Future of Web3 security with Immunefi and Brave CEOs: The Bug House 2022

Published at: Nov. 6, 2022

Celebrating the myriads of accomplishments earned by the crypto ecosystem, Immunefi, Electric Capital, Bitscale Capital and MA Family together hosted The Bug House — a party for bringing together the global Web3 community. 

In a panel hosted by Cointelegraph editor-in-chief, Kristina Lucrezia Cornèr, sat with Mitchell Amador, founder and CEO at Immunefi and Brendan Eich, founder and CEO of Brave browser to discuss the evolution of Web3 and its future trajectory.

“There’s a lot of Web2 in Web3. That’s a problem right now,” began Eich when asked about the ongoing Web2 to Web3 transition. From using trusted servers to sub-custody wallets, Amador believed that such Web2 sites could be full of adversaries. He also pointed out the recent EIP-5593 proposal, which aims to prevent man-in-the-middle attacks.

In Web2, there is a common practice of implementing security features post-launch through patches and antiviruses, which can be inherited by Web3 apps using such services. In addition, security concerns in Web3 stem from the centralization through dApp sites.

Speaking about the security concerns in Web3, Amador stated that hackers in Web3 are very different from Web2 hackers. According to him, there are two types of hackers. In Web3, hackers are found to be young, typically under the age of 35 and most under the age of 30.

In relation to the second type of hacker, Amador highlighted the influx of older tech-savvy individuals — “which many blockchain hackers lack” — that have spent a few years understanding Web3 and are able to break into the systems. He added:

“We’ve seen a number of these guys, including several of the top 10 hackers now; they just storm the leaderboard with their skills. They just need to get good enough.”

Supporting this stance, Eich added that, during the bull run era of 2021, he noticed the rise of reentrancy attacks. Brave has been using HackerOne to protect its in-house crypto wallets and has tripled its bug bounty to eradicate the wallet’s security concerns.

Eich further highlighted that Brave has total control over the browser and crypto wallets, which helps them fend off phishing attacks on the users. Brave has amassed a wide demography of users that prefer privacy, crypto or both, currently serving 20 million daily users, which, when compared to last year, has doubled.

When it comes to protecting the Web3 community, Amador believes it boils down to ethos:

“To wish for, fight for, and create a better world for which their most sinister and capricious behaviors simply won't work and won't be allowed. If we do that successfully, we will draw these expert security talents, their best executives, their best leaders over to our side and neuter them by destroying the base of their ability to work.”

Cornèr agreed with the duo as she stated that in Web3 security, it’s not only about money; it’s about the culture and values that the community protects, which brings out the need for education.

While Amador further revealed the efforts of Immunefi, Brave and other partners to work with the governments trying to make Web3 more accessible, adding:

“We’re in a position where we need to heavily lobby and ask for the support and graces of various other power players precisely because what we’ve built today is not good enough, not valuable enough and not safe enough.”

Eich, on the other hand, highlighted the need to develop better programming languages and tools to safeguard the systems. He called for a need to segregate the world of ethos from the world of bad programming. “Education sounds prim and proper. But if it doesn't have incentives, it's not gonna work,” he concluded.

As a bug bounty platform, Immunefi created trust and legitimacy in the industry by solving the problem related to projects not willing to pay up bug bounties after successful bug discovery. They did this by providing an impartial, third-party service that can mediate that interaction and make sure both sides come to the task.

Related: Solana unveils Google partnership, smartphones, Web3 store at Breakpoint

Immunefi recently released a Whitehat Leaderboard for listing the top 20 most elite white hats in Web3.

“As the volume of saved funds continues to grow, the leaderboard is another opportunity to give our white hats the recognition they deserve, as well as to encourage them to keep pushing the boundaries to make the web3 ecosystem safer,” Amador noted in a statement.

Tags
Related Posts
DeFi attacks are on the rise — Will the industry be able to stem the tide?
The decentralized finance (DeFi) industry has lost over a billion dollars to hackers in the past couple of months, and the situation seems to be spiraling out of control. According to the latest statistics, approximately $1.6 billion in cryptocurrencies was stolen from DeFi platforms in the first quarter of 2022. Furthermore, over 90% of all pilfered crypto is from hacked DeFi protocols. These figures highlight a dire situation that is likely to persist over the long term if ignored. Why hackers prefer DeFi platforms In recent years, hackers have ramped up operations targeting DeFi systems. One primary reason as to …
Adoption / May 14, 2022
Can Web3 be hacked? Is the decentralized internet safer?
Web3 came into existence posed as a blockchain-powered disruption to the current state of the internet. Yet, as a nascent technology, a fog of assumptions plagues discussions about the real capabilities of Web3 and its role in our day-to-day lives. Considering the promise of a decentralized internet using public blockchains, a complete transition to Web3 would require scrutiny across several factors. Out of the lot, security stands as one of the most crucial features as, in a Web3-powered world, tools and applications hosted over the blockchains go mainstream. Smart contract vulnerabilities While the blockchains that host Web3 applications remain impenetrable …
Adoption / Aug. 21, 2022
Ethereum advances with standards for smart contract security audits
The Ethereum ecosystem continues to witness a flurry of activity that has individuals and organizations deploying token contracts, adding liquidity to pools and deploying smart contracts to support a wide range of business models. While notable, this growth has also been riddled with security exploits, leaving decentralized finance (DeFi) protocols vulnerable to hacks and scams. For instance, recent findings from crypto intelligence firm Chainalysis show that crypto-related hacks have increased by 58.3% from the beginning of the year through July 2022. The report further notes that $1.9 billion has been lost to hacks during this timeframe — a figure that …
Adoption / Aug. 22, 2022
STEPN impersonators stealing users' seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user's dashboard where they may connect their stolen wallets to their own or "claim" a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or …
Adoption / April 25, 2022
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022