Brian Pak, Co-founder and CEO of ChainLight, recently shared insights on the ongoing battle against Web3 hacks and DeFi exploits during an episode of the Public Key podcast, according to Chainalysis. Pak emphasized the importance of both technological improvements and law enforcement in addressing these security threats.
Public Key Episode 118: Securing Web3
During the podcast, Pak highlighted the evolving nature of Web3 security, noting that while law enforcement is increasingly involved, it alone cannot solve all problems. “We also should not pretend that law enforcement is going to solve the problem. It only helps, but it doesn’t completely solve the problem. There will always be attackers outside the reach of the law,” he said.
Pak discussed early days of ChainLight, from discovering bugs in Ethereum to creating innovative security solutions like Digital Asset Risk Tracker (DART) and the Relic Protocol. He elaborated on ChainLight’s efforts to combat illicit activities and enhance the safety and transparency of the Web3 ecosystem.
Combatting Web3 and DeFi Hacks
Pak explained that Web3 is often compared to the wild west due to frequent smart contract compromises and sophisticated hacker attacks. However, with the involvement of law enforcement and proactive builders like ChainLight, the industry is making strides in identifying and mitigating these threats.
ChainLight’s Digital Asset Risk Tracker (DART) is designed to identify illicit trends in memecoin projects by tracking around 60 different risk factors ranging from ownership verification to liquidity risks. This automated tool analyzes code and on-chain data to detect vulnerabilities that could result in unauthorized token creation, price volatility, or security breaches.
Relic Protocol and Historical Data Access
Pak also introduced the Relic Protocol, a trustless oracle for Ethereum’s historical data, enabling dApps to access historical data with maximal security and minimal gas costs. This protocol eliminates the need for centralized authorities, using zero-knowledge technology to prove historical data points.
One practical application of the Relic Protocol is in conducting airdrops. Traditionally, airdrops involve creating a whitelist off-chain, which can be manipulated. With the Relic Protocol, smart contracts can validate historical ownership of assets directly on-chain, reducing the risk of manipulation.
The Role of SEAL in Web3 Security
ChainLight is part of the Security Alliance (SEAL), a collaborative initiative aimed at enhancing Web3 security. SEAL brings together auditors, centralized exchanges, law enforcement, and other stakeholders to respond quickly and effectively to security incidents. This initiative also includes a Safe Harbor program, promoting a secure and sustainable ecosystem.
Pak shared a specific challenge faced by ChainLight when trying to alert a protocol team about a vulnerability. The delay in communication resulted in the protocol being drained before they could intervene. SEAL aims to address such issues by ensuring faster and more coordinated responses to security threats.
Looking Forward
Pak remains cautious about the future, noting that potential attacks in 2024 may include smart contract vulnerabilities, cross-chain bridge attacks, and governance manipulation. He also highlighted the growing threat of social engineering and phishing attacks, stressing the need for continued vigilance and collaboration within the Web3 community.
As Web3 continues to evolve, the efforts of organizations like ChainLight and initiatives like SEAL will be crucial in maintaining a secure and trustworthy ecosystem. Pak’s insights underscore the importance of a multi-faceted approach to security, combining technological advancements with proactive law enforcement and community collaboration.
Image source: Shutterstock