-220Z1124534F1