Open in app

Sign in

Write

Sign in

Mastodon

Web 3.0 in Security

Abhinav Pathak
Coinmonks
15 min readSep 22, 2022

--

I am exploring different aspects related to cybersecurity and I love to do it, And after exploring I have now gained a better understanding of Cybersecurity. So now I thought I can also explore about Blockchain Security as this time it is being in trend and everybody wants to do it. So I thought as the time I learn those things I should share with you also and share my learning with all of you. So here we start that blog.

Web 1.0 vs Web 2.0 vs Web 3.0

Web1 was created in the 1990s as a platform for companies to create static pages and websites. Web2 can be deemed an upgrade to the platform where users could now add and create content. Web3, in simple words, is regarded as the third iteration or avatar of what you call the internet.

Web3, however, is a different story. Web 3.0 is a web that both humans and machines can access. To simplify terms, Web 1 is your encyclopedia, Web 2 is Wikipedia, and Web 3.0 is the next big database that AI and humans can access.

Web 3.0 is one-of-a-kind in a variety of ways. This version of the internet promises to be more decentralized, giving businesses and users more control over their data.

No more will it be monopolized by the titans of Google and Facebook. One could say that Web 2.0 was heavily focused on ads and marketing, which Web 3 aims to alleviate.

What is actually Web3

Web3 is the next evolution of the internet. It is a decentralized, open-source platform that allows for secure, peer-to-peer interactions without the need for intermediaries. This new version of the web will be powered by blockchain technology and will be completely decentralized (running on the same technology that has allowed for the growth and adoption of cryptocurrency).

For those that aren’t familiar, a blockchain is a distributed database or ledger that is shared among endpoints on a computer network. It allows for the storage of electronic data in a way that guarantees the security of the record data without the need for a third party. In the area of cryptocurrency, this means that we can record and verify transactions without the need for a third party like the bank or a national government.

What makes web3 unique?

In the past and current world, AI could only derive data from web1 and web2 pages and present/relay the information to you as is. With Web3, however, AI and machine learning will be able to retrieve data from the web and understand and present information in a detailed manner.

E.g., Asking for information from Siri and Alexa currently gets you a response like “ According to Wikipedia”, and the user receives a text to speech answer lifted from the Wikipedia entry.

With Web3, Siri and Alexa would be able to comb through multiple sources of information and give you a detailed answer in particular to the unique question asked by the user.

This is just one potential example of how Web3 can amplify the use of AI and machine learning.

Tim Berners Lee, the creator of Web1, basically believes that Web3 is a web with inherent meaning and one that focuses on how data is consumed.

Web3 is a platform that allows anyone to add data and content without it being monitored by centralized gatekeepers. Web3 aims to provide a platform where data and content have meaning and can be interpreted by both users and machines.

Web3 at its current state

In the past, Web 1.0 and Web 2.0 transformed their respective security models alongside architectural models to unlock more economies. Web1 saw Netscape provide secure communication between user browsers and servers via the Secure Sockets Layer (SSL).

Web2 intermediaries like Google, Microsoft, and Amazon, as well as many certificate authorities, were the driving force behind Transport Layer Security (TLS), the successor of SSL.

An evolution similar to Web2 will occur with Web3 as well, albeit with more investment in web3 applications and web3 security companies. And that’s because a decentralized web will require decentralized security apps and web3 applications or dApps.

These web3 applications and web3 apps will require building without reliance on database layers and traditional application logic prevalent in web2.

Differing from the structure of web2, web3 applications and web3 apps will work with a model that features blockchain, network nodes, and the use of smart contracts that will be used to manage logic and state.

Because of the imminent advent of web3, there has been significant funding for web3 companies and web3 cybersecurity companies.

Because of the fact that web3 is going to be the new platform closely related to cryptocurrency and digital wallets, web3 companies have received rounds of funding valued at over a billion dollars.

A few web3 firms such as Ledger and Fireblocks will build security web3 applications that are expected to grow in popularity in the near future.

Ledger, a security infrastructure company based in France, received $380 million in funding last year. Similarly, Fireblocks also secured $310 million dollars in funding for cryptosecurity.

The main difference between web3 and web2 and web1 in terms of protection is that once a transaction is performed, it cannot be reversed in web3, necessitating the need for protection and security/monitoring.

Benefits of Web3

For all of its security concerns, the Web3 comes with many benefits over traditional Web2.0 platforms.

Some of the potential benefits of Web3 include:

  • Increased security: With no central point of control, web3 has the potential to be more resistant to hacking and other security threats. By giving entities more control over their data and devices it allows for the development of new technologies that can be significantly more secure than what is currently in place (for example, blockchain technology).
  • Reduced costs: By eliminating the need for intermediaries, web3 can help reduce costs for users and businesses alike. When companies have a monopoly over any industry including data and technology they can charge people for access. By making the information easily accessible or making the technology open source it becomes cheaper for people to access that information.
  • Increased privacy: Web3 platforms are often built with privacy in mind, meaning users can be sure their data is safe and secure. Most platforms are designed to use encryption by default for all communications and don’t share information with other users, making it less likely that information will be accidentally leaked to any other parties. Also, since no one is directly controlling the interactions, the chances of someone selling your information to an interested party is very low.
  • Greater control: Since users interact directly with each other and the data that they want, they have greater control than when they go through an intermediary.

Risks of Web3

  • Lack of Accountability: With the advent of Web3, there are several risks that have arisen that need to be taken into account. The first is the risk of loss of control. With Web3, there is no central authority controlling the network. This means that if something goes wrong, there is no one to fix it. Currently, the entities that control information are mandated by compliance regulations to protect that data, ensure its integrity and have certain controls in place to ensure user privacy. In a decentralized market then there is no one responsible for ensuring that these precautions and controls are in place.
  • Web3’s Lack of Centralized Control and Access to Data: A lack of centralized data can also make it difficult to make informed decisions, as data is spread across different departments and locations. While decentralized data comes with many benefits for individual users, for businesses it can be difficult to make quality business decisions without having high-quality information. Having centralized data that can act as a single source of truth is a great way for businesses to gather information on competitors, customers, etc. Without that information, it can make analysis more difficult.
  • Web3 and Blockchain Security Vulnerabilities: The decentralized nature of Web3 and blockchain technologies present unique security challenges. Because there is no central authority controlling these networks, it is difficult to track and manage security vulnerabilities. Additionally, these technologies are often used to store sensitive data, which makes them a target for hackers.

Despite these challenges, there are a few steps that organizations can take to improve security.

First, they can develop a comprehensive security strategy that takes into account the unique nature of these technologies. As a business, you need to understand the type of devices you need to deliver your services and then come up with a strategy to secure those devices according to your needs. In the cybersecurity field, this is often done through threat modeling, which is the formal process of identifying risks relevant to your organization and their corresponding mitigations.

Second, they can partner with other organizations to share information and resources. By working with other businesses that are subject matter expertise in Web3 you can get tips and direction on how your organization can leverage this technology effectively. Finally, they can invest in research and development to stay ahead of the curve. Since this is a new space it’s important that companies that want to be the first movers in this space invest in R&D to develop new solutions before their competitors can.

Impacts of Web3 on Cybersecurity

The rise of Web3 — the decentralized web — has given rise to new opportunities for cybersecurity. With data and information stored on a distributed ledger, Web3 applications are more secure and resilient to attacks than traditional web applications.

However, Web3 also introduces new challenges for cybersecurity. For example, smart contracts — which are programs that run on a blockchain — can contain security vulnerabilities that can be exploited by hackers. And because of the pseudonymous nature of many Web3 applications, it can be difficult to track down and prosecute cyber criminals.

Decentralized Data

In a centralized system, data is stored in a central location. This central location is typically controlled by a single entity, such as a government or a corporation. In a decentralized system, data is distributed across a network of computers. This allows for many different entities to have control over the data.

There are many different applications for decentralized data. One example of this in the cybersecurity world is the deep web. For those that aren’t familiar the deep web is the portion of the internet that is not indexed by normal search engines like Google. The deep web makes up roughly 95% of the data on the internet and it’s a treasure trove of information for hackers. This is where people go to buy malware kits, recruit other hackers, and conduct all sorts of illegal business online. As the internet becomes more decentralized and less regulated we can expect more of this type of information to be accessible to cybercriminals.

More Endpoints for Hackers to Target

The amount of devices that we have on the internet has continued to increase steadily in the last few years. It is growing at roughly 18% year-over-year and has reached over 15 billion devices globally. This means that attackers have more potential targets than ever before. Going forward, security teams need to be extra diligent in monitoring their environments and hardening their systems. This doesn’t just mean things like laptops or cell phones, but all smart devices like smart cars, Bluetooth devices, and medical implants (like pacemakers) are all accessible from the internet and can be targeted by hackers.

Potentially Better Platform Security

One of the benefits of technologies such as blockchain is that they are inherently secure. They are so secure that some of the world’s richest people were willing to put millions of dollars into products like bitcoin and Ethereum. To this date, we have not seen any situations where the blockchain itself was hacked to produce fraudulent cryptocurrency coins and this may be a positive sign for what’s to come.

Ownership of Information or Data

The trend of data ownership has been growing in recent years, with more and more people asserting their right to control their data.

As presently constructed many of the platforms we use such as social media are actually the owners of our information. They can use and routinely sell our personal information to companies that have a vested interest in learning more about us. In an environment where the data is decentralized then no one entity will be able to collect and sell our personal information. The information will be safely stored on computer devices that we can control and will only be shared with people that we want to share that information with.

Elimination of the Central Point of Control

A big shift in Web3 is that it moves us away from having a central point of control for our data. This shift is already underway, and it is being driven by advances in technology, such as blockchain and distributed ledger technology.

This provides users with more freedom and autonomy over their data than ever before. One big advantage is that it will make the internet more resilient to censorship, without an entity controlling information people will be able to share their ideas and thoughts unfiltered to other people around the world.

Cybersecurity challenges of web3

There is an increased chance of vulnerability and security breaches with a decentralized web platform. Blackhat hackers will find innovative methods to access financial information and empty digital wallets in one go.

Web3 provides a lot of growth potential, but with a poorly designed and defined web 3.0, there are a lot of cybersecurity risks to consider.

Questionable Information Quality

Web1 relied on accurate information provided by reputed publishers. Web2 had quite a drop in data quality because of the rampant increase in misinformation supplied by users. Web3 could lead to more questionable data because it relies on AI and machine learning.

With the current AI and machine learning, it is pretty difficult to say whether AI would be able to differentiate fact from fiction and to know which information sources are trustworthy.

Manipulated Data

Intentional data tampering is a significant cybersecurity problem when it comes to AI and machine learning. User-generated content can be created to produce poor data outcomes, in addition to uncertain information quality.

AI and web3 applications can be turned into large-scale disinformation sources, which can be a digital nightmare.

A case study for this would be when Microsoft’s experimental AI chatbot Tay was turned into a racist application after Twitter users fed it with misogynistic and racist messaging.

Tay was designed as a chatbot that grew smarter based on casual conversations with users on Twitter. In less than 24 hours, the results were quite shocking. This shows that user-fed information can lead to all sorts of consequences.

Data Availability

One big dilemma that needs to be considered when discussing web3 is data availability. What does the AI do in the case of a web page being unavailable or if there is a broken link?

Would the solution be for these AI and web3 applications to create a backup of data from the full internet in order to have access at all times? This may increase reliance on the availability of systems over which an IT team has little control.

Data Confidentiality

Data breaches are a common occurrence, and they compromise confidential information regularly. On top of that, such content can be accidentally released and/or posted in an unsecured section or location on the internet.

What makes it more dangerous in web3 is that AI and machine learning web3 applications can come across this data due to their constant scanning and can assimilate it into their data banks/ knowledge bases.

Why is this dangerous? It is because AI consumes private data, and it could be stumbled upon by anyone and be used. Hence, cybersecurity and web3 companies will need to up their game and bolster security to ensure that none of their data is spread onto the internet.

Web3 and Blockchain Security Vulnerabilities

Data breaches and security vulnerabilities are more rampant than ever. The Identity Theft Resource Center reported that 2021 represented an all-time high regarding data breaches and cybersecurity threats.

That said, web3 isn’t without its security flaws, and thanks to its decentralized nature, it can prove to have many more threats lurking around the corner.

Contrary to traditional IT and cloud deployments, web3 architecture has the potential for financial incentives that can be gained by a hacker with a web3 exploit.

Previously, in web2, cybercriminals mostly had access to sites and services and very rarely had access to financial gains.

With web3 integration with blockchains, there comes a rise in blockchain security vulnerabilities as large chunks of digital wallets and currencies can be accessed at a single point.

A recent web3 blockchain security vulnerability case study is the Wormhole Bridge. The wormhole bridge is an interoperability protocol that allows decentralized applications (dApps) and users to move assets between multiple blockchains.

Due to the web3 and blockchain security vulnerability, a cybercriminal was able to get away with 120,000 Ethereum, which equated to $360 million in value. This was all done by exploiting a bridge in the Solana blockchain.

Addressing Web3 Cybersecurity Challenges

A large portion of the security concept in Web 2.0 is about the reaction. Mechanisms must be added to validate if transactions should happen in the first place in web3 since transactions cannot be modified once they have been done.

To put it another way, security must be exceptional in preventing attacks.

At least four initiatives might help to establish a web3 security strategy that is proactive:

Source-of-truth data for exploits

There has to be a single source of truth for all known web3 flaws and vulnerabilities.

A decentralized version of Web3 is required. For the time being, incomplete data may be found in places like SWC Registry, Rekt, Smart Contract Attack Vectors, and DeFi Threat Matrix.

Bug bounty programs, such as Immunefi’s, are designed to expose new vulnerabilities.

Norms for making security decisions

In web3, the decision-making methodology for critical security design choices and specific events is unknown at this time.

Decentralization means that no one owns the problems, which can have serious consequences for users.

The recent Log4j vulnerability serves as a cautionary tale for entrusting security to a decentralized community.

There has to be more clarity on how DAOs (Decentralized Autonomous Organizations), security experts, providers like Alchemy and Infura, and others work to solve emergent security risks.

Signing and Authentication

The majority of dApps, including the most well-known, do not currently authenticate or sign their API responses.

This means whenever a user’s wallet retrieves data from these apps, there is a gap in ensuring that the response is from the correct app and that the data has not been tampered with.

Users must establish their security posture and trustworthiness in a world where apps do not follow fundamental security best practices, which is a near-impossible undertaking.

At the very least, better ways of alerting consumers to hazards are required.

Better User-Controlled Key Management

Users’ capacity to transact in the web3 paradigm is based on cryptographic keys. Cryptographic keys are notoriously difficult to handle; entire businesses have been formed on key management and continue to be built around key management.

The difficulty and risk of managing private keys is the primary factor that leads consumers to select hosted wallets over non-custodial wallets.

The first two initiatives are focused on people and processes, whereas the third and fourth initiatives will necessitate technological changes.

One of the most exciting developments is that web3 security innovation is now taking place in the open, and we should never underestimate the potential for innovative solutions.

How to Protect Personal Data In Web3

Along with this increased connectivity comes a need for increased security for our data. With so much information being shared and stored online, it’s more important than ever to make sure our data is safe from hackers and other cybercriminals.

There are a few ways we can protect our data in Web3. One is to encrypt our data so that only authorized users can access it. Encryption is already in use on the internet in the form of HTTPs but it’s important that you take extra precautions to ensure that encryption is used whenever possible. For example, using a VPN to ensure that your data is encrypted at all times and enabling encryption at rest/storage are two things that you should do to ensure that your data is protected against eavesdroppers. This is especially important when you are using insecure networks like public wifi, library wifi or internet cafes.

Another tip is to limit the number of places where you share data. The more people or companies you share your information with, the greater the chance that your personal data will be leaked. You want to limit your chances of exposure by providing as little information as possible to third-party entities. You should also do your due diligence to look up a company to ensure that they are legitimate before you decide to share your personal information with them.

And finally, we can use authentication and authorization protocols to control who has access to our data. By protecting our accounts with things like strong passwords and 2-factor authentication reduces the chances that our account will be compromised and therefore reduces the possibility of our information being leaked.

Conclusion

As we move into the age of Web3, it is important to be aware of the new cybersecurity threats that come with it. In the past, most attacks have been focused on stealing data or taking down systems. However, with the rise of decentralized applications and smart contracts, attackers can now target these applications and disrupt their operations. This can lead to financial losses for users and businesses alike.

Any type of comments are welcome. Thank you for your time :)).

Happy Hacking !!!

If you enjoyed reading the article do clap and follow:

Twitter: https://twitter.com/i_amsphinx

LinkedIn: https://www.linkedin.com/in/pathakabhi24/

GitHub: https://github.com/pathakabhi24

New to trading? Try crypto trading bots or copy trading

Web3
Blockchain
Blockchain Technology
Cybersecurity
Security

--

--

Abhinav Pathak
Coinmonks

Written by Abhinav Pathak

401 Followers
Writer for

Computer Engineer | Cybersecurity Researcher | Infosec is just a part of Life

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams