David Schwed, Halborn COO, focuses on unnoticed central chokepoints in ‘decentralized’ Web3 initiatives.
The tech sector has focused on artificial intelligence (AI), and cybersecurity experts aim to discover susceptibilities and cover security gaps in AI platforms, for instance, ChatGPT by OpenAI. However, Halborn, a cybersecurity company, has been careful and keeps seeking means to support and protect Web3 projects.
Halborn Executives Attribute DeFi Errors to Avoidable Security Lapses
At Messari Mainnet, David Schwed, Halborn COO, stated that amid the ecosystem beginning to mature, a slowdown of some of the stupid errors that most projects are making will be witnessed. Despite this being a contentious statement, most hacks are avoidable.
Schwed highlighted a report by the blockchain security company asserting that between 2016 and 2022, DeFi hacks had resulted in more than $5B loss. He said that most hacks were not essentially on-chain susceptibilities. Instead, they were typical Web2 security violated or compromised due to bad safety practices.
DeFi Vulnerability to Zero-Day Attacks Unavoidable
While highlighting the absence of cybersecurity deficiencies in some initiatives, Schwed also acknowledged that specific contraventions, such as zero-day attacks caused by susceptible technology, are unavoidable. Nevertheless, he stressed the importance of preparedness by firms.
In cyber security, a zero-day concerns a software susceptibility mysterious to those tasked with mending or securing the software. The zero depicts the time developers had to solve and fix the susceptibility.
Schwed stated that faulting the organization would be unnecessary if one depends on a piece of technology and there is a zero-day weakness in the technology. Further, he claimed he would fault them for seeking detective-type controls. Detective controls are invented to establish faults or issues following a transaction’s occurrence.
Deploy Circuit Breakers to Avoid Huge Contract Exploits
If one begins witnessing irregularities in a smart contract, or irregular behavior on-chain, that is when they should have a robust incident response plan. Alternatively, they should be capable of providing circuit breakers within a contract or sweeping the funds into a possibly non-effected wallet.
Zero-day attacks are just one of the likely issues DeFi projects encounter. Last week, Balancer, a decentralized cryptocurrency exchange, experienced a denial-of-service (DNS) attack that resulted in the loss of more than $250000.
Halborn Security Expert Questions Decentralization of Platforms Dependent on Centralized Players
Since their introduction, blockchains have been praised owing to their decentralization. Most supporters claim it is impossible to hack platforms such as Ethereum and Bitcoin owing to their decentralization. Despite the decentralised technology, Schwed claimed the dapps developed upon them are not.
He claimed that developers working in all these organizations will update the smart contracts from creation to deployment. He added that, to some extent, centralization in smart contracts deployment, monitoring, and security exists.
Schwed highlighted the dependence on platforms such as Azure, Amazon Web Services, and Google Cloud for Web3 initiatives, emphasizing that total decentralization is still hard to achieve. The ecosystem will always have centralization choke points, and a specific centralization level may actually be good for everybody.
Web3 Firms Urged to Engage Red Teams to Overcome Security Issues
Schwed proposes the need for Web3 firms to view their projects as a threat actor and consider where possible susceptibilities are. He also proposes seeking professionals or supposed red teams to handle security issues. Firms without the funds to hire the experts should provide equity in the organization.
In spite of the risk that hacks and cybercriminals pose, Schwed is confident about blockchain technology’s future. He confirmed his belief that it can disrupt, innovate, and offer value to society. Everyone in this space is ready to do what it takes to make it happen.
While the inadequacy of finances incapacitates most startups, Schwed supports the move to issue equity to the security professionals.