Polygon’s chief security officer says his department now has 10 experts to ensure the implementation of best-in-class cybersecurity practices, and encourages other crypto firms to do the same.
Mudit Gupta, director of security at Polygon, urged Web3 companies to hire traditional security professionals to end easy-to-avoid hacking, arguing that perfect code and cryptography are not enough.
Speaking to Cointelegraph, Gupta explained that some of the recent crypto hacks ended up being related to Web2 vulnerabilities such as private key management and login phishing attacks, rather than poorly designed blockchain technology.
Gupta added to his point by emphasizing that getting a certified smart contract security audit without adopting standard Web2 cybersecurity practices is not enough to protect users’ journal and wallets from exploitation:
“At the very least, I urged all major companies to hire a dedicated security officer who really knows that key management is important.”
“They have API keys that have been in use for decades. As such, there are relevant best practices and procedures to follow. To keep these keys safe. There must be proper audit trail and risk management associated with these things. But as we saw, these crypto companies just ignored everything,” he added.
Although blockchains are often decentralized at the back end, “users interact with [applications] through a centralized website”, so the implementation of traditional cybersecurity measures regarding factors such as the Domain Name System (DNS), web hosting, and email security is always “supported” “. should,” Gupta said.
Gupta also highlighted the importance of private key management, citing the $600 million Ronin Bridge hack and the $100 million Horizon Bridge hack as textbook examples of the need to tighten private key security procedures:
“These hacks had nothing to do with blockchain security, the code was fine. The crypt was ok, everything was ok. With the exception of key management, this was not the case. The private keys weren’t secure, and the architecture worked in such a way that if the keys were compromised, the entire protocol was compromised.”
Gupta suggested that the current mindset of blockchain and Web3 firms is that “if you get phished, that’s your problem”, however he argued that “if we want mass adoption” Web3 firms will instead have to take take on more responsibility. just do the bare minimum:
“For us, we don’t just want a minimum level of security that keeps accountability at bay. We really want our product to be safe for users, so we think about what traps they can fall into and try to protect users from this.”
Polygon is an interoperability and scaling platform for creating Ethereum-compatible blockchains that allows developers to build decentralized applications that are scalable and easy to use.
Related: Crosshairs in Crosshairs: Hackers Demand Better Defense Mechanisms
Now that Polygon has a team of 10 security professionals, Mudit wants all Web3 companies to take the same approach.
Since the $190 million Nomad Bridge hack in August, the number of cryptocurrency hacks has crossed the $2 billion mark, according to Chainalysis, a data analytics firm.