To be frank, the numbers don’t look good. Over half a billion dollars of value was drained from Web3 platforms and users between July and September of this year. $504,158,033, to be precise.
This is not a great look for the crypto industry whose market capitalization has already suffered a 70% drawdown over the last year.
Adding half a billion dollars of losses due to security incidents onto the industry’s notorious price volatility is not a recipe for attracting new users and bolstering the confidence of those who have stuck around.
What Web3 Offers
Despite these disappointing figures, it’s not all doom and gloom. As the saying goes, bear markets are the time for building.
Integrating security into the pipeline of project development will ensure that Web3 not only provides real value to real people when they need it most with the least risk possible.
And this wave of adoption may come sooner than many expect.
This time, it’s likely to be driven by a real and pressing need for everyday people to access the services they once took for granted, rather than the desire to speculate on an emerging industry that has motivated much of the market participation in previous waves.
Society is undeniably experiencing a crisis of faith in the institutions we once trusted to be looking out for our best interests.
Promises written on paper were once good enough to maintain the trust that had been built over decades.
But in light of these promises being ignored and broken, people are now turning to an alternative that ensures a level playing field for everyone, where there’s not even a possibility of breaking the rules thanks to certain immutable features written into the system.
For example, decentralized autonomous organizations (DAOs) – though not without their growing pains – are a radical experiment in new forms of social organization and governance.
Zero-knowledge proofs will allow users to take back control of their data from the companies that make billions of dollars off selling it to advertisers.
This new technology has important privacy implications, too.
Imagine being able to qualify for a loan without revealing your exact credit score or sensitive personal information to companies that have proven time and time again that they cannot be trusted with securing it.
Currently, there are few options but to leave a trail of data across the internet, with very little insight into who has access to it and what they’re using it for.
The cryptography that powers Web3 and blockchain technology offers a real alternative.
So What’s Standing in the Way?
But to deliver on these visionary promises, Web3 needs to confront its security problem. This is a nuanced issue, and there’s no one-size-fits-all solution.
Many of the industry’s inherent strengths are also its most commonly exploited weaknesses.
For example, one of the most exciting things about Web3 technology is that anyone anywhere can build and contribute to the ecosystem.
This results in an immense amount of innovation that continuously propels the industry forward. But it also leads to a fundamental mismatch between those who build and those who exploit projects.
When DeFi platforms built in suburban bedrooms attract hundreds of millions of dollars worth of assets, they also attract some of the most sophisticated hackers in the world, including state-sponsored actors.
The FBI recently released a Public Service Announcement echoing many of the lessons that we as security auditors have learned first-hand
The FBI recommends investors take the following precautions:
- Research DeFi platforms, protocols, and smart contracts before investing and be aware of the specific risks involved in DeFi investments.
- Ensure the DeFi investment platform has conducted one or more code audits performed by independent auditors. A code audit typically involves a thorough review and analysis of the platform’s underlying code to identify vulnerabilities or weaknesses in the code that could negatively impact the platform’s performance.
- Be alert to DeFi investment pools with extremely limited timeframes to join and rapid deployment of smart contracts, especially without the recommended code audit.
- Be aware of the potential risk posed by crowdsourced solutions to vulnerability identification and patching. Open-source code repositories allow unfettered access to all individuals, including those with nefarious intentions.
The FBI recommends that DeFi platforms take the following precautions:
- Institute real-time analytics, monitoring, and rigorous testing of code in order to more quickly identify vulnerabilities and respond to indicators of suspicious activity.
- Develop and implement an incident response plan that includes alerting investors when smart contract exploitation, vulnerabilities, or other suspicious activity is detected.
The Path Forward
This is not fear-mongering, it’s a call to action. As builders in the Web3 space, we all believe this technology has real value to bring to hundreds of millions, if not billions of people around the world.
Citizens of countries with underdeveloped financial infrastructure can immediately grasp the importance of decentralized technological solutions.
Those with privileged access to developed markets may not have the same immediate concerns, but all it takes is the tap of a button or the stroke of a pen to suspend rights once taken for granted.
The fact that Web3 exists as a real alternative to increasingly restrictive financial markets and Web 2.0 platforms should be celebrated.
$500 million worth of losses in a quarter is not quite as encouraging a fact, but it’s nothing if not a ruthless trial by fire.
Web3 will either perish in the flames or emerge even stronger than ever, ready to provide free and fair financial services to those who need them most.
The way things are going, we might need these decentralized services sooner rather than later.