Beware the crossroads: The dangerous overlap of web2 and web3 | Opinion
08/29/2024 18:07To mitigate the newfound security risks posed by the web2-web3 dependency, the tech community must accelerate the adoption of fully decentralized systems.
Disclosure: The views and opinions expressed here belong solely to the author and do not represent the views and opinions of crypto.news’ editorial.
Web3 has emerged as a beacon of hope for a more secure, transparent internet, promising to address many privacy and data control issues that have long plagued centralized web2 systems. Yet, as web3 expands, it often interacts with web2 networks in risky ways. This intersection is a breeding ground for new forms of cyber threats—threats that, if left unchecked, could undermine the very security web3 is built to provide.
While many tech enthusiasts are eager to embrace web3, the reality is that the transition from web2 to web3 is neither clean nor seamless, and it exposes vulnerabilities that hackers and phishers are quick to exploit. If web3 is to foster a safer digital ecosystem, it must first reckon with the weaknesses it inherits from its predecessor.
Critical vulnerabilities at the web2-web3 intersection
Web2 and web3 represent vastly different approaches to the internet. Web2 relies on centralized servers and data collection models, concentrating power within a few large corporations. Web3 decentralizes control by placing data ownership in the hands of users through blockchain, a distributed ledger technology.
However, these two systems are far from separate. Many web3 applications still rely on web2 infrastructure, including domain names, storage, and APIs. This dependency exposes web3 to web2’s centralized weaknesses. For instance, a web3 platform using a cloud provider for off-chain storage could be vulnerable to a server breach. Similarly, web3 platforms with web2 interfaces remain vulnerable to phishing attacks and DNS hijacking.
Phishing exploits: Web2 weaknesses in web3 environments
Phishing has been a long-standing threat in web2 environments. In web3, the process is similar: malicious actors use fake interfaces that mimic legitimate platforms, tricking users into revealing private keys or signing malicious transactions.
These attacks rely on web2 weaknesses, such as spoofed domain names and fraudulent emails, to deceive users into thinking they are interacting with a legitimate decentralized platform. For example, a phishing scheme targeting a DeFi platform might use a spoofed web2 website to compromise web3 wallets and steal funds. Consequently, the overlap of these two networks creates new ways for bad actors to blend traditional phishing attacks with new technologies, posing significant threats for users who assume decentralization alone protects them.
Benefits of web3’s transparency and decentralization
Despite the above risks, web3 still offers hope for a more secure internet through its decentralized and transparent frameworks. Blockchain, the backbone of web3, is an immutable ledger that resists tampering far more effectively than traditional web2 databases. Smart contracts eliminate the need for intermediaries who can be compromised, while decentralized identity solutions give users control over their digital identities, reducing the effectiveness of phishing attacks.
Furthermore, web3’s transparency allows users to verify transactions and audit systems in real-time, offering a level of security and accountability that is difficult to achieve in web2’s opaque structures. By distributing control across multiple nodes, web3 reduces the risk of large-scale data breaches that are all too common in centralized systems.
Accelerating web3 adoption to mitigate online security risks
To mitigate the newfound security risks posed by the web2-web3 overlap, the tech community must accelerate the adoption of fully decentralized systems. As long as web3 remains partially dependent on web2 infrastructure, it will continue to be vulnerable to hybrid attacks that exploit the weaknesses of both systems.
Already, we are seeing how fully decentralized systems can enhance security. In the DeFi space, for example, users transact directly with each other without relying on intermediaries, reducing the risk of third-party exploitation. Additionally, dApps built on blockchain networks allow users to securely interact with platforms without traditional logins or centralized data storage.
Regardless, realizing web3’s full potential will require commitment from developers and industry leaders to build a decentralized infrastructure that operates independently of web2. This means investing in decentralized storage solutions, identity protocols, governance systems, and other similar platforms—all with the goal of mitigating risks inherent in the current hybrid space to create a more secure digital landscape.
Ronghui Gu is the co-founder of CertiK and an Associate Professor of Computer Science at Columbia University. He holds a Ph.D. in Computer Science from Yale University and a Bachelor’s Degree from Tsinghua University. As the primary designer and developer of CertiKOS and SeKVM, Professor Gu has been recognized with numerous awards, including the OSDI Jay Lepreau Best Paper Award, the SOSP Best Paper Award, two Amazon Research Awards, a CACM Research Highlight, and a Yale Distinguished Dissertation Award.