Andrew Newman is the founder & CTO of Reason Labs, a cybersecurity company providing enterprise-grade protection for users around the world.
Web3 is the kitschy term that refers to the next iteration of our internet—including cryptocurrencies, decentralized networks, the blockchain and more. While for many people the concept of Web3 seems a futuristic, light-years-away idea, the truth is that it’s much more impending than we think, with many elements already firmly entrenched in the wider public consciousness. Nine countries have already launched Central Bank Digital Currencies (CBDC)—virtual currency backed and issued by a central bank.
The cutting-edge technologies of Web3 are revolutionizing industries and parts of everyday life, which also means they bring with them novel security threats. This begs the question: With such nascent technology, what other kinds of emerging threats are out there? And how do we protect ourselves?
As with all popular trends, it doesn’t take long for cybercriminals to jump on the bandwagon. In Reason Labs’ State of Consumer Cybersecurity report, RAV researchers revealed 2021 was “the year of the miner.” The number of crypto miners distributed throughout 2021 was enormous, as almost 60% of all Trojan activity detected last year were miners. It’s a threat that, although it may not harm a user’s device like traditional malware might, will directly affect a user’s pockets—your electric bill can skyrocket from the constant use of computing power as crypto coins are harvested without your consent.
It’s difficult to know where to draw the line on crypto mining. The subject has raised a bunch of questions involving the ethics around it: Is crypto mining legitimate? Is it a threat? Do we need permissions? Either way, leveraging people’s computers to carry out activities without their consent is most definitely a giant no-no.
MORE FROMFORBES ADVISOR
There are definitive security concerns surrounding digital currency. Contrary to popular belief, the cryptocurrency blockchain is not an impenetrable force. When you or trusted sources operate the majority of a blockchain, it’s secure. But if a simple majority of more than 51% of the blockchain is controlled by malicious miners, it breaks the chain, making it susceptible to manipulation—and worryingly, these so-called “51% attacks” are also on the rise.
In 2020, bitcoin gold, a relatively minor cryptocurrency, suffered a 51% attack resulting in over $72,000 worth of bitcoin gold tokens being double-spent. And just last month, Axie Infinity, the play-to-earn crypto game, was hacked to the tune of $625 million by hackers stealing from the underlying Ronin blockchain—taking crypto heists to shockingly high new levels. Many in the cybersecurity industry would regard an event like this as a learning curve, but it’s a pretty expensive lesson!
Another threat that is likely to inveigle itself into the Web3 domain is phishing. Phishing is nothing new; however, the manner in which it’s being used today is. In October 2021, attackers used phishing emails to rob cryptocurrency from 6,000 customer accounts at Coinbase by exploiting a flaw in its two-factor SMS system. Another malicious example of this kind of theft was seen in February, when $1.7 million in non-fungible tokens (NFTs) were stolen in a phishing attack on OpenSea users. Over 250 tokens were stolen by an attack that exploited a hole in the Wyvern Protocol, which is the standard that underlies most NFTs.
These examples exhibit how the technological world’s rapid race for development and constant turnover is both its greatest asset and its biggest downfall. On the one hand, the Web3 “Industrial Revolution” is set to make great waves in terms of easing everyday life and making certain technologies available to the average consumer. On the other hand, as companies rush to be the first product on the market, holes and vulnerabilities that weren’t expected can appear, and there is a higher chance of data compromises.
The Need For Education
This brings us back to a theme I’ve discussed here before: the importance of education surrounding cybersecurity. How do you stop phishing scams? What does it mean to be cyber safe? How do you fully trust something? Teaching consumers to ask—and providing answers to—these questions is crucial. Learning to recognize suspicious signs will raise consumer awareness where the safety of their devices, and their data, is concerned.
Additionally, next-generation antivirus (NGAV) and endpoint protection solutions are a necessity. Attackers are always trying to tip the scale in terms of trust. We need a combination of the human brain, instinct and AI machine learning to detect and flush out novel threats.
Unfortunately, the “freedom” and end-user ownership that Web3 will offer consumers is the same freedom that cybercriminals will also be able to enjoy. We need to find a solution whereby the vision of an autonomous web for all can be experienced, without opening up a huge can of worms.