It’s not a secret that Web3.0 protocols and applications have experienced significant cyber attacks in recent years. The vertical’s relative infancy yet rapid wealth creation as well as features like transparency and accessibility, make Web3.0 a target when it comes to cybersecurity.
As more and more dedicated Web3.0 cyber startups start to emerge, here are some of the greatest challenges and opportunities for founders to consider when developing cyber solutions for protocols and apps.
Cyber Challenges Facing Web3.0 Companies
Businesses developing apps in Web3.0 are exposed to numerous types of cybersecurity risks. The protocol they use to build the app and the app’s smart contracts may both be vulnerable to cyber-attacks. On top of this, traditional off-chain cyber risks may apply to Web3.0 apps as well.
The key difference from Web2.0, though, is that recovering stolen assets in Web3.0 is nearly impossible. Relying on a trustless mechanism means that when facing a cyber-attack, there is no clear contact company or authority to reach out to. That’s why protecting protocols, smart contracts and apps is imperative.
Current Solutions
The need is here and so, we’ve seen cyber players emerge to take on four different challenges:
First emerged the auditors – helping Web3.0 companies audit their code, statically and pre-launch.
Next, we saw developer platforms emerging and expanding the security offering. These platforms help facilitate the development process, helping to implement security best practices, offering vetted code and helping Web3.0 developers test their smart contracts.
The third stage was expanding the coverage to the deployment stage. These startups oversee the administration of smart contracts, inspect status changes, and facilitate debugging.
Monitoring solutions took the cybersecurity space one step further, detecting real-time threats and providing alerts. While real-time monitoring solutions have only begun to emerge recently, we’re confident that we will see them evolve rapidly.
In addition to these core cyber solutions, we can see other “enterprise security” products such as IAM (identity and access management), and of course – risk and compliance solutions.
Challenges Facing Web3 Cyber Entrepreneurs
Staying one step ahead of the hackers is never easy, if not impossible, and in Web3.0, the challenge seems to be even harder. Just like the unique cyber challenges facing Web3.0 companies, entrepreneurs who develop a cyber solution in this space must deal with unique challenges:
1. Web3.0 is a new arena – and a new attack surface
Many cyber challenges we all know from Web2.0 – such as DNS hijacking and routing attacks – apply to Web3.0 as well. Yet more importantly, we need to remember that with a new web comes a new arena, which is also a new attack surface. The consensus mechanism of a blockchain may be compromised, a DAO governing a protocol may be attacked and naturally, the protocols and smart contracts may include significant weaknesses. While Web2.0 may not be inherently safer, the novelty of Web3.0 together with the new attack surface cannot be ignored.
2. With great transparency comes great access
Web3.0 is all about transparency and decentralization, and that makes attackers’ job much easier, at least in the short term. Decentralization means much more transparency to everyone, which means that attackers have access to the code. It makes it easier for them to identify weaknesses. This doesn’t apply only to the basic code, but to security layers as well – if they are built on the blockchain, attackers can usually analyze the security layers which were put in place to protect against them.
On the bright side, bear in mind that transparency also means significantly more eyes reviewing the code. Getting alerts from the community is much more likely thanks to this, as is facilitating the process for security researchers looking for bug bounties. This silver lining may pave the way for increasingly better cybersecurity for Web3.0 in the future.
3. Limited compute power
Compute power on the blockchain is limited and expensive. This means that running highly complex algorithms on-chain, which can help detect threats and protect against them, is not feasible currently.
4. The centralization conundrum
Because of all the above, decentralized cyber solutions have their limits. However, implementing centralized solutions may meet hesitation, since it could undermine the principle of decentralization.
Opportunity for Innovation
Considering how young this entire vertical is, the progress we witness so far is impressive. Still, there is a long way to go until users can feel safe interacting with Web3.0 businesses. The challenges mentioned above make it clear that there’s ample room for innovation.
In our next post, we’ll discuss how cybersecurity startups can protect Web3.0 users, and what are business models at their disposal.
As in the last times, we’re happy to share an updated version of the Israeli Web3.0 / Blockchain Map, with some new companies in the Cyber space as well. For the updated map, click here.
As always, if you are working on something interesting in the Web3.0 / blockchain space, we would love to hear from you at uril@viola.vc.