Despite all the diligence, and dedication of project founders and development teams working day and night in crypto bad actors continuously steal the limelight. It only takes one flaw to lose hundreds of millions of dollars and with such high stakes, no one can afford to be reckless with security.
It’s the hidden utility within all of the protocols and websites we interact with on a daily basis. Whether it’s in Web2 or Web3 security is an essential element that we usually only pay attention to when it’s too late.
It’s a point that’s close to the heart of our security advisor, Christodoulos Chiras. Chris is a senior cybersecurity engineer skilled in penetration testing, vulnerability management, email security, and data loss prevention.
About how the crypto community in general is changing its attitude to security he says, “The community is devoting more attention to security and due diligence. This happens through hard-learned lessons sometimes which is very unfortunate and does not represent the hard work, vision, and daily grind of most projects out there.”
Unfortunately, these lessons come at a cost to many of the people who can least afford them. For instance, the many small retail investors who trusted FTX with their crypto didn’t realize until it was too late that they didn’t actually own it anymore.
On this point, Chris explains that educating people before it’s too late is key to the future longevity of the crypto space, “As projects, our duty is not only to build but to also educate people in order to be able to better fend for their selves and their assets. One of the biggest lessons of 2022 is “Not your keys, not your crypto” and we cannot repeat this phrase enough times.”
Although security is only sexy when it’s accompanied by images of Tom Cruise climbing the outside of a skyscraper, the reality is that it takes time, patience, and effort. Rushing things may get you to market ahead of the competition but the trade-off is that it may cost your users their assets in the long run. Building in a bear market certainly helps to reduce the pressure a little, but we understand how frustrating security delays can be for our community.
As Chris explains, “It is easier to approach many things including security in a bear market however at Paribus we have been paying attention to security since day one. Bear markets are for building and for taking the time to do things the right way, but security and especially safeguarding user funds is never a step to be overseen or compromised for the sake of delivery at any time.”
This is why we opted to commission a second security audit by Hacken prior to releasing our MVP. We knew this could negatively impact our target date for the release of our MVP but we feel it’s an essential step.
Since the launch of the testnet MVP and bug bounty program, some issues were identified that we were able to patch, however, as Chris says security is always our number one priority. We never forget how fortunate we are to have such strong support from our incredible community and emphasizing security is one important way we can repay that loyalty.
From a security perspective, almost everything can be perceived as a threat when you’ve got hundreds of millions of dollars in the open. The risk-to-reward ratio massively increases and many nation-states, such as North Korea have dedicated teams of hackers constantly trying to exploit any vulnerability they can find.
Each potential threat is known as an attack vector and Chris explains which ones are the hardest to defend against, “This is a tough one as all attack vectors are just that, attack vectors. However, based on my experience attacks via social engineering are probably the hardest to defend against.”
He continues, “This is because you might have all the layers of security on top of your application or smart contract. You have done all the audits and included all the right tools along the way and your product is as secure as possible. None of this matters if a user is tricked to click a link, download a file, share the seed phrase, and so forth. You won’t be able to protect your users and this is hard to make peace with.”
As Wilson, our COO explained on Friday, our MVP is in the very final stages of its second Hacken audit, and while we wanted to release it by the end of January this is now looking impossible. Our rescheduled release date is now set for February. As usual, we’ll keep you updated with developments, and thank you for your continued patience and support.