Summary

At Breakpoint 2023, the subject of security in the rapidly growing Web3 industry was front and center, bringing to light the persistent vulnerabilities and the dire need for a responsible and mature approach to security. The presentation, given by Boaz Shoshan, Head of BD of SEC3, was both a critique and a wake-up call to developers within the Web3 space. Drawing on personal experiences and industry benchmarks, Shoshan underscored the importance of recognizing their own limitations and implementing robust security measures to safeguard the sector’s credibility and progress.

Key Points:

The Reality of Security in Web3

Shoshan opened his speech by expressing frustration with developers for not taking security seriously, illustrating his point with the tragic story of a young founder who attempted suicide following a breach. This incident symbolizes the serious consequences of security oversights and the urgent need for developers to ground themselves in reality and avoid preventable mistakes. Shoshan's account is a poignant reminder that behind the optimism and festivities of tech events lies a grave responsibility to uphold security and protect not just assets but lives.

Maturity and Lessons Unlearned

Despite the maturity of Web3 and blockchain technologies, there is a troubling trend of repeated mistakes, as evidenced by individuals who suffered losses both during the Mt. Gox incident and the FTX collapse. Shoshan notes a concerning lack of learning from past errors, emphasizing that while in other industries lessons are integrated over time, the Web3 community exhibits a distressing pattern of forgetfulness and repetition when it comes to security practices.

An Examination of Web3 Security

Shoshan critically examines the state of Web3 security standards, finding a lack of established procedures and consistent application. He contrasts this with historic public skepticism towards new technologies like electricity, suggesting that recurring security breaches in Web3 could similarly fuel distrust and hinder adoption. By failing to learn from past mistakes, the industry risks not only financial losses but also broader reputational damage that may slow its advancement.

The Alignment and Misalignment of Security Measures

The motivation behind security measures oftentimes seems to be more about compliance and marketing rather than genuine protection, leading to a misalignment between purpose and action. Developers and projects, driven by urgency or cost-efficiency, may opt for the cheapest security audits or those demanded by exchanges, without considering the quality and rigor needed. Shoshan urges developers to adopt a more responsible mindset to improve security at a fundamental level.

Facts + Figures

• A young DeFi protocol founder attempted suicide following a breach, signaling serious consequences of security neglect.
• A total of $1.3 billion has been lost to hacks in the current year alone in the Web3 space.
• The VC investment in Web3 during this period is slightly above $3.4 billion, accentuating the impact of breaches relative to invested funds.
• Historic comparisons were drawn between public resistance to early electricity adoption and current skepticism towards blockchain technologies.
• Shoshan highlighted the importance of structural alignment between projects and security firms while expressing concern about current misalignments.

Top quotes

• "This is a very serious industry with very serious consequences, and you need to take it seriously."
• "It really did drive home to me, just how some developers, you know, you think you're a gigabrain, you think you can do anything, you think that bad things won't happen to you because you're so smart, and bad things do happen, and as a result, you completely lose your frame of reference."
• "If there's anything that you're going to take away here, I'm not really here to shill a bag, I'm mostly trying to tell you to keep yourself grounded in reality and not let yourself make mistakes when you could avoid them."
• "Why are we not learning from our mistakes? Why is this happening so much?"
• "Security is not progressing in line with the technology."
• "Every time that there is a serious security breach in the world of Web3, it actually does everybody a disservice."

Questions Answered

Why is Web3 security important?

Web3 security is vital as it guards not only the substantial financial assets involved but also profoundly affects individuals’ lives and the reputation of the entire industry. The seriousness of security in the Web3 space is highlighted by the consequences of breaches, which can range from financial ruin to personal tragedies.

What are the current Web3 security standards?

Currently, the Web3 industry lacks established and universally accepted security standards. Developers and projects often rely on the cheapest available audits for compliance, which may not be sufficiently rigorous to protect against sophisticated threats.

How does the history of technology adoption compare to Web3's current situation?

The historical resistance to the adoption of electricity is comparable to current skepticism surrounding blockchain tech. As with early electricity infrastructure, the Web3 industry faces public doubt, with every significant security breach potentially eroding trust and impeding growth.

What might incentivize developers to prioritize security?

Developers should recognize that the economic and reputational stakes are high for the entire Web3 ecosystem. Security must be seen as a foundational aspect of Web3 development, with the realization that secure platforms strengthen the entire industry and lead to broader adoption and growth.

What lessons can Web3 developers learn from past industry mistakes?

Web3 developers need to learn the importance of incorporating lessons from past breaches to avoid repeating the same errors. Security practices should not be an afterthought or purely for compliance and marketing; they should be fundamental components of project development to protect users and ensure longevity.