Mudit Gupta, Chief Security Officer at Polygon, has urged Web3 companies to hire traditional security experts to prevent easily preventable hacks, arguing that perfect code and cryptography are insufficient.
Gupta said that several recent crypto hacks were the result of Web2 security flaws such as private key management and phishing attacks to gain logins, rather than poorly designed blockchain technology. He also said that his department employs 10 security experts to ensure top-notch digital security.
Gupta added to his point by emphasizing that obtaining a certified smart contract security audit without implementing standard Web2 cybersecurity practices is insufficient to protect a protocol and users’ wallets from being exploited.
With API keys being used for decades, there must be best practices and procedures that should be followed to safeguard those keys. These things should be subject to proper audit trail logging and risk management. But according to him, crypto companies have simply ignored this important step.
While blockchains are frequently decentralized on the backend, users interact with them through a centralized frontend, often in the form of a website. Companies should prioritize traditional cybersecurity measures such as DNS, web hosting, and email security.
Citing the $600 million Ronin Bridge Hack and $100 million Horizon Bridge, he emphasized that the hacks had nothing to do with blockchain security, the codes, and cryptography. The thing that went wrong was with private key security procedures.
He urged Web3 companies to take more responsibility and go beyond rather than doing the bare minimum if the ultimate goal was mass adoption.
“For us … we don’t want just the minimum safety that keeps the liability away. We want our product to be safe for users to use it … so we think about what traps they might fall into and try to protect users against them.”
Polygon is an interoperability and scaling framework for Ethereum-compatible blockchains, allowing developers to create scalable and user-friendly decentralised applications.
According to blockchain analytics firm Chainalysis, crypto hacks have now surpassed the $2 billion mark, following the $190 million Nomad bridge hack in August.
