Two key security practices for Web3 startups from Israel Crypto Conference

Security remains one of the Web3 industry’s most important and relevant issues as decentralized finance (DeFi) protocols and enterprises continue to face exploits.

At the Israel Crypto Conference, Cointelegraph talked to Shahar Madar, the head of security products at Fireblocks, about the necessary steps Web3 startups should take to secure their platforms and users.

Madar told Cointelegraph that, in his experience, many new startups usually delay developing a security protocol to focus on growth.

However, Web2 models for enterprise security don’t work in a Web3 world with such an emphasis on finance. He said from the “attacker’s perspective,” they always look for a return on their project exploits.

“This is the thing that people miss. Everyone sees what they’re doing — the code is usually open source. Everyone can interact with their project and they are not prepared for that.”

Madar stressed that companies need to consider a security framework by asking important questions like, “How do you vet your team?” “How do you place access control?” and “How do you test your infrastructure map and prepare for the incident?”

“[Companies] need frameworks and products that help them hit the ground running in terms of security.”

According to the Fireblocks security head, for any fledgling startup in the Web3 space, two basic things are needed: the first being “access control.”

Access control means that not everyone at the company has the same access to different parts of a project. 

Related: Monero community lashes out against ‘Mordinals’ amid privacy concerns

Madar gave the example of a business developer being unable to deploy smart contracts, “not because they are a bad person,” but “rather from a security perspective with boundaries.”

The second thing is a game plan: to sit down and map out the project from the security perspective. He said developers should “imagine how you would hack yourself.”

“Start small but don’t hold off until later. The attacker is watching you, the attacker is waiting for you.”

He said all it takes to start making a game plan is simple “tabletop exercises” and set team meetings. 

This warning to Web3 startups comes as the space faced multiple compromises in the last week alone. On May 28, the Arbitrum-based Jimbos Protocol lost $7.5 million of Ether in a hack, while on May 19, the DeFi protocol WDZD Swap suffered a $1.1 million exploit.

Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story