Security continues to be one of the most important and relevant topics in the Web3 industry, as protocols and companies continue to face exploits and hacks.
At the Israel Crypto Conference, Cointelegraph spoke with Shahar Madar, Head of Security Products at Fireblocks, about the necessary steps that Web3 startups must take to secure their platforms and users.
Based on his experience, Madar told Cointelegraph that many young startups often put off developing a security protocol, to focus on growth.
HoweverWeb2 models of enterprise security don’t work in a Web3 world that places so much emphasis on finance. According to him, from the perspective of the “attacker”, a profit is always sought for hacking a project.
“This is what people miss. Everybody sees what they’re doing: the source is usually open. Everybody can interact with your project and they’re not ready for it.”
Madar stressed that companies need to talk about a security framework by asking important questions such as: “How do you investigate your team?”, “How do you set up access control?” and “How do you test your infrastructure map and prepare for the incident?”
“Businesses need frameworks and products to help them jumpstart security.”
According to Fireblocks’ security manager, for any young startup in the Web3 space, two basic things are needed, the first is “access control.”
Access control means that not everyone in the company has the same access to different aspects of a project.
Madar gave the example of a business developer unable to deploy smart contracts. “Not because they are bad people”, said. “Rather from a bounded security perspective.”
The second thing is a game plan: sit down and map out the project from a security perspective. He said developers must “imagine how they would hack themselves.”
“Start small, but don’t procrastinate. The attacker is watching you, the attacker is waiting for you.”
He said all it takes to start crafting a game plan are simple “tabletop exercises” and set team meetings.
This warning to Web3 startups comes as the space has faced multiple attacks in the last week alone. On May 28, Arbitrum-based Jimbos Protocol lost $7.5 million worth of Ether in an attack, while on May 19, the DeFi protocol WDZD Swap suffered a $1.1 million worth of attack.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.