At the Israel Crypto Conference, Shahar Madar, the head of security products at Fireblocks, highlighted the importance of security in the Web3 space and shared crucial insights for Web3 startups to protect their platforms and users. According to Madar, many young startups tend to postpone developing a security protocol in favor of focusing on growth. However, Web2 models for enterprise security are not sufficient in a Web3 world, where finance plays a central role.
From an “attacker’s perspective,” hackers are continually seeking a return on their investment in infiltrating a project. With the prevalence of open-source code, anyone can interact with a project, and many startups may not be prepared for potential security threats.
To address these concerns, Madar suggests that companies need to establish a security framework by asking essential questions such as how to vet a team, place access control, and test an infrastructure map to prepare for any incidents.
For any Web3 startup, Madar recommends implementing two basic measures. The first one is “access control,” meaning that not everyone within the company should have the same access to various project aspects. For instance, a business developer should not be able to deploy smart contracts. This precaution is not due to any ill intention but purely for security purposes and to maintain proper boundaries.
Secondly, Madar suggests creating a game plan by mapping the project from a security standpoint. Developers should imagine how they would hack their system and start with simple “tabletop exercises” and team meetings to devise strategies against potential threats. Emphasizing the urgency of security preparedness, Madar warns that attackers are always waiting for an opportune moment to strike.
As more startups heed this advice, they can avoid unfortunate situations like recent security breaches in the Web3 space. The Arbitrum-based Jimbos Protocol, for example, lost $7.5 million in Ether due to a hack on May 28, while the DeFi protocol WDZD Swap suffered a $1.1 million exploit on May 19. Addressing security concerns early in a project’s development is crucial for establishing trust and maintaining the safety of users and platforms alike in the rapidly evolving world of Web3 technology.