Polygon Chief Security Officer Mudit Gupta recently warned other Web3 companies to update their security personnel in order to prevent hacks.
In an interview with Cointelegraph, Gupta said that rather than being the consequence of badly constructed blockchain technology, many of the recent crypto breaches were actually the result of Web2 security flaws such as private key management and phishing assaults to get logins.
The CSO also underlined that obtaining a certified smart contract security audit alone is insufficient to safeguard a protocol and users’ wallets from being compromised without also implementing common Web2 cybersecurity practices.
Gupta’s goal is to raise awareness of the importance of getting a team of security experts who can better protect blockchain companies from attacks.
According to the CSO, the fact that some API keys are so overused throughout the years raises the possibility of hacking on blockchain platforms. He says that Web3 companies need to conduct “proper audit trail logging and proper kist management” in order to keep API keys secure.
“But as we’ve seen these crypto companies just ignored all of it,” he said.
The implementation of conventional cybersecurity measures around elements like Domain Name System (DNS), web hosting, and email security should always “be taken care of,” according to Gupta, even though blockchains are frequently decentralized on the backend because “users interact with [applications] through a centralized website.”
Web2 Hacking on Web3 Companies
In addition, Gupta underlined the significance of managing private keys, citing the $600 million Ronin bridge attack and the $100 million Horizon bridge hack as classic instances of the necessity to strengthen private key security protocols.
According to Polygon’s CSO, these hacking events had nothing to do with blockchain security. But rather, the issue was regarding the management of security keys.
“The private keys were not securely kept, and the way the architecture worked was if the keys got compromised, the whole protocol got compromised.”
Gupta criticizes the overall “antipathy” regarding other Web3 companies regarding cyber-attacks.
“If you fall for a phishing attack, it’s your problem,” he said alluding to the lack of collaboration between blockchain companies.
“If we want mass adoption,” Web3 companies must assume greater responsibility when confronted with the possibility of hacks.