Halborn chief operating executive David Schwed decries the vulnerability of decentralized finance projects to hacking. The Web3 security expert observes that the majority of developers have drawn cybersecurity experts into identifying vulnerabilities in artificial intelligence (AI).
Schwed observes that the majority of cybersecurity experts have now switched to patching security holes discovered on AI platforms such as OpenAI’s ChatGPT. He singled out the blockchain-based cybersecurity company Halborn as devoting allegiance to supporting and securing Web3 projects.
Maturing Web3 Ecosystem to Overcome Mistakes Facilitating DeFi Hacks
The Halborn COO is optimistic that the maturing web3 ecosystem would slowdown and ultimately extinguish the occurrence of dumb mistakes that waterdown multiple DeFi projects. The operations chief indicated during the Messari Mainnet that, though controversial, most hacks are preventable.
Shwed cited the report by Halborn revealing that over $5 billion was drained during the DeFi hacks perpetrated in the 2016-2022 period. The cybersecurity expert emphasizes that not all hacks occur owing to on-chain vulnerabilities. Instead, the occurred from breached and compromised web2 security owing to noncompliance with standard cybersecurity practices.
Schwed indicated that though cybersecurity deficiencies are to blame for hacked projects, certain breaches are inevitable. He illustrated the zero-day attacks that emerge from vulnerable technologies. Nonetheless, he urged security teams to heighten their preparedness for such disasters.
Zero-Day Vulnerability Poses Huge Threats to DeFi
Schwed admitted the challenge posed by the zero-day vulnerability in software. He considered zero-day to the existence of vulnerability in software unknown to the parties tasked with patching and fixing the software. The cybersecurity professional identified the zero as the developers’ time to resolve and patch such vulnerabilities.
Shwed observed that zero-day arises when a vulnerability exists in a technology piece one utilizes. He distances zero-day vulnerabilities from the organization’s fault.
Nonetheless, Shwed confessed he would blame such entities if they attempted to search for detective-type controls. He explained that detective controls utilize unique designs to find errors and challenges long after the transaction’s execution.
Shwed advises firms that detect signs of anomalies occurring within the smart contract or on-chain to deploy solid incident response. He adds that such a program can issue circuit breakers within the affected on-chain and contract. Also, it should trigger sweeping of funds into the non-affected wallet.
Zero-day attacks constitute one of the threats confronted by DeFi projects. Shwed illustrated that DeFi platforms also suffer denial-of-service (DNS) attacks. He observed that Balancer is a recent case of a decentralized crypto exchange that suffered DNS, leading to a $250,000 theft.
Decentralization Applications Reliant on Centralization
Shwed considers that blockchains are acknowledged for realizing unparalleled decentralization. He notes that hacking solid blockchains such as Ethereum and Bitcoin is impossible given their decentralization. He laments that despite blockchain technology becoming decentralized, the majority of the decentralized applications (dapps) running on them lack such attributes.
Shwed admitted that dapps often engage engineers from their inception till deployment. Also, a few are retained post-deployment to facilitate updating the smart contracts. Such occurrences indicate that dapps somewhat are reliant on centralization when deploying smart contracts, monitoring, and guaranteeing security.
Schwed wondered why decentralized projects still rely on Google Cloud, Azure, and Amazon Web Services (AWS). Such utilization underscores that 100% decentralization in Web3 projects is elusive. Failure to break such dependency yields centralization choke points in the decentralized ecosystem capable of benefiting cyber criminals.
Engage Red Teams to Resolve Vulnerability to Security
Schwed recommends that Web3 firms proactively consider their projects as the primary threat actors. Doing so will enable them to discover where the vulnerabilities lie.
Schwed asks the Web3 firms to consider engaging the red teams and professionals tasked with addressing security concerns. The alternative is easier to deploy since they should consider offering equity if they cannot hire professionals.
Schwed is optimistic that blockchain technology will soon realize and optimize its potential despite the cybercriminal and hack risks. In particular, the Halborn operations head reiterated that blockchain technology can disrupt and provide innovations and value to society.