Web3 is the blockchain-powered version of the Internet. It’s an evolution of Web 2.0, with a focus on making data decentralized. Besides decentralization, Web3 boasts improved security over Web 2.0. The blockchain is nearly unhackable, considering that blocks are immutable, distributing data over many computers.
But everything has an exploitable loophole somewhere. While massive database breaches are not as common in Web3, threat actors operate on Web3 as much as they do on Web 2.0. Except the consequences of Web3 data breaches are even often far more humbling.
So is Web3 as secure as they claim it is? Let’s set the record straight and see how it’s less secure than Web 2.0.
1. Web3 Is Money-Tokenized
Since Web3 relies heavily on crypto for transactions, money is usually exchanged for a cryptographic token to access specific premium services or utilities across Web3. Some of these cost a fortune and might be fungible or non-fungible (NFT). While Web3 is decentralized in peer-to-peer transactions, the fact that cryptocurrency is its native money makes it a target ground for scammers.
Since it’s crypto, everyone is in it for the gain, and anyone can pull a scam token stunt on unsuspecting buyers in an avoidable pump-and-dump scheme. People have lost fortunes to rug pulls, fake token purchases, and scam Web3 projects for fear of not missing out. Fortunately, there are ways to spot scam crypto tokens.
2. You Are Responsible for Managing Your Assets
The Web3 decentralization concept implies you’ll be in complete custody of your data rather than storing it in a central database. While this is a more transparent version of Web 2.0, scammers leverage it to target users and exploit their vulnerability to steal from them.
Banks, for example, have the technical resources to secure your funds. Even if they lose your money, you can get a refund. Don’t expect a regular internet user left to manage their funds in digital wallets to be as meticulous. Besides, most users don’t know which links to click or avoid despite obvious red flags.
Web3 relies on crypto wallets to enable trustless transactions, help users connect to DApps, and exchange assets with other users. You can think of a crypto wallet as a personal purse. You’re responsible for keeping this safe—not the bank or any third party. Once you lose your wallet or any asset stored in it, you bear the loss alone. Thus, as Web3 tries to close the transparency gap, it’s opened a loophole exploitable via smart contracts.
3. Poor Transparency
Crypto transactions have a binding contract, which you must sign to consent. Once signed, you agree that a service can take part of your token or asset in the transaction. Transparent contracts tell you what you’re about to give. Unfortunately, many vague contracts and algorithms have infested crypto, affecting Web3 directly.
It’s highly questionable how merely clicking a malicious link can wipe your wallet clean. But it happens a lot in Web3. While hackers may not hack the blockchain powering Web3, they leverage social engineering to deceive unsuspecting users into connecting their wallets to a fake website and signing a scam contract. They do this via targeted emails, Discord hacking, or Twitter crypto scams.
A vivid example of such scams was when hackers accessed Bored Ape Yacht Club and OtherSide Discord channels and tricked members into clicking a fake mint site. Over 145 ETH and 32 NFTs, including blue chips, were stolen in that heist.
4. Poor Regulation and Financial Backup
There have been growing concerns over crypto regulations recently. The US SEC, for instance, maintains that cryptocurrencies aren’t digital assets but financial instruments. The agency has embarked on a clampdown on crypto companies that don’t comply with regulatory frameworks binding other financial securities.
SEC’s action may be seen by many as witch-hunting. But crypto, indeed, needs proper regulation. While condemning outright bans by regulators, even Changpeng Zhao, Binance CEO, agrees that crypto needs risk-based regulation.
Some decentralized exchanges (DeXes) that facilitate crypto transactions across Web3 also lack adequate backup to cover customers’ withdrawals; this is why crypto exchange platforms are coming up with proof of reserves (PoR). We witnessed many crypto failures in 2022 alone, resulting in customers losing their funds. The Terra/Luna crash and the FTX bankruptcy are some of the consequences of poor crypto regulation.
5. Untraceable Transactions and Poor Identity Management
Many Web3 transactions are pseudonymous and untraceable. Unfortunately, threat actors and cybercriminals leverage this attribute to engage in crimes.
International terrorism financing, ransomware payments, transborder drug transactions, and many more dreadful financial activities are crypto-financed. We’ve seen many cases where cybercriminals sell ransomware solutions in exchange for crypto via the dark web.
While this isn’t what Web3 or crypto is for, it remains an international concern as long as criminals use it as a veil for sending money.
Web3 Is Not a Safe Haven
While many crypto enthusiasts claim that Web3 is a more secure version of Web 2.0, it’s not a solid claim without assessing the security vulnerabilities ravaging Web3. Besides, you’ve seen many security areas left unchecked by Web3.
That said, diligent research about any Web3 app, service, or individual you want to interact with might prevent avoidable losses. Avoid connecting your crypto wallets to untrusted websites or apps and stop discussing your finances or assets you own with people you don’t know. You can’t tell who might be sniffing. You might also want to leverage some tools to detect crypto and Web3 scams.
Credit: Source link
