Polygon’s chief security officer says his department now has 10 experts to ensure top-notch cybersecurity practices are implemented and encourages other crypto firms to do the same.
Polygon security chief Mudit Gupta has urged Web3 companies to hire traditional security professionals to put an end to easily avoidable hacks, arguing that perfect code and cryptography are not enough.
Speaking to Cointelegraph, Gupta noted that several recent crypto breaches were ultimately the result of Web2 vulnerabilities such as private key management and phishing attacks to obtain logins, rather than poorly designed blockchain technology.
Adding to his point, Gupta stressed that getting a certified smart contract security audit without using standard Web2 cybersecurity practices is not enough to protect users’ log and wallets from exploitation:
“I’ve pushed at least every major company to hire a dedicated security professional who really understands the importance of key management.”
“They have API keys that have been in use for decades. As such, there are appropriate best practices and procedures that must be followed. To keep these keys safe. There should be proper audit logging and risk management in these things. But as we have seen, these crypto companies just ignored all this,” he added.
While blockchains are often decentralized on the backend, “where users interact with [applications] through a centralized website,” one should always “take care to implement traditional cybersecurity measures in relation to factors such as Domain Name System (DNS), web hosting, and email.” Security. said Gupta.
Gupta also emphasized the importance of private key management, citing the $600 million Ronin Bridge hack and the $100 million Horizon Bridge hack as textbook examples of the need to tighten private key security procedures:
“These hacks had nothing to do with blockchain security, the code was fine. Cryptography was ok, everything was ok. Except for the key management there was none. The private keys were not kept secure, and the architecture worked in such a way that if the keys were compromised, the entire protocol was compromised.”
Gupta suggested that the current mindset of blockchain and web3 firms is that “if you get phished, that’s your problem,” he argued, however, that “if we want mass adoption,” web3 firms take more responsibility should, instead of just doing work. Minimum:
“We don’t just want minimal security for ourselves, which relieves us of responsibility. We want our product to be really safe for users, so we think about what traps they might fall into and try to protect users from that.”
Polygon is an interoperability and scaling platform for building Ethereum-compatible blockchains that enables developers to build scalable and easy-to-use decentralized applications.
Related: Cross-chains in sight: Hacks require more effective defenses
Now that Polygon has a team of 10 security experts, Mudit wants all Web3 companies to take the same approach.
Crypto hacks surpassed the $2 billion mark after the $190 million Nomad Bridge hack in August, according to analytics firm Chainalysis.