Everyone talks about how unsafe Web3 is, and how easy it is to lose money to rug-pulls, scams and hacks.
This way of looking at things was popular, especially during the heat of the bear market in 2022.
Hacks and exploits like the BNB Chain exploit, the Ronin hack and the Qbit hack were some of the major exploits that gave Web3 a bad name.
Let's not forget other major ones like the Terra Ecosystem crash that vaporized billions of dollars in a single day.
However, what if someone mentioned that Web2 was as much to blame as Web3?
According to a recent report from security auditing company, Immunefi, web2 is as much to blame as web3.
For context, web2 and web3 are similar. One of the major differences between both is that web3 is integrated with blockchain technology.
According to Immunefi, however, while bad smart contracts may be to blame for most of the hacks in 2022, as much as 46% of these hacks came from bad web2 infrastructure as well.
Immunefi's report, which analyzed the history and types of web3 hacks, also mentioned that problems, like leaked private keys, weak encryption, or DNS hijacking, plagued web2 protocols as well.
Immunefi's report also classified security vulnerabilities into three broad categories, including Design flaws, implementation flaws, and infrastructure weaknesses.
Immunefi says that Design flaws come from programs that define the rules and functions of a Web3 application.
It also cites the $2.4 million worth of BNB tokens stolen during the BNB Chain bridge hack as a good example.
The attacker was able to bypass the bridge's verification process and withdraw funds from the bridge contract.
Another kind is an Implementation flaw.
Implementation flaws typically result from problems that can easily be detected and fixed if the smart contracts are properly audited.
A good example is the $80 million that was stolen from the QBit hack.
The third example is called an Infrastructure weaknesses. Infrastructure weaknesses typically affect virtual machines, private keys, or web servers.
Attackers typically exploited these through phishing and social engineering. A good example is the $8.3 million worth of AXS tokens stolen from the Ronin bridge hack.
The attackers were able to gain control of five out of nine Ronin nodes validator signatures in this infrastructure attack and steal all of that money.
The report by Immunefi also shows us a few things about what to expect in the coming bull cycle in 2024.
Web2 security is just as important as web3 security, and the most secure smart contract in the world may not be enough to salvage a poorly written user interface.
Web3 security is about to become more community-driven, as more projects, users, and security experts work together to fix vulnerabilities.
Overall, the report by Immunefi recommends that Web3 projects should prepare for the 2024 bull cycle by investing in security, testing and auditing their smart contracts, and engaging with their security community.
By doing so, these companies can better protect against the inevitable hacks and exploits as crypto explodes in price once again.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.