Polygon CSO blames Web2 security gaps for recent spate of hacks

189
SHARES
1.5k
VIEWS


Polygon’s chief security officer Mudit Gupta has urged Web3 companies to put traditional security experts to an end to easily preventable hacks, arguing that correct code and cryptography are not enough.

Speaking to Cointelegraph, Gupta outlined that many of the recent hacks in crypto were ultimately the result of Web2 security vulnerabilities such as private key management and phishing attacks to gain logins rather than poorly designed blockchain technology.

READ ALSO

Adding to his point, Gupta emphasized that achieving a certified smart contract security audit without adopting standard Web2 cyber security practices is not enough to protect a protocol and user wallet from exploitation:

“I’m pushing at least all major companies to get a dedicated security person who really knows that key management is important.”

“You have API keys that have been used for decades and decades. So there are proper best practices and procedures that should be followed. To keep these keys secure. Proper audit trail logging and appropriate exposures around these things There should be management. But as we have seen these crypto companies have ignored all these,” he said.

While the blockchain is often decentralized on the backend, “users interact with it” [applications] Through a centralized website, “therefore care should always be taken to implement traditional cyber security measures around factors such as domain name system (DNS), web hosting and email security,” Gupta said.

Gupta also emphasized the importance of private key management, citing the $600 million Ronin Bridge hack and the $100 million Horizon Bridge hack as textbook examples of the need to tighten private key security procedures:

“Those hacks had nothing to do with blockchain security, the code was fine. The cryptography was fine, everything was fine. Except key management was not there. Private key […] were not kept securely, and the way the architecture worked, if the keys were compromised, the entire protocol was compromised. ,

Gupta suggested that the current sentiment of blockchain and Web3 firms is that “if you fall for a phishing attack, that’s your problem,” but argued that “if we want mass adoption,” then Web3 Companies have to take more responsibility rather than bare it. the minimum.

“For us […] We don’t just want minimum security that keeps liability away. We want our product to be really safe for users to use it […] So we think about what traps they might fall into and try to protect users from them.”

Polygon is an interoperability and scaling framework for building Ethereum-compatible blockchains, enabling developers to build scalable and user-friendly decentralized applications.

related: Cross-Chain in the Crosshairs: Hacks Call for Better Defense Mechanisms

Now with a team of 10 security experts working at Polygon, Mudit now wants all Web3 companies to take the same approach.

Following the $190 million Nomad bridge hack in August, the crypto hack has now crossed the $2 billion mark, according to blockchain analytics firm Chainalysis.