Traditional Cybersecurity Vs. Blockchain-Based Solutions: Main Issues
Web3 enthusiasts sometimes propose replacing traditional security systems with decentralized solutions. However, this juxtaposition is misguided, as the two types of security solutions serve different purposes – and Web3 projects can still benefit from traditional security frameworks.
Security is one of the most often quoted advantages of blockchain over traditional databases and financial networks. Indeed, data saved on blockchain cannot be altered, manipulated, or destroyed, unlike data saved on regular servers. Nevertheless, there is a lot of confusion between two different concepts: blockchain security and blockchain-based security.
Let’s clarify the differences between these concepts, as well as the limitations of decentralized systems. Stefan Huber, CEO of BlackFort – the first L1 network to offer a multichain wallet with built-in antivirus – comments:
“What most people do not understand is that on-chain and off-chain security solutions are complementary, not alternatives. Industries like healthcare and manufacturing can definitely benefit from blockchain-powered identity management and access control, but Web3 also needs regular cybersecurity frameworks, as some features are too expensive to replicate on-chain.”
Blockchain security
Blockchain security is an umbrella term covering the systems, solutions, and practices used to protect blockchain networks, decentralized applications, funds stored in smart contracts, and users interacting with the blockchain from malicious attacks.
In turn, these solutions and practices can be categorized into two types: those that are blockchain-based and those that are not. Below are a few examples for clarity, and please note that these are just examples and not exhaustive lists.
1) Security solutions that feature blockchain
- Multisig wallets: Wallets that require multiple signatures to perform a transaction, used to prevent unauthorized fund transfers in Web3 projects.
- Decentralized oracles: Smart contracts often need off-chain data (like cryptocurrency prices). Using one or more decentralized oracles prevents malicious actors from supplying incorrect information to these contracts.
- Gas fees: Surprisingly, non-zero gas fees are among the best deterrents against a common attack type – DDoS. By making such spamming attacks costly, they discourage perpetrators.
2) Security solutions that do not rely on blockchain
- Web3 antiviruses: These apps detect crypto scams, malicious smart contracts, and phishing websites, alerting users before they sign potentially harmful transactions. Often available as browser extensions, some advanced wallets now also include this feature as a built-in security measure. BlackFort Exchange Network CEO Stefan Huber continues: “When a user initiates an interaction with a dApp smart contract or a wallet address, the antivirus integrated into our wallet scans it against a database of known scams, simulates the transaction, and immediately informs the user if it is safe to proceed with connecting to the dApp or sending crypto to a specific address.”
- Asset custodians: These are market players who secure digital assets for others. While custodians typically use cold multisig wallets and other blockchain-based solutions to protect their clients’ funds, the relationship between a custodian and a client remains traditional, involving signed documents and fees paid off-chain.
- Multi-factor authentication: The good old MFA, especially using biometric authentication, is an effective way to protect crypto wallets.
Blockchain-based security
The term’ blockchain-based security’ denotes security systems and tools that use blockchain as an integral part of their technology. Such tools can be employed in Web3, Web2, or the real-world economy.
Among the most interesting use cases of blockchain-based security solutions are:
- Supply chains: Valuable items and shipments can be assigned unique blockchain identities to ensure authenticity and track the movement of goods. Perhaps the most significant use case for blockchain in supply management is its ability to prevent ransomware attacks.
- Internet of Things: Blockchain is used to authenticate individual devices (such as sensors) and accounts before they access an IoT network. This can prevent data breaches, phishing attacks, malware installations, and more.
- Data security: Blockchain helps secure data and regulate access to sensitive files. For example, financial and medical records often get stolen and sold on the darknet, but such breaches can be prevented if any access requires the use of a private blockchain key.
In conclusion: the all-important human factor
Blockchain-based and legacy cybersecurity solutions must be used in combination to effectively protect Web3 projects and user funds. After all, Web3 platforms still operate on virtual servers like AWS, and user-side wallets are run on legacy devices.
At the same time, we must not forget about the single most important element of crypto security on the end-user level: correct practices for protecting one’s crypto wallet secret phrase, private key, and password.
Most crypto thefts occur not because of code exploits but because wallet owners inadvertently reveal their seed phrases or private keys, click on fake airdrop links, fall victim to SIM-swapping scams, etc.
Even worse, it is common for Web3 projects to have their social media and GitHub accounts compromised, which are then used to steal money from end-users. This shows that employees of blockchain projects often do not follow correct cybersecurity practices either.
Understanding how hacks, crypto scams, phishing, and social engineering attacks work is probably the most crucial aspect of blockchain security. Without educating both end users and project team members, no blockchain security solution will ever be sufficient to protect assets in Web3.