How to Carry Out a Crypto Heist - Part 1Web3 Expert Delves Into the Mind of a Hacker and Tells How to Be One Step Ahead
Threat actors are targeting Web3 and making off with billions in stolen cryptocurrency, and they are using cryptocurrency mixers and blockchain bridges to launder money gained by ransoming thousands of businesses and government agencies.
How do the criminals find vulnerabilities and plan and execute attacks? How can organizations defend against such attacks? How can you use that information to mitigate and recover from a breach?
Martin Derka, head of new initiatives at Quantstamp, a Web3 security company, says you need to get into the mind of a hacker.
Timing is everything with hackers, he says. They attack when "nobody is looking and everybody is busy," including during holidays and cybersecurity conferences and if all else fails, in the middle of the night, he says.
In Part 1 of this interview with Information Security Media Group, Derka discusses:
- The prevalence of smart contract exploits and the limitations of code auditing;
- How to pick the right auditor for different projects;
- Cybersecurity best practices for Web3 platforms.
In Part 2 of this two-part interview, Derka discusses what a Web3 hack incident response should look like, how to address hard-to-solve issues such as the Profanity vulnerability, and why criminals are finding it harder to cash out stolen funds, especially in light of the U.S sanctioning crypto mixers such as Tornado Cash.
Derka helps Quantstamp secure projects prior to deployment and support crisis management in the aftermath of an exploit. He has years of experience in the development of smart contracts and platforms built on Ethereum, specializing in decentralized finance security and economic manipulations.