Professor Ronghui Gu at Certik

Web3 in 2024 was a year of both progress and danger. Regulatory breakthroughs such as US Bitcoin and Ethereum Exchange Trade Funds (ETFs) approvals have shown mainstream acceptance, but the industry is hidden by a surge in hacks and fraud, risking billions of dollars I exposed it to.

To unlock the scale of these threats, I spoke with Professor Ronghui Gu, co-founder of Certik. The company’s latest Hack3D: The Web3 Security Report 2024 reveals a loss of $23.6 billion in 760 on-chain incidents. Since last year. With only phishing attacks responsible for almost half of these losses, the findings underscore the urgent need for stronger security measures across the ecosystem.

Beincrypto: What were the key factors behind the number of Ethereum target attacks?

Professor GU: Ethereum’s status as the most popular EVM chain reflects its success, but it is also a major target for exploits given the numerous projects and users operating on the network.

Additionally, an open and configurable ecosystem allows developers to build existing protocols. This allows for inadvertent vulnerabilities to be introduced through interconnected dependencies while driving innovation. Frequent deployment of experimental or unverified code by new projects further increases these risks.

Beincrypto: How can the industry fight with the rise of phishing attacks that caused nearly 50% of the losses in 2024?

Professor GU: Education, innovation, and collaboration are key to dealing with the growing threat of phishing attacks. Educating users about identifying red flags, including suspicious links, unsolicited communications, and fake websites is essential for prevention. Clear and continuous communication about these risks allows individuals to protect themselves.

On the technical side, integrating sophisticated detection systems such as AI-driven threat monitoring and real-time alerts can help organizations stay ahead of attacks. Industry-wide collaboration to share threat intelligence and best practices further strengthens defense.

Beincrypto: Which defi protocol is the most vulnerable and what steps can you take to enhance security?

Professor GU: In 2024, we observed an increase in private key compromises and phishing incidents across ecosystems. This represents a general shift from contract vulnerability to human vulnerability. This is often considered the weakest link in such systems.

The two-step protocol that two maximum step protocols can be implemented to keep them secure is to securely store private keys and implement robust procedures to prevent employees themselves from targeting.

beincrypto: How effective was it to address repeated issues with smart contract exploits?

Professor GU: Overall, losses due to code vulnerabilities have been down year-on-year since 2022, suggesting that smart contracts are becoming more secure. In addition to this, due to the fact that code vulnerabilities are difficult to find, except for the very skilled bug hunters, perhaps we have a secret key compromise and a transition to phishing. I’ve seen it.

Beincrypto: Did Bitcoin and Ethereum ETF approvals put the ecosystem under a new type of threat?

Professor GU: These products bridge traditional finance and crypto, and are exposed to regulatory arbitrations, insider trading, and threats from bad actors targeting both investors and institutions involved in these products. It may be possible.

Cybersecurity threats such as storage services and attacks on ETF infrastructure are of great concern. Protecting these assets requires robust security protocols, such as cold storage solutions and real-time monitoring.

Furthermore, transparency in ETF operations and collaboration with regulators can help mitigate risks. Bitcoin and Ethereum ETFs represent positive steps in mainstream adoption, but they ensure that security and trust in these products are paramount to their long-term success.

beincrypto: What role does user education play in easing compromises on private keys?

Many incidents are attributed to a lack of understanding of safe practices, such as key protection and recognition of social engineering tactics. Educating users on secure storage methods, such as hardware wallets and encrypted backups, minimize exposure.

Additionally, training users to identify phishing schemes, avoiding the sharing of sensitive information, and using multifactor authentication further strengthens the overall security attitude.

Beincrypto: How are blockchain developers tackling the increasing sophistication of hacking tactics?

Professor GU: Many developers integrate advanced encryption methods, improve consensus mechanisms, and carry out strict security audits. Formal verification processes help you ensure that your smart contract code is free of vulnerabilities, but AI and machine learning tools monitor your network in real time to detect and neutralize anomalies.

Beincrypto: What lessons can the Web3 industry learn from the biggest attacks of 2024 to shape future security frameworks?

Professor GU: I generally hope for stronger regulations, including from institutions such as MICA and governments in Europe, improved security measures, and broader educational efforts to mitigate risks related to hacking and fraud. . But as technology advances, so will the strategies adopted by bad actors.

The industry must stay ahead of these threats by fostering collaboration between developers, regulators and security experts. With persistent efforts, crypto-related losses can decrease over time, but vigilance is still important.

Certik’s Hack3d: Web3 Security Report 2024 gives a detailed look at the biggest risks facing the ecosystem, as well as the important take-outs that will help projects and users stay ahead of new threats. Read the entire report here for deeper insights into trends, attack vectors, and solutions that shape Web3 security.