There was never a cryptocurrency hack in early 2022 rareHowever, that scale seemed to be overshadowed by industry-wide growth, adoption, and innovation of new cutting-edge projects.
However, the impact of exploits is more evident today than ever before.The third quarter It is said that the damage will be the greatest in 2023.It has suffered losses of over $700 million due to various hacks and scams.
Unfortunately, this was not a complete surprise as companies in the cryptocurrency space bear the main responsibility for their own cybersecurity failures.
Private capital investment in Web3 It’s late, VCs are becoming cautious given ongoing market headwinds. To gain financial support, companies returned to building and developing as a priority, focusing on robust and secure infrastructure.
The state of cybersecurity in the cryptocurrency and blockchain space over the past 5-10 years is anything but reassuring. Although the blockchain concept itself is based on principles of decentralization and cryptographic security, the broader ecosystem surrounding blockchain is still riddled with vulnerabilities.
Despite the need for increased protection in 2022, cybersecurity remains the biggest pain point for Web3.
the market will adapt
In 2022, companies had too few security engineers to audit their infrastructure. Despite hiring an entire team of engineers to prevent future hacks, the market collapsed and priorities changed.
Many of the security engineers hired to respond to the initial problem were not sufficiently qualified or experienced to address the issues arising from new technology and new systems. These companies are now finding themselves with more sensitive information, more vulnerabilities in their underlying code, and less qualified talent to handle it.You can see this
Through the emergence of new attack vectors such as DeFi exploits and supply chain attacks.
Many audit firms are undergoing significant staff reductions as the expertise of many teams is no longer sufficient. Comprehensive security services do not provide the coverage needed to properly identify all vulnerabilities. Additionally, the market is small and available contracts are decreasing.
While cyber attacks continue to occur, rise From 2022 onwards, the “retail” audit market has shrunk significantly compared to the previous year. As companies are forced to tighten their budgets, they seem willing to sacrifice structural health for growth.
In response, community-driven solutions have emerged, including companies like Code4rena and Sherlock, which outsource parts of audit projects to external programmers and security engineers. While this is certainly an interesting and resourceful response when needed, it is not a long-term solution, as it involves considerable uncertainty and quality is not guaranteed.
The real differentiator now is who can create their own new cybersecurity tools. This is a trend born out of Web2, where everyone is expanding their services and product lines to establish a cybersecurity ecosystem. As Web3 matures and evolves, more solutions will be needed as well.
Build a habit of trust
The current state of cybersecurity in the blockchain and cryptocurrency space is a double-edged sword characterized by both progress and persistent challenges.
On the other hand, blockchain technology offers unique security benefits through a decentralized and immutable ledger, making it difficult for malicious attackers to tamper with transaction data. Additionally, the cryptographic technology at the core of cryptocurrencies provides strong protection against counterfeiting.
However, these advances by themselves do not guarantee a secure ecosystem. Vulnerabilities in the surrounding infrastructure, including wallets, exchanges, smart contracts, and human factors, will continue to expose users to significant risks.
Companies and CEOs are too short-sighted and ignore the follow-through necessary to protect the entire system and confidently secure their own, or worse, their customers’ assets.
There seems to be a fundamental lack of recognition that security in the blockchain space requires a 360-degree approach and consistent follow-up to ensure the growth of companies and products. It is a mistake for companies to ask for a security review to address only one specific vulnerability that caused the hack.
In the wake of notable hacks over the past few years, more than half of companies have not undergone a security audit. Of those who did request an audit, very few thought to follow up after making changes to their code.
The goal now is to inculcate good cybersecurity habits and give the industry a chance to bounce back, build on the technology it has put in place and reach its full potential. Groups like the Open Web Application Security Project are critical to helping the industry maintain these good practices through initiatives such as outlining cybersecurity standards where none previously existed.
As with any industry, there is no substitute for proven subject matter expertise. New technologies such as zk proof and liquid staking are poised to be integrated into systems across the industry. This means that audits will once again need competent professionals who can anticipate these security needs.
Foresight and effective planning also remain paramount in this rapidly evolving industry. No security review can guarantee everyone peace of mind. The industry and the tools that make it up are constantly evolving, and understanding how to anticipate this and plan for regular audits can go a long way in mitigating risk. That’s what cybersecurity is all about: mitigating risk as often as possible.
Sipan Vardanyan is the co-founder and CEO of Hexens, a cybersecurity solutions company that combines research and attacker psychology to reduce risk and harden code to protect the world’s next-generation organizations.
Don’t miss the next big story – join our free daily newsletter.