The Future of Web3 Security with CEOs Immunefi and Brave: The Bug House 2022
Celebrating the myriad achievements of the crypto ecosystem, Immunefi, Electric Capital, Bitscale Capital and MA Family have together hosted The Bug House – a party to bring together the global Web3 community.
In a panel hosted by Cointelegraph, Editor-in-Chief Kristina Lucrezia Cornèr sat down with Mitchell Amador, Founder and CEO of Immunefi, and Brendan Eich, Founder and CEO of Brave browser, to discuss the evolution of Web3 and its future trajectory.
“There’s a lot of Web2 in Web3. It’s a problem right now,” Eich said when asked about the ongoing transition from Web2 to Web3. From using trusted servers to underguarding wallets, Amador thought these Web2 sites could be full of adversaries. He also has underline the recent proposal EIP-5593, which aims to prevent man-in-the-middle attacks.
In Web2, there is a common practice of implementing post-launch security features through patches and antivirus, which can be inherited by Web3 applications using these services. Additionally, security issues in Web3 stem from centralization through decentralized application (DApp) sites.
Talking about Web3 security issues, Amador said that Web3 hackers are very different from Web2 hackers. According to him, there are two types of hackers. In Web3, hackers turn out to be young, usually under 35 and most under 30.
As for the second type of hacker, Amador pointed to the influx of older, tech-savvy individuals — “which many blockchain hackers lack” — who have spent a few years understanding Web3 and are able to break into the systems. He added:
“We’ve seen a number of these guys, including several of today’s top 10 hackers; they just storm the leaderboard with their skills. They just need to get good enough.
Supporting this position, Eich added that during the bull run era of 2021, he noticed the rise of reentrancy attacks. Brave uses HackerOne to protect its in-house crypto wallets and has tripled its bug bounty to root out wallet security issues.
Eich further pointed out that Brave has full control over the browser and crypto wallets, which helps them ward off phishing attacks against users. Brave has amassed a broad demographic of users who prefer privacy, crypto, or both, currently serving 20 million daily users, which has doubled from last year.
When it comes to protecting the Web3 community, Amador believes it comes down to philosophy:
“Wishing, fighting and creating a better world that their most sinister and capricious behaviors simply won’t work and won’t be allowed. If we do this successfully, we will attract these expert security talents, their best executives, their best leaders to our side and neutralize them by destroying the basis of their ability to work.
Cornèr agreed with the duo as she said that in Web3 security, it’s not just about money; it is about the culture and values that the community protects, which highlights the need for education.
While Amador further revealed efforts by Immunefi, Brave and other partners to work with governments trying to make Web3 more accessible, adding:
“We are in a position where we have to lobby and ask for support and pardons from various other powerful players precisely because what we have built today is not good enough, not valuable enough and not safe enough.”
Eich, on the other hand, pointed to the need to develop better programming languages and tools to protect systems. He called for the need to separate the world of ethos from the world of bad programming. “Education seems paramount and appropriate. But if there are no incentives, it won’t work,” he concluded.
As a bug bounty platform, Immunefi has created trust and legitimacy in the industry by solving the problem of projects being unwilling to pay bug bounties after successful bug discovery. To do this, they have provided an unbiased third-party service that can mediate this interaction and ensure that both parties get the job done.
Immunefi recently released a Whitehat ranking to list the top 20 elite white hats in web3.
“As the volume of funds saved continues to grow, the ranking is another opportunity to give our white hats the recognition they deserve, as well as to encourage them to keep pushing the boundaries to make the web3 ecosystem safer. “Amador noted in a statement. .