The 5 most common security issues for the Web 3.0 world – IT News Africa
Cisco Talos has revealed the top 5 Web 3.0 security risks. This latest iteration of the World Wide Web will include the immersive 3D experience known as the “Metaverse” – a virtual reality environment where people can explore, shop, play games, hang out with friends, attend a concert or take part in professional meetings.
“As the Internet transforms into a metaverse, a whole new range of opportunities, capabilities and functionalities are opening up to users, institutions, governments and businesses. Despite all these possibilities, Web 3.0 is also experiencing an increase security threats that can be exploited by hackers and criminals.The Cisco Talos research team conducted an in-depth analysis to highlight the most common security challenges, driven by cryptocurrency, blockchain technology , decentralized applications and decentralized file storage.
Plus, they offer information on what users should look for to stay safe and protected while online,” said Fady Younes, Director of Cybersecurity – Cisco Middle East and Africa.
Here are the 5 most common security issues expected for Web 3.0:
The growing popularity of digital currency has led to an increased use of Ethereum Name Service (ENS) domains. ENS domains are an easy to remember name used to find the associated cryptocurrency wallet address. This has led to popular domain names being registered and resold by third parties. Therefore, nothing prevents the owner of an ENS domain from using this name to trick unsuspecting users into believing that they are dealing with a legitimate organization. Additionally, these ENS domains point to wallet addresses, so anyone can inspect the contents of the wallet associated with the name at any time.
Adapting to new technology often comes with the threat of social engineering and Web 3.0 is no exception. Most security incidents affecting Web 3.0 users come from social engineering attacks such as wallet cloning. Users should be careful not to be tricked into sharing their “seed phrase”. If a cryptocurrency wallet is lost or destroyed, a user can recover their wallet and all of its contents using a 12-24 word “seed phrase” which is essentially their private key. Anyone who knows the seed phrase (private key) can clone a cryptocurrency wallet and use it as their own. Thus, many cybercriminals looking to steal cryptocurrency or NFTs (non-fungible tokens) target a user’s seed phrase.
- Beware of Fake Customer Support Agents
Another method used by attackers to separate users from their seed phrase is to impersonate a customer support agent offering to answer Twitter or Discord server requests publicly posted by users. Criminals monitor these channels and will contact users to offer “help” – ultimately leading them to share their seed phrases.
Whales are high profile cryptocurrency accounts that hold a large amount of cryptocurrency or NFT. Some estimates report that 40,000 whales hold 80% of the total NFT value and as such are an attractive target for cybercriminals. Scammers know that many small investors are watching the portfolios of these whales and will therefore socially entice them to invest in their own bogus projects. Most legitimate NFT projects freely release their source code for their smart contract. The fact that the code for this project has not been released should be a red flag for potential investors.
- Malicious smart contracts
While some attackers focus on exploiting bugs in legitimate smart contracts, other attackers take a different approach and write their own malware which is placed on the blockchain in the form of malicious smart contract code. Malicious smart contracts have all standard smart contract functions but behave in unexpected ways.