Users must access the Web3 engine underneath, says CEO of HashEx.

Photo of author

By Degen Lipsa

The same technique that has been employed since the internet’s inception—pretending to be someone else—makes hacking on Web3 simple.

Hashex CEO comments on Web3

Due to the difficulty and “cool aspect” of Web3 projects, it is simple to assume—and fallaciously so—that it needs Mr. Robot level of sophisticated hacking methods to carry out a successful attack. But in reality, all it takes to breach the Web3 ecosystem’s security is a malicious ad displayed in Google search results, a fake Telegram group, or a cunningly constructed email.

Blockchain projects may make use of the greatest smart contracts available, safely incorporate crypto wallets, and follow best practises for all digital operations. They still require assistance with user protection’s social component, though. But acquiring this ownership power also essentially involves a great deal of responsibility. The steep learning curve is making it challenging for users to comprehend how cryptocurrency wallets operate, how transactions are executed, and how assets are held.

At Istanbul Blockchain Week, Cointelegraph sat down with Dmitry Mishunin, the CEO of blockchain auditor HashEx, to discuss Web3 from a security expert’s point of view. In the interview, Cointelegraph enquired regarding certain important concerns which are mentioned below and Mishunin cleared all of it with ace.

Before Web3 even existed, you were working on it. How would you characterise or frame Web 3?

Mishunin– The control of finances is the users’ responsibility, according to me, and this is an intriguing paradigm. Web1 is merely a read-only environment. Although the data and context are available, nothing can be done with them. Web2 is a read-write mode that allows for uploading. Web3 is also read-write-own. The end user has a huge duty because they have never had to handle something like this before. Because people are unaware that they are personally responsible for protecting their own assets, security issues are common. The public is not prepared for this.

What distinguishes Web3 from other platforms in terms of security and user safety, in your opinion?

Mishunin: It includes a higher standard of security and smart contracts. Smart contracts’ privacy is not the only issue; the entire infrastructure of wallets, users, and their goals is also at stake. Governments may be able to offer the funds, not as credit, when a large bank is short on cash. They provide government money and buy the bank for one dollar. Because governments and major regulators don’t believe it’s worthwhile or believe they can’t trust this ecosystem, the Web3 infrastructure is not ready for this.

Phishing is still a serious concern in Web 3.

Mishunin: Even HashEx, a security firm, lost roughly $100,000 in the prior year due to human error rather than fraud or dangerous investments. When one of our employees wanted to make some swaps on Pancakeswap, she searched Google for “pancake” and clicked a link without realising that she was actually clicking one from the Google Ads, not the search results. This was a significant phishing experience for us. A pop-up that resembled a MetaMask window was present. She typed her seed phrase after the pop-up message “you have an issue in your MetaMask” appeared. In conclusion, smart contracts will be safer yet phishing will still remain the biggest web security headache.

Phising

Will businesses like HashEx focus primarily on the social side of security?

Mishunin: By being aware of and comprehending the methods used by con artists to deceive people, we can lessen the number of phishing attacks. It is not a concern of the auditors or the cyber police because carrying out such attacks is simple. Simply start a Telegram group and send messages to the members. Security companies can’t possibly cover everything. We can, and do, assist with this degree of user awareness, though. HashEx Academy exists. A lot of stuff is being created about it.

Is it possible to maintain your anonymity when using Web3?

Mishunin: You can only accomplish it if you don’t take any money out and move it from Web3 to the actual world. The risk of losing anonymity comes right away if you wish to transfer money from Web3 to the real world.

Leave a Comment