There is a lot of talk about Web 3.0 and how it will disrupt how the internet operates and runs. In a nutshell, the evolution of the internet was marked by Web 1.0, which was read only. Then came Web 2.0, which spawned social media and gave us the read-write version of the internet that allowed anyone to create and publish their own content.
The latest wave that is predicted to come down and hit us like a tsunami is Web 3.0, which combines not just read-write, but also gives users ownership over their content, data and assets. That ownership piece of the equation is powered by cryptocurrencies, NFTs, smart contract computing, decentralized hardware infrastructure, decentralized finance (DeFi), decentralized autonomous organizations (DAOs) and other elements. Now depending on where you sit, you either find these things utterly confusing, the future of the web or the most elaborate long con in the history of humankind.
I am not qualified enough to argue either way, and neither am I here to convince you to rush out to set up a crypto wallet. Yet, I believe that Web 3.0, or at least many of the components that make it up, is here already and will continue to grow. Whether that will actually disrupt the traditional web is another thing entirely.
What we are currently seeing is what we see with any new innovation or technology. Criminals will rush to the scene and try to take advantage of the lack of controls and the lack of user awareness as to what constitutes a normal transaction.
According to the FBI’s annual crime statistics, 2021 saw over 20 incidents where at least $10m was stolen in digital currencies from a crypto exchange or project. In December, Crypto-exchange BitMart lost over $150m.
Users are also increasingly targeted, largely through social engineering attacks. For example, in October of last year, Coinbase disclosed that a threat actor stole cryptocurrency from 6000 customers after exploiting a vulnerability in its SMS multi-factor authentication service.
But stealing cryptocurrencies is not the only thing criminals target. As NFTs gain popularity, we are seeing more creative attacks. In a recent case described on Twitter, an unsuspecting victim unwittingly paid for a stolen NFT.
2/ What I did was simply to buy a NFT, as most of us do everyday. No red flags or anything.
— Marco Grassi Photographyᵍᵐ (@MarcoGrassi_) January 5, 2022
I select the piece, pay 1.5ETH for it and list it a few hours later for 2.9ETH. ⁰
In that moment little I know that the NFT has been previously stolen and sold to me by the thief.
The depressing thought is that none of these attack types or methods are new. They have been around since Web 1.0 and primarily rely on exploiting weak credentials, unpatched software or socially engineering people into making the wrong decisions.
New platforms and offerings built on Web 3.0 will improve their security over time – perhaps regulators will help the process along. However, alongside them, people must remain vigilant at all times. While the landscape might be new, the threats manifest themselves in very much the same way. As the adage goes, if something appears too good to be true, it usually is. So it is vital to remain vigilant and look out for red flags.