From Hackathon to Hacked: Web3's Security Journey

Presented at Black Hat USA 2022, Aug. 11, 2022, 11:20 a.m. (40 minutes)

If there's one prediction you can make with certainty, it's that security in the Web3/blockchain space will get a whole lot worse before it gets better. We have the perfect cocktail of inexperience mixed with emerging technology playing out in full public view with large sums at stake and the permanence of immutable transactions. The result is predictable. An environment free from constraints can seem like an innovation paradise, but when the stakes are so high, you have to get everything right the first time because there may not be a next time. We tend to forget that what we see from this space are experiments playing out in production, and the time between exploitation and losing millions of dollars worth of value can be measured in seconds. So, how did we get here? Is it all doom and gloom? What can be done?

This talk is a grounded look at the factors contributing to the security failures we've witnessed, free from the hype and hatred associated with the space. We look at the similarities and differences between the development of this new technology and more traditional applications and how some of the attacks manifested. Better testing and tools aren't enough to solve the problem. We discuss actionable steps projects and chains can use today to address these issues and make the ecosystem safer for projects and users.

Presenters:

• Nathan Hamiel - Senior Director of Research, Kudelski Security
  <div><span>Nathan Hamiel is Senior Director of Research at Kudelski Security where he leads the fundamental and applied research team. Part of the Innovation group working to define the future of products and services for the company, his team focuses on privacy, advanced cryptography, emerging technologies, and special projects. He is also responsible for the research function at the company, connecting the dots between the various business units and focusing on collaboration both internal and external to the company. For over 20 years, he has helped customers worldwide solve complex security challenges and accelerate innovation.</span></div><div><span><br></span></div><div><span>Nathan spends his time focusing on emerging and disruptive technologies and their intersection with information security. This research includes new approaches to difficult security problems and the safety, security, and privacy of artificial intelligence. He is a proponent of agility and simplification and their application in solving security challenges. Nathan is a regular public speaker and has presented his research at global security events, including Black Hat, DEF CON, HOPE, ShmooCon, SecTor, ToorCon, and many others. He is also a veteran member of the Black Hat review board, where he serves as the track lead for the AI, ML, and Data Science track.</span></div>

Links:

• https://www.blackhat.com/us-22/briefings/schedule/#from-hackathon-to-hacked-web3s-security-journey-26692

Similar Presentations:

• 31C3 (2014) / The Invisible Committee Returns with "Fuck Off Google": Cybernetics, Anti-Terrorism, and the ongoing case against the Tarnac 10
• AppSec USA 2015 / Security as Code: A New Frontier
• Texas Cyber Summit 2019 / BT-1050 Shining a Light on Shadow IT in the Cloud