Future of Web3 security with Immunefi and Brave CEOs: The Bug House 2022
Celebrating the myriads of accomplishments earned by the crypto ecosystem, Immunefi, Electric Capital, Bitscale Capital and MA Family together hosted The Bug House — a party for bringing together the global Web3 community.
In a panel hosted by Cointelegraph editor-in-chief, Kristina Lucrezia Cornèr, sat with Mitchell Amador, founder and CEO at Immunefi and Brendan Eich, founder and CEO of Brave browser to discuss the evolution of Web3 and its future trajectory.
“There’s a lot of Web2 in Web3. That’s a problem right now,” began Eich when asked about the ongoing Web2 to Web3 transition. From using trusted servers to sub-custody wallets, Amador believed that such Web2 sites could be full of adversaries. He also pointed out the recent EIP-5593 proposal, which aims to prevent man-in-the-middle attacks.
In Web2, there is a common practice of implementing security features post-launch through patches and antiviruses, which can be inherited by Web3 apps using such services. In addition, security concerns in Web3 stem from the centralization through dApp sites.
Speaking about the security concerns in Web3, Amador stated that hackers in Web3 are very different from Web2 hackers. According to him, there are two types of hackers. In Web3, hackers are found to be young, typically under the age of 35 and most under the age of 30.
In relation to the second type of hacker, Amador highlighted the influx of older tech-savvy individuals — “which many blockchain hackers lack” — that have spent a few years understanding Web3 and are able to break into the systems. He added:
“We’ve seen a number of these guys, including several of the top 10 hackers now; they just storm the leaderboard with their skills. They just need to get good enough.”
Supporting this stance, Eich added that, during the bull run era of 2021, he noticed the rise of reentrancy attacks. Brave has been using HackerOne to protect its in-house crypto wallets and has tripled its bug bounty to eradicate the wallet’s security concerns.
Eich further highlighted that Brave has total control over the browser and crypto wallets, which helps them fend off phishing attacks on the users. Brave has amassed a wide demography of users that prefer privacy, crypto or both, currently serving 20 million daily users, which, when compared to last year, has doubled.
When it comes to protecting the Web3 community, Amador believes it boils down to ethos:
“To wish for, fight for, and create a better world for which their most sinister and capricious behaviors simply won't work and won't be allowed. If we do that successfully, we will draw these expert security talents, their best executives, their best leaders over to our side and neuter them by destroying the base of their ability to work.”
Cornèr agreed with the duo as she stated that in Web3 security, it’s not only about money; it’s about the culture and values that the community protects, which brings out the need for education.
While Amador further revealed the efforts of Immunefi, Brave and other partners to work with the governments trying to make Web3 more accessible, adding:
“We’re in a position where we need to heavily lobby and ask for the support and graces of various other power players precisely because what we’ve built today is not good enough, not valuable enough and not safe enough.”
Eich, on the other hand, highlighted the need to develop better programming languages and tools to safeguard the systems. He called for a need to segregate the world of ethos from the world of bad programming. “Education sounds prim and proper. But if it doesn't have incentives, it's not gonna work,” he concluded.
As a bug bounty platform, Immunefi created trust and legitimacy in the industry by solving the problem related to projects not willing to pay up bug bounties after successful bug discovery. They did this by providing an impartial, third-party service that can mediate that interaction and make sure both sides come to the task.
Immunefi recently released a Whitehat Leaderboard for listing the top 20 most elite white hats in Web3.
“As the volume of saved funds continues to grow, the leaderboard is another opportunity to give our white hats the recognition they deserve, as well as to encourage them to keep pushing the boundaries to make the web3 ecosystem safer,” Amador noted in a statement.Source