Traditional cybersecurity vs. Blockchain-based solutions: main issues

Traditional cybersecurity vs. Blockchain

getty

Web3 enthusiasts sometimes propose replacing traditional security systems with decentralized solutions. However, this juxtaposition is misleading, as the two types of security solutions serve different purposes, and Web3 projects can still benefit from traditional security frameworks.

Security is one of the most often cited advantages of blockchain over traditional databases and financial networks. In fact, the data saved on the blockchain cannot be altered, manipulated or destroyed, unlike data saved on normal servers. However, there is a lot of confusion between two different concepts: blockchain security and blockchain-based security.

Let’s clarify the differences between these concepts, as well as the limitations of decentralized systems. Stefan Huber, CEO of Black Fort – the first L1 network to offer a multichain wallet with integrated antivirus – comments:

“What most people don’t understand is that on-chain and off-chain security solutions are complementary, not alternatives. Industries like healthcare and manufacturing can definitely benefit from identity management and access control based on blockchain, but Web3 also needs regular cybersecurity frameworks, as some features are too expensive to replicate on-chain.”

Blockchain security

Blockchain security is an umbrella term that covers the systems, solutions and practices used to protect blockchain networks, decentralized applicationsfunds stored in smart contracts and users interacting with the blockchain from malicious attacks.

In turn, these solutions and practices can be classified into two types: those based on blockchain and those that are not. Below are some examples for clarity and please note that these are examples only and not exhaustive lists.

1) Security solutions that include blockchain

• Multisig wallets: Wallets that require multiple signatures to execute a transaction, used to prevent unauthorized fund transfers in Web3 projects.
• Decentralized Oracles: Smart contracts often need off-chain data (such as cryptocurrency prices). Using one or more decentralized oracles prevents malicious actors from providing incorrect information to these contracts.
• Gas Rates: Surprisingly, non-zero gas fees are among the best deterrents against a common type of attack: DDoS. By making such spamming attacks costly, they discourage attackers.

2) Security solutions that do not rely on blockchain

• Web3 Antivirus: These apps detect crypto scams, malicious smart contracts, and phishing websites, alerting users before they sign potentially malicious transactions. Often available as browser extensions, some advanced wallets now also include this feature as a built-in security measure. Stefan Huber, CEO of BlackFort Exchange Network, continues: “When a user initiates an interaction with a dApp smart contract or wallet address, our wallet’s built-in antivirus scans it against a database of known scams, simulates the transaction and immediately informs the user whether it is safe to proceed with connecting to the dApp or sending cryptocurrencies to a specific address.”
• Heritage custodians: These are market players who secure digital assets for others. While custodians Typically using cold multisig wallets and other blockchain-based solutions to protect their clients’ funds, the relationship between a custodian and a client remains traditional, involving signed documents and fees paid off-chain.
• Multi-factor authentication: Good old MFA, especially using biometric authentication, is an effective way to secure crypto wallets.

Blockchain-based security

The term “blockchain-based security” refers to security systems and tools that use blockchain as an integral part of their technology. Such tools can be employed in Web3, Web2 or real-world economics.

Among the most interesting use cases of blockchain-based security solutions are:

• Supply chains: Valuable items and shipments can be assigned unique blockchain identities to ensure authenticity and track the movement of goods. Perhaps the most significant use case of blockchain in supply management is its ability to prevent ransomware attacks.
• Internet of Things: Blockchain is used to authenticate individual devices (such as sensors) and accounts before they access an IoT network. This can prevent data breaches, phishing attacks, malware installations, and more.
• Data security: Blockchain helps protect data and regulate access to sensitive files. For example, financial and medical documents are often stolen and sold on the darknet, but such breaches can be prevented if access requires the use of a private blockchain key.

Bottom line: the all-important human factor

Legacy and blockchain-based cybersecurity solutions must be used in combination to effectively protect Web3 projects and user funds. After all, Web3 platforms still run on virtual servers like AWS and user-side wallets run on legacy devices.

At the same time, we must not forget the most important element of cryptographic security at the end-user level: the correct practices for protecting the secret phrase, private key and password of your crypto wallet.

Most cryptocurrency thefts occur not because of code exploits, but because wallet owners inadvertently reveal their seed phrases or private keys, click fake airdrop linksI’m a victim of it SIM swap scamsetc.

Even worse, it is common for Web3 projects to have their social media and GitHub accounts compromised, which are then used to steal money from end users. This shows that even employees of blockchain projects often do not follow proper cybersecurity practices.

Understanding how hacks, crypto scams, phishing, and social engineering attacks work is probably the most crucial aspect of blockchain security. Without educating both end users and project team members, no blockchain security solution will ever be sufficient to protect assets in Web3.

Fuente