Blockchain Cybersecurity Firm Halborn Focuses on Securing Web3 Projects
As the tech industry continues to prioritize artificial intelligence (AI), cybersecurity professionals are diligently working to identify vulnerabilities and patch security holes in AI platforms. However, one cybersecurity firm, Halborn, has set its sights on a different target – securing Web3 projects.
The chief operating officer of Halborn, David Schwed, recently expressed his belief that many hacks in the blockchain ecosystem are preventable. He referred to a report published by his firm that revealed over $5 billion had been lost in DeFi (decentralized finance) hacks between 2016 and 2022. Schwed emphasized that a significant number of these hacks were due to poor security practices related to standard Web2 security, rather than on-chain vulnerabilities.
While Schwed acknowledged that certain breaches, such as zero-day attacks stemming from vulnerable technology, are inevitable, he stressed the importance of organizations being prepared. Zero-day attacks refer to software vulnerabilities that are unknown to those responsible for patching or fixing the software, giving them zero time to address and patch the vulnerability. Schwed suggested implementing detective controls to identify anomalies in smart contracts or on-chain behavior and having a strong incident response program in place. He also recommended the ability to issue circuit breakers within a contract or transfer funds to a non-affected wallet.
Zero-day attacks are just one of the potential threats that DeFi projects face. Another recent incident involved a denial-of-service (DNS) attack on the decentralized cryptocurrency exchange, Balancer, resulting in the theft of over $250,000. While blockchains are often praised for their decentralization, Schwed highlighted the fact that the dapps built on top of them are not entirely decentralized. He underscored the centralization choke points in the ecosystem, such as reliance on platforms like Amazon Web Services (AWS), Azure, and Google Cloud for Web3 projects.
To address security concerns, Schwed advised Web3 companies to view their projects as threat actors and identify potential vulnerabilities. He also suggested seeking professional assistance from red teams to assess and address security risks. For companies lacking the financial resources to hire cybersecurity professionals, Schwed proposed offering equity in the organization as an incentive.
Despite the risks posed by cybercriminals and hacks, Schwed remains optimistic about the future of blockchain technology. He believes that blockchain has the potential to disrupt and provide significant value to society. Schwed concluded by expressing his confidence in the collective willingness of those in the space to help drive innovation and secure the ecosystem.
In a world increasingly reliant on advanced technologies, securing the underlying infrastructure becomes vital. Halborn’s focus on securing Web3 projects demonstrates the importance of staying ahead of potential vulnerabilities and ensuring the continued growth and development of the blockchain ecosystem.
