KyberSwap’s $47M Reentrancy Attack: A Deep Dive into the Exploit
Let’s take a closer look inside a $47M reentrancy attack on KyberSwap.
🇺🇦 Hacken stands with Ukraine!Learn more
As you probably know from the history curriculum at school, the Internet was invented in 1969 as a military technology during the Cold War. In the USA, the centralized computer had controlled the country’s nuclear weapons before the decentralized network of devices spread across the state was developed. Thereby the USA prevented possible attacks that would disable its system. It was the emergence of the idea of decentralization.
In 1989, Tim Berners-Lee created the World Wide Web (WWW) that enabled people to browse content easily. At its first stages, WWW was mostly used by researchers and students, no mass adoption took place. World Wide Web technology reached a broad audience only 5 years later when the first browsers like Internet Explorer and Mosaic were launched. Users had dial-up connections but the process of content downloading could last forever. It was Web 1.0, it was decentralized. Since Web 1.0 was open-source, every user could build on it. But Web 1.0 was ready-only, only a handful of users with special technical skills could create content on it. Web 1.0 sites were serving static content rather than dynamic html.
The situation changed in 2005 when the Web 2.0 infrastructure was brought by such sites as YouTube, Twitter, or Facebook. It was the time of mass adoption of the Internet since everyone could publish content or create their own web pages. Web 2.0 was powered by large centralized data centres. At that time, people also started actively using smartphones to connect to the Web. It was the period of monetization of users’ data, that may be also called exploitation. In the Web 2.0 environment, users did not have any control over their data and the ways it was stored. Also, Web 2.0 did not protect users from arbitrary intervention into their experience. For example, shutting down bank accounts by a government or blockage of certain websites.
And now we are living in the era of Web 3.0 transformation that began in 2018 when the first Web 3.0 Summit took place. Internet 3.0 is about re-decentralization.
Web 3.0 is about the end of dependence on a single server or database. Web 3.0 websites and applications will run on decentralized networks, blockchain, or peer to peer nodes. Virtual assets are likely to become an indispensable element of the new Web 3.0 reality.
The basic characteristics of Web 3.0 semantic web are:
International payments and transactions are integrated into Web 3.0 websites and apps through crypto wallets ensuring anonymity and security. Users will have the opportunity to join online communities and influence their governance through tokens. Web 3.0 is not a radically new version of the Internet to which the global community will shift. The transition to Internet 3.0 has already started.
Web 3.0 companies are focused on eliminating the challenges affecting the current Web 2.0 infrastructure. Namely, the monopolism of tech giants related to owning users’ data. Users cannot monetize information they provide to tech giants through their behaviour. In Internet Web 3.0, content creators will not need to share profits with intermediaries. Web 3.0 definition is also about the evolution of ownership structure. Internet Web 3.0 provides ownership to a much larger share of stakeholders. The further growth of Web 3.0 is inevitable.
Blockchain is the key element of the Web 3.0 environment. Blockchain is a distributed database shared among computer network nodes providing a protected and decentralized record of transactions. Blockchain eliminates intermediaries. Blockchain technology stores information in blocks (groups) and each block holds a set of data. Each block has its specified capacity and once it is full, it becomes closed and connected to the block that was previously filled. Thereby a chain of data is formed. New sets of data enter a fresh block. One of the key features of blockchain is immutability, all transactions are permanently recorded, they cannot be altered or deleted. Thus, the second name of blockchain is distributed ledger technology.
Blockchain allows the spread of data among a number of geographically distributed nodes. Blockchains may hold such types of data as state identifications, legal contracts, or the entity’s product inventory. By deploying a personal node or using a blockchain explorer, everyone can track the flow of transactions. But all records in blockchain are encrypted and a private key is required for decryption. Blockchain technologies are becoming widely used in the banking sector, healthcare industry, in supply chains and can be utilized during the voting process to ensure its fairness and transparency.
The shift to Web 3.0 reality will make businesses more transparent and user-centric. The developers of applications will try to integrate blockchain technology into their solutions. Web 3.0 technology enables entrepreneurs to provide services to people that are traditionally provided by large corporations such as financial and insurance services. Web 3.0 will be widely adopted by companies with broad supply chain structures such as companies operating in the automotive industry. The integration of artificial intelligence to evaluate information will allow businesses to improve their decision-making processes. Web 3.0 will also change the interaction between a government and businesses by boosting discussion on whether the market needs so many regulations. An increase in investments in innovations will become a must-have for businesses focused on leadership in the Web 3.0 semantic web.
Businesses develop decentralized applications that can run on any platform so they will suit each operating system. As a result, entities will be able to save costs and improve scalability.
On Web 3.0 websites and apps, information is held on data blocks across a vast network of computers. Thus, to access the network, malicious actors need to access all computers which is an energy-consuming process and, generally, ineffective.
Web 3.0 technology eliminates restrictions on cross-border commercial activity through token payment systems allowing users to move virtual assets without any delays or intermediaries. Internet Web 3.0 limits the arbitrary interference of a government into business since decentralized apps do not operate on a central server but rather rely on a decentralized network. Thus, authorities cannot easily shut down their activities.
Web 3.0 makes businesses more open to investments made by common people. The introduction of decentralized autonomous organizations has given every stakeholder equal rights to vote via tokens thereby impacting the company’s development. As a result, users may be strongly motivated to invest their money into startups realizing that they will also participate in their governance.
Generally, hyper-personalization of customer experience will become a key target for businesses in the Web 3.0 world.
Since 2020, the global community is facing a rapid increase in the popularity of blockchain among people. According to the crypto adoption data provided by Triple-A, more than 300 million people worldwide own cryptocurrencies and more than 18,000 businesses accept payments made in crypto. These data were collected in Q1 2021. Compared to this period, the market capitalization of crypto has doubled at the end of Q4 2021, thus, the figures on the current state of crypto adoption worldwide may be much higher. Web 3.0 examples are NFTs, online pieces of art that can be purchased through crypto, their popularity indicators the rapidly going Web 3.0 transformation. Companies are establishing special teams or departments focused on Web 3.0 and incorporating Web 3.0 concepts in their strategies. For example, in December 2021 Hacken released its Strategy 2022 in which the main focus has been made on the company’s place in the new Web 3.0 cybersecurity space. One of the biggest technological giants Twitter considers enabling users’ to log into the social network and make tweets using their crypto account.
In the foreseeable future, Web 3.0 technologies will exist alongside the current Web 2.0 infrastructure. Web 2.0 companies will integrate Web 3.0 examples in their processes to preserve competitiveness. For instance, the leading gaming company Ubisoft has become the first player in this industry to focus on NFT adoption. In December 2021, it released the collection of limited edition NFTs in its military shooter game Ghost Recon Breakpoint. Titles containing NFT are becoming widespread in the gaming industry even despite some rejection from the side of players.
Users will continue sharing their data. However, they will know how this data is used by companies and for how long. For example, if the company collecting the user’s data sells it to third parties, this user will know it and will be eligible to get compensation. One of the features of Web 3.0 websites and applications is open source code allowing anyone to check it for flaws thereby contributing to the project’s security. Instead of providing highly valuable data to providers, users share their cryptographically secured digital identities.
Apart from visible security benefits associated with Web 3.0 transformation, this process is also creating challenges. Anonymous transactions on distributed leaders are accompanied by such risks as smart contract logic hacks. The regulatory environment is not yet prepared for Web 3.0 adoption and, thus, industry players cannot rely on sufficient legal protection.
Taking into account one of the key roles played by smart contracts in the Web 3.0 future, smart contract audit may become one of the most demanded services in the industry. The Hacken team expects that the market for security audits will grow from $150M in 2021 to more than $1B in 2026 (>6X growth). There is huge growth potential in the Web 3.0 cybersecurity market since it is currently 23X undervalued according to the estimations made by Hacken.