DeFi

Bitcoin DeFi Security Issues Still Lurking, Says Fireblocks Head

Published

8 months ago

on

Share this article



A decentralized Bitcoin (BTC) ecosystem has seen rapid development in 2024, with its total value locked (TVL) surging 263% so far and surpassing $1 billion. according to to the data aggregator DefiLlama. However, as a nascent sector in which builders attempt to create applications compatible with other blockchains, new security concerns could emerge as it grows.

Shahar Madar, Vice President of Security and Trust at Fireblocks, shared with Crypto Briefing his insights on the risks of Bitcoin decentralized applications and the security maturity of the decentralized finance (DeFi) ecosystem.

Crypto Briefing – Have you encountered any issues with the various applications built on Bitcoin that have concerned you?

Shahar Madar – I would say it’s very early. While I think there is a lot of discussion about Bitcoin DeFi, I’m not sure we’re at the stage where it’s as adopted as it could be. Bitcoin is definitely a staple of the blockchain industry and blockchain ecosystem. We consider Wrapped Bitcoin as one of the important tokens and our customers use it a lot.

Regarding DeFi rather than Bitcoin, personally I think it’s too early to tell. Usually the way you look at this sort of thing is that you iterate pretty quickly with different implementations. We have seen it. We see this even with the abstraction of accounts. We see this with certain technologies that we have been talking about for a very long time. As this place is very innovation driven, there will usually be many iterations.

I don’t know if this is specific to Bitcoin DeFi, but generally this sort of thing evolves over time. We only find the main problems or pain points when people start using it.

Crypto Briefing – Recent studies show that private key compromises are the most recurring and damaging attack vectors in the crypto industry. Do you think this will become an even bigger threat?

Shahar Madar – So, since day one, one of the core values ​​that Fireblocks has offered to institutions and, honestly, any organization, any business, is the ability to securely manage their operations and their keys, and securely integrate blockchains on one side.

So that part of private key compromise that a lot of people are familiar with is, in my opinion, heavily mitigated by how we generate the keys and how we store the keys for our clients. The way our self-cultivated platform works is that we leverage MPC and essentially break the private key into three different parts, each of which is kept in a different security vault, so it’s impossible to remove it .

I also want to add other important threats we are seeing today. One of them is the extension of the first one we are talking about, namely key custody. And that is the orchestration and management of smart contracts. We are at a point where people are using social engineering and stealing private keys from contract managers, owners and administrators. When this security process is done with our tokenization platform on top of Fireblocks, you’re obviously in much better shape, because you know it’s all going through our security user management and secure policy engine, which dictates the authorization flow.

If there is a sensitive operation related to the smart contract that you manage, and I say as a DeFi protocol owner, as a token manager and as a stablecoin issuer, you can also do that through the platform Fireblocks. I think this mitigates a lot of that risk of private key compromise.

Another attack vector is dishonest employees, dishonest internals preying on you or being hacked, and attackers exploiting their access and privileges against you. This is the extension of private key management.

We’ve also expanded our DeFi security offering, and this is geared more towards people who transact and operate on-chain. Essentially, this expands what we’re offering them, the ability to authorize sensitive operations with smart contracts and dApps. We expanded this metric because one of the threats we see is phishing dApps, scams that impersonate legitimate decentralized applications or simply malicious smart contracts, which target all traders.

We launched this new suite of features, essentially analyzing every dApp connection you make through the Fireblocks platform, analyzing every interaction you have with a smart contract, and simulating every control call you have, so you can have a idea of ​​what is happening. the expected result. You can feel more comfortable and know what will happen once you approve it. And we’ve integrated that into the whole operational flow that we know institutions that use Fireblocks go through.

Crypto Briefing – Do you think new institutions entering the crypto market now know how to ensure proper custody? Do they prefer to have their own on-call team or do they want to work with companies like Fireblocks?

Shahar Madar – Absolutely. These institutions understand, they enter a space after careful consideration and due diligence. They know there’s an opportunity, but they’re also very knowledgeable about cybersecurity in general. Many of them, when they come to us, also want to learn.

So they’re looking to partner with someone who is an expert in that field. They still have a security team, but still, nine times out of ten, they understand that it’s better to partner and leverage existing technology than to build their own.

Most people don’t grow their own tomatoes, so they don’t need to invent the wheel. If there is battle-proven technology and Fireblocks is definitely one of them, you should use it and be on top. We’re investing a lot and working closely with our big companies who are looking at the market or going all-in and using Fireblocks. We help them with education, we help them understand the best practices that we use in Fireblocks and their entire business around that.

Finally, we listen to them too. That’s part of the reason we offer a lot of customizations and a lot of different deployment models, because we understand that what’s right for a very small business, a very small startup of three guys and a dog, n t’s not the same thing that suits a large institution.

Crypto Briefing – From the previous bull cycle to this one, which has just started, are you seeing any significant developments in crypto security?

Shahar Madar – It’s a cat and mouse game with the attackers. As Fireblocks and as an industry as a whole, we are fighting for broader adoption and better security standards. And we have come a very long way since our inception. And the attackers are still trying to get to us, right? They are always trying to move forward. They’re trying to find new ways to get in and it’s our job as people working in a block of the security ecosystem to continue to pursue them, to continue to block them, to research and investigate what’s going on. ‘they do.

I think our industry overall is doing better than it was two, three, four or five years ago. But on the other hand, we see exploiters changing, evolving, and trying to get ahead of the latest protections and defenses put in place.

It’s a never-ending game. You must continue to research, track and improve. And as far as the role of blocking security companies in space, I think that’s a big part of it. You need to stay informed about the latest threats. And if that’s not the case, and if you’re just using the same technology that you developed five years ago, you’re not going to keep people safe.

Share this article



The information available on or accessible through this website is obtained from independent sources believed to be accurate and reliable, but Decentral Media, Inc. makes no representations or warranties as to its timeliness, completeness or the accuracy of any information available on or accessible through this website. . Decentral Media, Inc. is not an investment advisor. We do not give personalized investment or other financial advice. Information on this website is subject to change without notice. Some or all of the information contained on this website may become out of date, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any information that is out of date, incomplete or inaccurate.

Crypto Briefing can enrich articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable, actionable insights without losing the insight – and oversight – of experienced crypto natives. All AI-augmented content is carefully reviewed, including for factual accuracy, by our editors and writers, and always draws on multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on any ICO, IEO or other investment based on the information contained in this website, and you should never interpret or rely in any way on the information contained in this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for the analysis or reporting of any ICO, IEO, cryptocurrency, currency, tokenized sales, securities or materials firsts.

See complete general conditions.

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version