What Does Cybersecurity Look Like in Web3?
Anyone who’s read the bare minimum on crypto and web3 knows that decentralized technology elevates the level of security on common threats such as data manipulation. What we worry about on the current state of the Internet is something we will most probably not have to worry about in web3. Does that mean we’re absolutely safe? Not really.
Considering more than $1.6 billion exploited from DeFi so far in 2022, there’s still a lot to be done. The new Internet gives rise to new security-related questions, and we’re here to try and give some answers.
Data protection is still under the microscope
As with every breed of technology, some people will use it for good and others for not-so-good reasons. Digital safety is a mitigation exercise, not an elimination task. It’s about how hard you make it for bad actors to access money, personal information and things that do not belong to them.
Blockchain technology manages to protect data through pseudonymization and anonymization. What is described as a “block” refers to data structures within the blockchain database where information is recorded. Each new block connects to all the blocks that came before it in a cryptographic chain, making it nearly impossible to meddle with. All transactions within the blocks are then validated by a consensus mechanism, guaranteeing that each transaction is true and correct.
The process we just described is the reason for both the security upgrade and the security questions. Who is responsible for consumer protection and legal security with the system being decentralised? Is it each network for itself? Is it the operators through DAOs? In the extreme event there is a data breach, where does one go to resolve the problem?
Removing central authorities from the equation gives blockchain and web3 some incredible benefits. At the same time, it begs some valid questions.
Can criminals be tried in a decentralised network?
Two words we used in the previous section are the perfect examples of web3’s potential for good and bad — pseudonymization and anonymization. What is intended to protect user information can be used to conceal illegal and malicious actions. Unavoidably, web3 will have its dark corners, where bad actors will try to use the technology for their own benefit.
Where does accountability sit in this scenario? How is law enforcement going to be involved in resolving this problem? How will criminals be caught and brought to justice in a network built on the idea of decentralisation?
In today’s version of the Internet, law enforcement can access and analyze digital information to solve a crime. How is that going to be addressed in web3? How can you police and moderate things like online harassment, extortion and hate speech? In one of our recent blog posts, we explored the complex relationship between web3 and content censorship, pointing to broader cybersecurity concerns.
So, what’s the answer to web3 cybersecurity?
Let’s start with education. Companies, projects and networks should prioritise educating their users about the risks associated with crypto scams. “Honeypots” and “rug pull” ploys are becoming increasingly popular, and they could be avoided if people had more information and experience with the technology.
The second area that needs to be addressed is the one of law and legislation. If the content distribution is decentralised, which country, authority or legal body is responsible for crimes committed on the blockchain?
Our current version of law and regulation is fundamentally opposed to the founding principles of web3. It’s like trying to fit square pegs into round holes. We need new laws and governing bodies built to address this new technology’s unique nature. Tweaking what’s already there won’t work. There needs to be a concerted effort from both the networks and governments to find common ground so that web3 can shine.