By Marcus Naughton
When people used to browse the internet in the early 2000s, the main attraction on offer was the downloading of content and less about social interaction – with that brought avenues for viruses that would cause havoc and produce financial gain for attackers. These were an inconvenience for the average user, which led them to begin using anti-viruses to provide some level of protection. People quickly learned not to click on random pop-ups, download weird files, and become more skeptical of the websites they used to pirate movies and music. Limewire was an infamous example of this.
As the internet evolved in the 2010s, so did the avenues of attack. Identity theft became a lucrative source of financial reward, with the growth of centrally controlled platforms operated by large commercial businesses. Attackers could focus on single targets for a bigger payoff. Users begin to give less attention to their own safety by-in-large as they kept to platforms they knew and trusted, and subsequently entrusted those very same platforms to safeguard their data. The failure of these platforms (like in 2019, where Facebook’s internal data was exfiltrated), started to erode this long-held trust.
But with the rise of Web3 and the underlying thesis of ‘ownership’ for all users, the cost-benefit analysis of security being a ‘nice to have’ has structurally shifted to being a ‘must have.’ Users again released that they were in control of their property, and their data.
Attribution: Dylan Calluy on Unsplash
Web3: more to own, more to lose
Even though Web3 is still in its infancy, this next broad version brings users the opportunity to own a part of their experience on the internet, but this time, unburdened by the need to manage and host their property (as they were required to in the early days of Web2, like through phpBB.)
“This is the vision of the read/write/own web,” Harvard Business Review journalist, Thomas Stackpole, wrote in April. “In theory, a blockchain-based web could shatter the monopolies on who controls information, who makes money, and even how networks and corporations work.”
But the very changes that make Web3 compelling also place consumers at more risk. Hackers did not explicitly target individual users because they didn’t own/have anything of value to steal in the past – they targeted corporations and those who centralized user data. Web3 shifts that paradigm with individual users having digital goods worth hundreds if not tens of thousands (or millions) of dollars in their possession while they browse the internet.
And the biggest risk? Unlike in Web2 where users could call their institutions, there is no real institution to ask for your funds back if they get stolen in a hack in Web3. Although it should be noted that Ethereum decided as a community to reverse the damages of the DAO, leading to the creation of Ethereum Classic – so this course of action is something only available at a collective level.
Consider BAYC’s Discord was hacked where attackers stole 100ETH+ in value, or where Opensea’s Discord was attacked in a similar way.
This irrecoverability is a significant problem for Web3, and demands that solutions be created to mitigate attacks are mounting. After all, ownership is inherently valuable; if people dedicate their time and resources to developing their crypto holds and NFT collections, they need to know that their blockchain assets will be safe from harm. Unlike Web2, security cannot be an afterthought — it needs to be a core component of the Web3 experience.
Users need to once again, take on the reins of understanding effective ways of protecting their assets from harm on Web3, just like the Web2 users did before them. But this time, we have a multitude of new players in the space to prevent a repeat of the past few decades.
A new generation of security companies address this problem
With Web3 communities being targeted by many sophisticated social engineering and phishing attacks, a new crop of security startups are risen to address particular pain points.
To mitigate smart contract-related hacks Quantstamp, a YC company, has used its smart contract audit technology to secure over $200B worth of total smart contract value.
To protect Web3 communities, we now more than ever need to learn from the past two decades of safety and anti-spam tooling and combine it with advances in large-language-models AI (like GPT-J or OPT) to get a head start in the race for protecting this new frontier.
As Web3 looks to onboard the next billion users, ensuring that these users are safe and protected from hacks and scams is a critical requirement for Web3 to truly become mainstream.
About the author:
Marcus Naughton is an Entrepreneur First graduate who launched Chatsight as an AI security solution to help community managers moderate content and prevent scams. Marcus has been programming since age eight. He graduated with an LLB (with Economics) from the University of Limerick in 2019, while experimenting with AI/NLP projects. He was the 2019 national winner of the Red Bull Basement competition and has a first Dan black belt in Taekwondo.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.
Image and article originally from www.nasdaq.com. Read the original article here.