Security remains one of the Web3 industryโs most important and relevant issues as decentralized finance (DeFi) protocols and enterprises continue to face exploits.
At the Israel Crypto Conference, Cointelegraph talked to Shahar Madar, the head of security products at Fireblocks, about the necessary steps Web3 startups should take to secure their platforms and users.
Madar told Cointelegraph that, in his experience, many new startups usually delay developing a security protocol to focus on growth.
However, Web2 models for enterprise security donโt work in a Web3 world with such an emphasis on finance. He said from the โattackerโs perspective,โ they always look for a return on their project exploits.
โThis is the thing that people miss. Everyone sees what theyโre doing โ the code is usually open source. Everyone can interact with their project and they are not prepared for that.โ
Madar stressed that companies need to consider a security framework by asking important questions like, โHow do you vet your team?โ โHow do you place access control?โ and โHow do you test your infrastructure map and prepare for the incident?โ
โ[Companies] need frameworks and products that help them hit the ground running in terms of security.โ
According to the Fireblocks security head, for any fledgling startup in the Web3 space, two basic things are needed: the first being โaccess control.โ
Access control means that not everyone at the company has the same access to different parts of a project.ย
Related: Monero community lashes out against โMordinalsโ amid privacy concerns
Madar gave the example of a business developer being unable to deploy smart contracts, โnot because they are a bad person,โ but โrather from a security perspective with boundaries.โ
The second thing is a game plan: to sit down and map out the project from the security perspective. He said developers should โimagine how you would hack yourself.โ
โStart small but donโt hold off until later. The attacker is watching you, the attacker is waiting for you.โ
He said all it takes to start making a game plan is simple โtabletop exercisesโ and set team meetings.ย
This warning to Web3 startups comes as the space faced multiple compromises in the last week alone. On May 28, the Arbitrum-based Jimbos Protocol lost $7.5 millionย of Ether in a hack, while on May 19, the DeFi protocolย WDZD Swap suffered a $1.1 million exploit.
Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hackerโs story
