Innovating on Security: How Glue Will Keep User Assets Safe
If you were to ask a random stranger what they think of crypto, there are two possible responses: either they’re excited about it, or they don’t trust it.
Some people don’t trust crypto because they just haven’t understood it yet, but others have heard enough bad stories to dismiss it altogether.
The popular perception of this industry is controversial, to put it mildly. Every new technology will always be met with fear from most, and usually for a good reason. As with all experimental inventions, crypto trailblazers had to discover (or rediscover) the best security practices as they went along, and there have been a lot of people who had to pay for their mistakes.
Things are improving — monthly total value hacked is at lows not seen since 2020. But the industry is not the new kid on the block anymore, and it’s time to take security more seriously.
In our ecosystem, user security is the highest priority, and thanks to the shared experience of the team, we’ve seen what approaches work and which are not effective.
On Glue, security comes through many separate initiatives that together create a full in-depth defense:
- A user’s security is managed through better UX and multi-signature accounts — a crypto-native two-factor authentication (2FA);
- The Glue Security Fund (GSF) helps keep the network and individual apps safe by funding continuous audits, even for third-party builders.
- The architecture of the blockchain and the infrastructure around it make it very easy to catch and undo the damage made by hackers and scammers.
There is a general rule when creating products: if it’s new, try to make it as familiar as possible; if it’s old, try to make it as unique as you can. For example, when Apple first came out with their Notes app, they made it look like a physical notepad.
The philosophy behind the Glue Network is to offer users a middle-ground between the new and sometimes scary Web3 platforms, and the usual Web2 finance apps they’re now used to.
This is done for a specific purpose: attracting as many real users as possible to apps that help people in their daily lives.
Now, let’s see how security on Glue works to bring some familiarity to users.
Security comes from stacking layers
One of the main missions of Glue is to make the usage of crypto similar to that of your bank account: simple and safe.
The main reason why crypto is so attractive for hacks and scams is because it is very easy to take the money and not get caught. You effectively have all the benefits of physically robbing a bank — taking fungible, hard-to-trace money — while potentially doing so while sipping coffee on the opposite side of the globe thanks to the internet.
Banks get hacked hundreds of times a year in many different ways. In most cases, you don’t hear of these incidents because it’s very difficult for someone to capitalize on hacking a bank.
So, while it’s very important to ensure the code underpinning Glue and its apps is top-notch, thoroughly inspected, and tested, never creating hackable code is a utopia. What we can do is make it so difficult to exploit it that very few even care to try.
This is where the multiple layers of Glue security come in. It’s the Swiss Cheese Model of risk management, which relies on stacking multiple layers of security approaches and redundancies.
The idea is that all techniques are imperfect alone, but they should be all imperfect in different ways so that together they stop a serious incident from happening.
The Glue Security Fund
A major component of our defense is the Glue Security Fund (GSF). This will be the dedicated entity responsible for protecting the ecosystem and will be directly funded by a portion of the transaction fees.
Its first step in the defense will be financing audits and bug bounty programs.
All hacks derive from weak spots in the system’s code, ranging from basic oversights to impossibly complex puzzles. This is why audits are an important first step in ensuring security, but they cost money and time, and many teams might be unable or unwilling to audit their code properly.
By using the GSF to finance both internal Glue infrastructure audits, as well as third-party apps, Glue will be able to ensure that all projects have at least a basic level of safety. The team will use different auditors for different layers of the system (L1 and L2), choosing the most experienced partners for each layer.
However, it would be unreasonable to put all hope into audits. In addition to pre-launch checks, bug bounties play an important role in maintaining security over time, with just the ImmuneFi platform alone boasting $25B of user assets saved (i.e. not hacked). The GSF will facilitate bug bounties for projects on Glue, ensuring this step is covered as well. But even bug bounties are fairly common. What distinguishes Glue’s approach involves the next layers of defense.
Should a hack or a scam occur within Glue, an important portion of the GSF will be dedicated to dealing with the culprits, aided by the network’s distributed architecture.
Glue chains will be compatible with the EVM, the most common standard for deploying smart contracts. But thanks to its usage of a custom framework with a rich chain management system, Glue will have several technical aces up its sleeve for limiting the impact of hacks, allowing the chain to block offenders from escaping through the chain’s off-ramp gateways.
Once the way out is secured, the GSF and its connections will be used to identify and catch the perpetrators of the attack, in collaboration with law enforcement and specialized cybersecurity firms. The result is that even if a security incident were to happen, its consequences would be as limited as possible.
Glue is Co-founded by Ogle, a well-known security researcher who helped recover more than $450M in funds stolen through hacks and scams for more than 40 different projects. The GSF will be molded with Ogle’s expertise and connections, ensuring that it operates based on real know-how acquired in the field. This experience led to the defense in depth model adopted on Glue, which begins from the premise of, “what if the worst possible thing does happen?”
Glue brings together the best parts of Web2 with the new fundamentals of crypto and Web3. Security and peace of mind are arguably the most important benefits that traditional banks bring to the table — once that advantage is gone, it will be much easier to make crypto the financial infrastructure of the present.
Official Links Website | Glue Hub | Twitter | Telegram | Telegram Announcements | Reddit | YouTube
