Two key security practices for Web3 startups from Israel Crypto Conference


Security continues to be one of the Web3 space’s most important and relevant matters, as protocols and enterprises continue to face exploits.

Cointelegraph spoke with Shahar Madar, the head of security products at Fireblocks, at the Israel Crypto Conference about what necessary steps Web3 startups should take to secure their platforms and users.

In his experience, Madar told Cointelegraph that many young startups usually put off developing a security protocol, for a focus on growth.

However, Web2 models for enterprise security don’t work in a Web3 world that has such an emphasis on finance. He said from the “attacker’s perspective,” they’re always looking for a return on their hack of a project.

“This is the thing that people miss. Everyone sees what they’re doing – the code is usually open source. Everyone can interact with their project and they are not prepared for that.”

Madar stressed that companies need to talk about a security framework asking important questions like, “How do you vet your team,” “How do you place access control,” and “How do you test your infrastructure map and prepare for the incident.”

“[Companies] need frameworks and products that help them hit the ground running in terms of security.”

According to the Fireblocks security head, for any young startup in the Web3 space, two basic things are needed, the first being “access control.”

Access control means that not everyone at the company has the same access to various aspects of a project. 

Related: Monero community lashes out against ‘Mordinals’ amid privacy concerns

Madar gave the example of a business developer not being able to deploy smart contracts. “Not because they are a bad person,” he said. “Rather from a security perspective with boundaries.”

The second thing is a game plan – to sit down and map out the project from the security perspective. He said developers should “imagine how you would hack yourself.”

“Start small but don’t hold off until later. The attacker is watching you, the attacker is waiting for you.”

He said all it takes to start making a game plan is simple “tabletop exercises” and set team meetings. 

This warning to Web3 startups comes as the space faced multiple compromises over the last week alone. On May 28, the Arbitrum-based Jimbos Protocol lost $7.5 million in Ether in a hack, while on May 19, the DeFi protocol WDZD Swap faced a $1.1 million exploit.

Magazine: $3.4B of Bitcoin in a popcorn tin: The Silk Road hacker’s story