Traditional vs Blockchain Cyber Security
Web3 enthusiasts sometimes suggest replacing traditional security systems with decentralized solutions. However, this juxtaposition is false, as the two types of security solutions serve different purposes – and Web3 projects can still benefit from traditional security frameworks.
Security is one of the most frequently cited advantages of blockchain over traditional databases and financial networks. Indeed, data stored in a blockchain cannot be altered, manipulated or destroyed, unlike data stored on regular servers. However, there is a lot of confusion between two different concepts: blockchain security and blockchain-based security.
Let’s clarify the differences between these concepts, as well as the limitations of decentralized systems. Stefan Huber, its CEO BlackFort – the first L1 network to offer a multi-chain wallet with built-in antivirus – comments:
“What most people don’t understand is that on-chain and off-chain security solutions are complementary, not alternatives. Industries like healthcare and manufacturing can certainly benefit from blockchain-based identity management and access control, but Web3 it also needs regular cyber security frameworks. as some features are too expensive to replicate on-chain.”
Blockchain Security
Blockchain security is a general term covering the systems, solutions and practices used to protect blockchain networks, decentralized applicationsfunds stored in smart contracts and users interacting with the blockchain from malicious attacks.
In turn, these solutions and practices can be categorized into two types: blockchain-based and non-blockchain-based. Here are some examples for clarity and note that these are just examples and not exhaustive lists.
1) Security solutions that feature blockchain
- Multisig Wallets: Wallets that require multiple signatures to execute a transaction, used to prevent unauthorized fund transfers in Web3 projects.
- Decentralized oracles: Smart contracts often need off-chain data (such as cryptocurrency prices). Using one or more decentralized oracles prevents malicious actors from providing incorrect information in these contracts.
- Gas fees: Surprisingly, non-zero gas fees are among the best deterrents against a common type of attack – DDoS. By making such spam attacks costly, they discourage the perpetrators.
2) Non-blockchain based security solutions
- Web3 Antivirus: These apps detect crypto scams, malicious smart contracts and phishing sites, alerting users before they sign potentially harmful transactions. Often available as browser extensions, some advanced wallets now include this feature as a built-in security measure. BlackFort Exchange Network CEO Stefan Huber continues: “When a user initiates an interaction with a dApp smart contract or wallet address, the antivirus built into our wallet scans it against a database of known frauds, simulates the transaction and informs prompt the user if it is safe to proceed with connecting to the dApp or sending encryption to a specific address.”
- Asset Custodians: These are market players who secure digital assets for others. While custodians typically use multi-point cold wallets and other blockchain-based solutions to protect their clients’ funds, the relationship between custodian and client remains traditional, with documents signed and fees paid off-chain.
- Multi-Factor Authentication: Good old MFA, especially using biometric authentication, is an effective way to protect crypto wallets.
Blockchain-based security
The term “blockchain-based security” refers to security systems and tools that use blockchain as an integral part of their technology. Such tools can be used in Web3, Web2, or the real world economy.
Among the most interesting use cases for blockchain-based security solutions are:
- Supply chains: Valuable items and shipments can be assigned unique blockchain identities to ensure authenticity and track the movement of goods. Perhaps the most important use case for blockchain in supply management is its ability to prevent ransomware attacks.
- The Internet of Things: Blockchain is used to authenticate individual devices (such as sensors) and accounts before they gain access to an IoT network. This can prevent data breaches, phishing attacks, malware installations and more.
- Data Security: Blockchain helps secure data and regulate access to sensitive files. For example, financial and medical records are often stolen and sold on the darknet, but such breaches can be prevented if any access requires the use of a private blockchain key.
In conclusion: the all-important human factor
Blockchain-based and legacy cybersecurity solutions must be used in combination to effectively protect Web3 projects and user funds. After all, Web3 platforms still run on virtual servers like AWS, and user-side wallets run on legacy devices.
At the same time, we must not forget the single most important element of cryptographic security at the end-user level: good practices for protecting the cryptowallet’s passphrase, private key, and password.
Most crypto thefts don’t happen because of code exploits, but because wallet owners inadvertently reveal their passphrases or private keys, click fake airdrop linksthey fall victim SIM swap scamsetc.
Worse, it’s common for Web3 projects to have their social media and GitHub accounts hacked, which are then used to steal money from end users. This shows that employees of blockchain projects often do not even follow the correct cyber security practices.
Understanding how hacks, crypto scams, phishing and social engineering attacks work is perhaps the most critical aspect of blockchain security. Without training both end users and project team members, no blockchain security solution will ever be sufficient to protect Web3 assets.
