Because technology evolves, even the Internet will continue to evolve. We have progressed from Web 1.0 to Web 2.0 and are now embarking on the next iteration of the Internet — Web 3.0.
However, even in its early phases of development, Web 3 already has some security flaws that hackers are exploiting.
Continue reading to learn about recent Web 3.0 hacking horror stories and how to keep safe in the impending Web 3.0 age.
Web 3 exploits are becoming increasingly sophisticated.
While the decentralised applications (dapps) that we can already access are somewhat Web 3, we are not yet on a Web 3 Internet. There is still much work to be done before Web 3 is completely functional.
As regular media stories of Web 3 intrusions demonstrate, security is undoubtedly the most significant concern.
Web 3 will succeed only if current security concerns are addressed, making it nearly impossible for hackers to steal user funds.
A recent Twitter thread shared by thomasg.eth – the Founder of Arrow, a decentralised autonomous organisation (DAO) dedicated to the development of open-source vertical takeoff and landing aircraft (VTOL) and air taxi protocol – describing how he nearly lost all his ethereum (ETH) in what he described as a social engineering scam – demonstrates how Web 3 scams are perpetrated.
It began with a user named ‘heckshine’ contacting thomasg.eth on Discord to express their interest in Arrow and offer assistance. Heckshine then introduced Thomas to Linh, a VTOL enthusiast who is reportedly working on a metaverse project. Linh then announced that they had launched their staking programme and promised to provide thomasg.eth two distinct non-fungible tokens (NFTs).
Things became complicated when Thomas requested that the NFT be sent to his hot wallet, while Linh requested that it be sent to his primary wallet. When Thomas requested to view the contract prior to the NFT being transmitted to his primary wallet, Linh became abrasive. Thomas then noticed that the tokens he allowed were not Armstrong ETH, but Aave’s aWETH, and that nearly all of his ETH was parked in Aave on his main address. His only salvation was that he had chosen to shift the NFT to a new ETH address.
And Thomas is not alone. Todd Kramer, a collector of NFTs, claims to have lost 16 of his Bored Ape Yacht Club (BAYC) and other associated NFTs in a hacking incident.
Unlike Thomas, Kramer lost his NFTs as a result of a phishing assault after he clicked on a link that looked like an NFT dapp. The stolen NFTs are estimated to be worth approximately USD 2.2 million. Fortunately for him, he was able to retrieve a portion of them.
Regrettably, these stories are becoming more prevalent as hackers get more skilled.
How to keep safe in the nascent Web 3 world: five recommendations
Let’s take a look at some of the safeguards you might employ when entering the burgeoning world of Web 3 applications.
1. Do not connect your wallet to any dapp at random.
Web 3 is still in its infancy, and much remains unknown. If you’re utilising Web 3, the first security precaution to take is to avoid connecting your primary wallet to any decentralised application.
If you are required to connect your wallet to a dapp, ensure that it is the correct dapp in order to avoid losing your funds.
2. Do not click on Telegram or Discord links shared by others.
While Telegram and Discord allow you to communicate and interact with like-minded folks, you still have no way of knowing what people’s genuine intentions are on those platforms. And, just as you have been cautioned not to click on random links shared on the Internet unless their source can be verified, the same rule applies to links shared on Discord and Telegram.
Always exercise caution when clicking links to launch dapps, as they might easily redirect you. Ascertain that the link you are visiting is the one shared by the dapp on their social media platforms.
3. Avoid disclosing excessive amounts of personal information online.
Sharing excessive amounts of information online can expose you to social engineering assaults. Never provide personal information unless you are certain of its necessity and intended use.
Additionally, avoid sharing sensitive information associated with your primary wallet, such as transactional data.
4. Confirm that the individuals with whom you communicate online are who they claim to be.
Regrettably, it’s not possible to regulate who can contact you online. Individuals can conceal their true motivations for wishing to connect with you, but those motivations are not always pure. That being said, if somebody contacts you online, you must check that the person they claim to be is indeed who they claim to be.
Scammers can easily create accounts in the name of others and exploit such accounts to defraud unsuspecting individuals.
One technique to ensure that the person you’re speaking with is who they claim to be (especially when working in anonymous teams) is to contact them via other means. This way, you’ll know whether you’re speaking with the real person or an imitation.
5. Use distinct login credentials for distinct websites
Using the same credential on many social media or web pages is never a smart idea. Consider employing the services of a password manager. Not only will a good password manager generate secure passwords, but also ones that are unique. This manner, if one of your accounts is compromised, all of your other accounts will remain secure.
Although Web 3 is still in its infancy, it appears as though we may be on the verge of adopting this new version of the Internet within the next decade. However, before ordinary people may access the “decentralised Internet,” security concerns must be addressed. Otherwise, Web 3 may never materialise.
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.