Polygon CSO Claims Recent Series Of Hacks Due To Web2 Security Vulnerabilities

Polygon Chief Security Officer Mudit Gupta outlined that several of the recent hacks in crypto were ultimately a result of Web2 security vulnerabilities such as private key management and phishing attacks to gain logins, rather than poorly designed blockchain tech.

Interviewed with Cointelegrap, Polygon’s CSO commented that some recent crypto hacks were caused by Web2 security vulnerabilities such as  private key management and phishing attacks to gain logins, rather than poorly designed blockchain tech.

Furthermore, Gupta underlined that obtaining a certified smart contract security audit alone is insufficient to safeguard a protocol and users’ wallets from being used for nefarious purposes.

“I’ve been pushing at least all of the major companies to get a dedicated security person who actually knows that key management is important.”

He said

“You have API keys that are used for decades and decades. So there are proper best practices and procedures one should be following. To keep these keys secure. There should be proper audit trail logging and proper risk management around these things. But as we’ve seen these crypto companies just ignored all of it,”

He added

While blockchains are often decentralized on the backend, “users interact with [applications] through a centralized website,” so implementing traditional cybersecurity measures around factors such as Domain Name System (DNS), web hosting and email security should always “be taken care of,” said Gupta.

In addition, Gupta underlined the significance of managing private keys, citing the $600 million Ronin bridge hack and the $100 million Horizon bridge hack as textbook instances of the necessity to strengthen private key security protocols.

“Those hacks had nothing to do with blockchain security, the code was fine. The cryptography was fine, everything was fine. Except the key management was not. The private keys […] were not securely kept, and the way the architecture worked was if the keys got compromised, the whole protocol got compromised.”

Polygon Chief Security Officer Mudit Gupta has called on Web3 companies to hire traditional security experts to put an end to easily preventable hacks, arguing that perfect code and cryptography is not enough.

He also said that his department currently employs 10 experts to ensure top cybersecurity practices are in place, recommending that other crypto companies do the same.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Foxy

CoinCu News

Polygon CSO Claims Recent Series Of Hacks Due To Web2 Security Vulnerabilities

Polygon Chief Security Officer Mudit Gupta outlined that several of the recent hacks in crypto were ultimately a result of Web2 security vulnerabilities such as private key management and phishing attacks to gain logins, rather than poorly designed blockchain tech.

Interviewed with Cointelegrap, Polygon’s CSO commented that some recent crypto hacks were caused by Web2 security vulnerabilities such as  private key management and phishing attacks to gain logins, rather than poorly designed blockchain tech.

Furthermore, Gupta underlined that obtaining a certified smart contract security audit alone is insufficient to safeguard a protocol and users’ wallets from being used for nefarious purposes.

“I’ve been pushing at least all of the major companies to get a dedicated security person who actually knows that key management is important.”

He said

“You have API keys that are used for decades and decades. So there are proper best practices and procedures one should be following. To keep these keys secure. There should be proper audit trail logging and proper risk management around these things. But as we’ve seen these crypto companies just ignored all of it,”

He added

While blockchains are often decentralized on the backend, “users interact with [applications] through a centralized website,” so implementing traditional cybersecurity measures around factors such as Domain Name System (DNS), web hosting and email security should always “be taken care of,” said Gupta.

In addition, Gupta underlined the significance of managing private keys, citing the $600 million Ronin bridge hack and the $100 million Horizon bridge hack as textbook instances of the necessity to strengthen private key security protocols.

“Those hacks had nothing to do with blockchain security, the code was fine. The cryptography was fine, everything was fine. Except the key management was not. The private keys […] were not securely kept, and the way the architecture worked was if the keys got compromised, the whole protocol got compromised.”

Polygon Chief Security Officer Mudit Gupta has called on Web3 companies to hire traditional security experts to put an end to easily preventable hacks, arguing that perfect code and cryptography is not enough.

He also said that his department currently employs 10 experts to ensure top cybersecurity practices are in place, recommending that other crypto companies do the same.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Foxy

CoinCu News