{"id":491384,"date":"2022-09-09T01:37:14","date_gmt":"2022-09-08T22:37:14","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/polygon-cso-blames-web2-security-gaps-for-recent-spate-of-hacks\/"},"modified":"2022-09-09T01:37:14","modified_gmt":"2022-09-08T22:37:14","slug":"polygon-cso-blames-web2-security-gaps-for-recent-spate-of-hacks","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/polygon-cso-blames-web2-security-gaps-for-recent-spate-of-hacks\/","title":{"rendered":"# Polygon CSO blames Web2 security gaps for recent spate of hacks"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a273993649c1\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a273993649c1\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/polygon-cso-blames-web2-security-gaps-for-recent-spate-of-hacks\/#%E2%80%9D_Polygon_CSO_blames_Web2_security_gaps_for_recent_spate_of_hacks_%E2%80%9C\" >&#8221; Polygon CSO blames Web2 security gaps for recent spate of hacks &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Polygon_CSO_blames_Web2_security_gaps_for_recent_spate_of_hacks_%E2%80%9C\"><\/span>&#8221; Polygon CSO blames Web2 security gaps for recent spate of hacks &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDkvYTQwOWIyNTctZDAwYy00NTJiLWJkZDEtODM4NmQ2NTIzYzBkLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-71846793>Polygon Chief Security Officer Mudit Gupta has urged Web3 companies to hire traditional security experts to put an end to easily preventable hacks, arguing that perfect code and cryptography are not enough.\u00a0<\/p>\n<p>Speaking to Cointelegraph, Gupta outlined that several of the recent hacks in crypto were ultimately a result of Web2 security vulnerabilities such as private key management and phishing attacks to gain logins, rather than poorly designed blockchain tech. <\/p>\n<p>Adding to his point, Gupta emphasized that getting a certified smart contract security audit without adopting standard Web2 cybersecurity practices is not sufficient to protect a protocol and user&#8217;s wallets from being exploited:<\/p>\n<blockquote><p>\u201cI&#8217;ve been pushing at least all of the major companies to get a dedicated security person who actually knows that key management is important.\u201d<\/p><\/blockquote>\n<p>\u201cYou have API keys that are used for decades and decades. So there are proper best practices and procedures one should be following. To keep these keys secure. There should be proper audit trail logging and proper risk management around these things. But as we&#8217;ve seen these crypto companies just ignored all of it,\u201d he added.<\/p>\n<p>While blockchains are often decentralized on the backend, \u201cusers interact with [<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lications] through a centralized website,\u201d so implementing traditional cybersecurity measures around factors such as Domain Name System (DNS), web hosting and email security should always \u201cbe taken care of,\u201d said Gupta. <\/p>\n<p>Gupta also emphasized the importance of private key management, citing the $600 million Ronin bridge hack and $100 million Horizon bridge hack as textbook examples of the need to tighten private key security procedures:<\/p>\n<blockquote><p>\u201cThose hacks had nothing to do with blockchain security, the code was fine. The cryptography was fine, everything was fine. Except the key management was not. The private keys [&#8230;] were not securely kept, and the way the architecture worked was if the keys got compromised, the whole protocol got compromised.\u201d<\/p><\/blockquote>\n<p>Gupta suggested that the current sentiment from blockchain and Web3 firms is that if \u201cyou fall for a phishing attack, it&#8217;s your problem,\u201d but argued that \u201cif we want mass adoption,\u201d Web3 companies have to take more responsibility rather than doing the bare minimum. <\/p>\n<blockquote><p>\u201cFor us [&#8230;] we don&#8217;t want just the minimum safety that keeps the liability away. We want our product to be actually safe for users to use it [&#8230;] so we think about what traps they might fall into and try to protect users against them.\u201d<\/p><\/blockquote>\n<p>Polygon is an interoperability and scaling framework for building Ethereum-compatible blockchains, which enables developers to build scalable and user-friendly decentralized applications. <\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Cross-chains in the crosshairs: Hacks call for better defense mechanisms<\/em><\/strong><\/p>\n<p>With a team of 10 security experts now employed at Polygon, Mudit now wants all Web3 companies to take the same approach.<\/p>\n<p>Following the $190 million Nomad bridge hack in August, crypto hacks have now surpassed the $2 billion mark, according to blockchain analytics firm Chainalysis.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"crypto_biz\"><\/template>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/polygon-cso-blames-web2-security-gaps-for-recent-spate-of-hacks\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Polygon CSO blames Web2 security gaps for recent spate of hacks &#8220; Polygon Chief Security Officer Mudit Gupta has urged Web3 companies to hire traditional security experts to put an end to easily preventable hacks, arguing that perfect code and cryptography are not enough.\u00a0 Speaking to Cointelegraph, Gupta outlined that several of the recent&#8230;<\/p>\n","protected":false},"author":1,"featured_media":491385,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDkvYTQwOWIyNTctZDAwYy00NTJiLWJkZDEtODM4NmQ2NTIzYzBkLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74894,74882,113408,74355,117,70375,75134],"class_list":["post-491384","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-blockchain","tag-hacks","tag-polygon","tag-adoption","tag-business","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/491384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=491384"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/491384\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/491385"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=491384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=491384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=491384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}