KyberSwap’s $47M Reentrancy Attack: A Deep Dive into the Exploit
Let’s take a closer look inside a $47M reentrancy attack on KyberSwap.
🇺🇦 Hacken stands with Ukraine!Learn more
Modern businesses are focused on choosing the new competitive strategies to dominate the market in the coming decade. Turning to Web3 may constitute their jump to new heights.
But why have we assumed that Web 3.0 is an inevitable future? What big benefits does it provide to businesses and common people? And what about security, hacks, and exploits in Web 3.0 that we hear all the time? We’ll cover everything in detail in this extended research.
Short answer is that Web 3.0 is the next stage of evolution of the global digital economy. For better understanding, let’s dive deeper into Web3 key features.
Web 3.0 is the technological foundation that will enable people to spend more time in the digital realm. Web3 assets are fungible crypto and NFTs while Web3 infrastructure is a set of tools and protocols designed to support ecosystem functioning.
The main attributes of the new realm are information gathering and sharing, learning, deep user involvement, and commerce. Web 3.0 encompasses such elements as targeted marketing, AI models, and all features related to the broad term “Metaverse”.
Web3 is first of all about decentralization. It is cutting dependence on intermediaries through smart contracts built on blockchain. Thereby users get ultimate control over their data and its management and get paid in tokens when they decide to sell this information. For individual users, Web3 offers attractive socialization benefits such as extended reality allowing them to interact with other people in the virtual world.
Since information is not stored in large centralized databases, the risk of massive data leaks is much lower in Web 3.0 compared to Web 2.0. The more fragmented the data transmission and storage process, the higher the level of security.
For businesses, Web3 offers great optimization opportunities through easy access to past records and reduction of human biases via the development of decentralized autonomous organizations (DAOs) enabling transparent and automated decision making processes. For marketing companies, Web3 infrastructure creates the foundation for fully personalized advertising thereby improving companies’ interaction with customers.
Thus, the global journey to Web3 has already started and with all associated advantages, the technological world will not stop until reaching the new realm.
Blockchain technologies may be described by such characteristics as decentralization, immutability, security, and transparency. They allow everyone to check and validate data with no third-party intervention required. Smart contracts as the key element of blockchain automate the execution of transactions by allowing users to set pre-determined terms of the agreement. Thereby people can be certain of the transaction outcome. Virtual assets such as cryptocurrencies allow users to carry out rapid transactions with minimal fees and risks. Users just need to know the recipient’s wallet (exchange) address and network.
Every new technology has its flaws and weaknesses undermining users’ trust and confidence. Although Web3 opens huge opportunities for both users and businesses, as of now, it is characterized by a high level of security risks.
Who’s better to know about security grey-zones and unethical behavior in Web3 than Hacken. Despite all the flaws and hacks, the blockchain ecosystem offers so much more potential than inherently centralized Web2. Feasible monetization for end-users instead of you being the product. Earning returns for contributions and having a voice instead of worrying about privacy, censorship, and data collection. This is what all technology enthusiasts are striving for.
Hacken’s mission is to transform Web3 into an ethical industry. Getting there requires an industry-wide shift in how we think about security. Let’s then start from what we know about security in Web3.
Due to the lack of regulation and control from the side of law enforcement bodies, the Web3 companies become a lucrative target for malicious actors. At the same time, they still neglect investing in security considering it additional expenses rather than a competitive advantage.
According to the Crypto Crime report by Chainalysis, in 2021, cybercriminals took control of $14B compared to just $7.8B in 2020. At the same time, between 2018 and 2022, crypto investors have lost around $55B due to hacks, scams, rug pulls, and other malicious activities from the side of projects themselves meaning that the last 4 years account for 95% of all-time losses. The biggest scam ever has been the Terra Classic where investors from all over the world have lost around $40B.
Decentralized Finance (DeFi) is hit the hardest. In two years, attacks on centralized crypto exchanges decreased to an absolute minimum. Hacks and scams now take place in the realm of DeFI.
Defiyield Rektbase has records of 668 exit scams & rug pulls, 219 exploits, 104 access control attacks, and 50 flash loan attacks. Investors and users lost $60.5 billion in DeFi due to scams, hacks, and exploits. Only 4% returned.
Web3 market is also full of one-day projects, the ventures pushing strong short-term marketing campaign and collecting users’ assets for the only purpose – exit the market with all money. One-day projects may have a strong whitepaper, attractive and functional website, interactive social media pages and even the first version of their product. However, these projects do not invest anything in security. They do not undergo security audits and do not cooperate with reputable security vendors. As of now, the market capacity to detect and fight against these projects is limited to a few security platforms such as CER.live that monitor the market and inform communities about projects with high risk of unethical behaviour.
Many prominent projects striving to integrate Web3 technologies in their processes are focused on offering innovative solutions to users while paying non-adequate attention to educating them on how to use these solutions and what is their real value. When projects neglect education, they limit their own growth potential. People are afraid of entering any initiatives when there is no clear picture of what and how they will get. Education should be treated as one of the main drivers of the Web3 global revolution.
Companies trying to integrate Web3 technologies mostly consider moving their business in a single direction. They develop a breakthrough solution, conduct very active marketing campaigns, and then focus on further product development. Thereby they are meeting a single need of users while, in the new Web3 realm, users’ needs will become much broader varying from entertainment to security, financial management, and socialization. As of now, to fully dive into the Web3 realm, users need to interact with dozens of projects simultaneously resulting in spending huge amount of time and concentration.
The upcoming decade will surely be the period of fundamental technological transformation that will change the way people interact with companies and their solutions. It will be the period of ambient experience strengthening the role of intuitive interfaces and of-the-way affordances to better cater to the needs of users. Thus, the companies developing technologically breakthrough solutions should focus on making them easy-to-understand for users through interactive education and elimination of any possible barriers.
Only the companies that take cybersecurity seriously will be relevant and successful. Right now, most cryptocurrencies don’t take cybersecurity seriously. But forces inside and outside Web 3.0 will make cybersecurity a definite must-have.
Web2 transitions into Web3
Traditional enterprises in Finance/Banking, Technology, Pharmacy, & Telecom are the fastest adopters of blockchain technology. Implementing blockchain entails cybersecurity issues with smart contracts, digital wallets, regulatory compliance, data management, and p2p transactions. Dozens of established and reputable organizations with $1billion in revenue and 1,000+ employees will not tolerate the current level of risks in Web3. Traditional banking, investment, finance, fintech and insurance want to use blockchain. For them, the only way forward is to improve the appalling state of cybersecurity in Web3.
As they inevitably adopt blockchain technology, traditional enterprises will pour billions in Web3 cybersecurity because they cannot afford the risks.
To succeed in the upcoming decade, companies should focus on addressing the main concerns of users related to Web3 technologies, namely, poor security and low level of users’ knowledge about new tech. Among the key determinants of companies’ future success there is also a focus on diversification of their solution portfolio to avoid being fully dependent on a single solution’s performance.
The main issues faced by users in Web 3.0 are non-adequate security, possible manipulations (scam), and lack of users’ knowledge about new technologies and solutions. In Web 2.0, these issues are mostly addressed by reputable auditors such as Big Four companies (Deloitte as an example) and consulting companies such as Boston Consulting Group. For example, let’s take a look at the factors behind the success of Deloitte. The key determinants of Deloitte’s success in the market are strong attention to quality, transformation-focused business logic, integrated approach to doing business, and readiness to operate in the abnormal environment. Also, visible business success of Deloitte has been made possible through a high level of accountability of the company’s employees and managers. The provisions specified in the company’s announcements and strategies are not empty words but rather a precise plan of actions.
As of August 2022, there are around 13K projects either offering Web3 solutions to people or using virtual assets as the core financial and interaction instrument. Among all these brands, there is a very small (by the number of projects) segment called Cybersecurity and Hacken is among the brands listed in this segment. Hacken is founded by ex Deloitte manager Dyma Budorin and we offer both B2B and B2C cybersecurity solutions with embedded educational content.
We also conduct regular market researches, organize meetups with industry enthusiasts, monitor the market security while diversifying our product portfolio to fully meet the growing security needs of our clients, partners, and community. We are proud to note that Hacken has one of the lowest incident rates among auditors working with Web3 companies.
Hacken’s role is to make Web3 free of unethical players while assisting projects in developing solutions free of security flaws and functional bugs. Thereby we are solving the main issues attributable to the current state of Web3 development – insufficient security and unethical behaviour from the side of some market players. One of the methods used by Hacken to solve these issues is active communication with our community about cybersecurity fundamentals.
Our leadership board is fully transparent uniting security and Web3 enthusiasts who regularly attend industry conferences and meetups. We are accountable for the business decisions we make. By reading our Strategy 2022, you can see that Hacken positions itself as “Deloitte” in Web3 by focusing on three core pillars: industry security improvement, popularization of Web3 among users, and ecosystem development to ensure sustainable business growth.
Overall, Web 3.0 has already become a new reality. Although the global business has not fully reached the new destination, the course is clear. To lead business in the Web3 realm, companies need to be ready to operate in the abnormal environment in which users will be finally put at the center of all business processes. Ecosystem companies with a focus on security and education will surely become the fastest-growing brands in the new Web3 realm.