Here is the English translation of the text, with the specified terms preserved and not translated:
According to Cyvers' report summarizing the key security trends in 2024, Web3 network threats have increased sharply this year, with 165 security incidents occurring, resulting in a loss of over $2.3 billion, which is 40% higher than in 2023 ($ 1.69 billion) (due to market factors). Of these, incidents related to access control (67 incidents) accounted for 81% of the $2.3 billion in losses, about 98 smart contract vulnerabilities caused a total loss of $456.3 million, and 1 address poisoning incident caused a loss of over $68 million.However, compared to 2022 ($ 3.78 billion), the losses caused by security incidents in 2024 decreased by $1.48 billion (a 40% decrease), and $1.3 billion in stolen funds were recovered.If Web3 is a dark forest shrouded in mist, there are hunters lurking and waiting to ambush, as well as experienced security personnel and knights who can part the mist and expose the evil. Starlabs Consulting's "Disruptors Unplugged" dialogue this issue features SlowMist, a company that belongs to the latter two categories.
SlowMist is a company focused on blockchain ecosystem security, founded in January 2018. It has provided "integrated security solutions from threat discovery to threat defense" to many leading or well-known projects globally, and has developed into a leading blockchain security company with thousands of commercial clients from more than a dozen countries and regions. Its security solutions include security audits, threat intelligence (BTI), defense deployment, and SaaS security products such as cryptocurrency anti-money laundering (AML), fake recharge vulnerability scanning, security monitoring (MistEye), hacked asset database (SlowMist Hacked), and smart contract firewall (FireWall.X). SlowMist has independently discovered and published numerous common high-risk blockchain security vulnerabilities, gaining widespread attention and recognition in the industry.The following is an excerpt from the "Disruptors Unplugged" dialogue this issue.Key points of this article:- Smart contract vulnerabilities, private key leaks, social engineering attacks, and supply chain attacks are currently common and severe security threats in the Web3 ecosystem, posing ongoing challenges to the industry.
- Security is a dynamic management process. Third-party security audits can guide project teams to implement security practices in the short term, but cannot truly ensure the long-term security and stability of the project. Therefore, establishing and improving one's own security system is crucial.
- MistTrack has currently accumulated over 300 million address tags, more than 1,000 address entities, 500,000+ threat intelligence data, and 90 million+ risk addresses, which provide strong protection for the security of digital assets and the fight against money laundering crimes.
- The explosive growth of Web3 has brought a large number of new projects and users, but security incidents are frequent, and the market's demand for professional security services continues to increase. At the same time, more and more projects are beginning to focus on the integration of security and compliance, which also provides an entry point for professional security service companies.
About the Web3 industry
🌃 Starlabs Consulting: What are the most serious security threats in the current Web3 ecosystem, according to Slowmist?Slowmist: In the current Web3 ecosystem, we believe the following types of security threats are relatively common and have a higher degree of severity, posing ongoing challenges to the industry.First, smart contract vulnerabilities are a widely concerned issue. Due to the immutability of smart contracts, if vulnerabilities are maliciously exploited, it may lead to irreversible losses, which is the root cause of most attack incidents. Common smart contract issues include improper permission management, integer overflow, and logical errors.Secondly, private key leakage is also a major security risk. Whether for users or project parties, negligence in private key management (such as improper private key storage or device attacks) is an important reason for asset theft, as the security of private keys is directly related to the control of assets.In addition, social engineering attacks (such as phishing attacks, account theft, impersonation, etc.) are also relatively common malicious methods. Due to the lack of security awareness of some users and project teams, they often become the entry point for attackers to breach the defenses.Finally, there have been multiple incidents of supply chain attacks recently, so we believe supply chain security is also gradually becoming an important security issue in the Web3 industry. Supply chain security vulnerabilities can have serious consequences, as malware and code may be planted at various stages of the software supply chain, including development tools, third-party libraries, cloud services, and update processes. Once these malicious elements are successfully injected, attackers can use them to steal crypto assets, obtain user sensitive information, disrupt system functions, conduct ransomware, or widely spread malware.🌃 Starlabs Consulting: Faced with the high incidence of attack incidents in the Web3 field, what can projects (especially start-up projects) do in their daily defense, in addition to collaborating with third-party security service providers like Slowmist? Please give them some suggestions.Slowmist: Currently, the attack methods faced by Web3 projects are diverse, and the interactions between projects are becoming increasingly complex, often introducing new security vulnerabilities. The R&D teams of many Web3 projects generally lack first-hand security attack and defense experience. During the project development process, teams usually focus more on the overall business case and the implementation of business functions, while neglecting the construction of a security system. Therefore, without a well-established security system, it is difficult to ensure the security of Web3 projects throughout their entire life cycle.To ensure security, project parties often hire professional blockchain security teams to conduct code audits. Security audits can guide project parties to implement security practice requirements in the short term, but they cannot help project parties establish their own security system. Slowmist Security Team has also open-sourced the "Web3 Project Security Practice Requirement" (https://github.com/slowmist/Web3-Project-Security-Practice-Requirement) to continuously help project teams in the blockchain ecosystem master the security skills of Web3 projects. We hope that project teams can establish and improve their own security systems based on these requirements, and maintain a certain security capability even after the audit, interested parties can search and read.We always believe that security is a dynamic management process, relying solely on short-term audits by third-party security teams cannot truly ensure the long-term safe and stable operation of the project. Therefore, establishing and improving the security system of Web3 projects is crucial, and the project team itself must have certain security capabilities to better ensure the security and stable operation of the project. In addition, we also recommend that project teams actively participate in the security community, learn the latest security attack and defense technologies and experiences, and exchange and cooperate with other project teams and security experts to jointly improve the security of the entire ecosystem. At the same time, strengthening internal security training and knowledge popularization, and improving employees' security awareness and capabilities, are also key steps in establishing a complete security system.🌃 Starlabs Consulting: Faced with the constantly evolving attack methods, how can security companies keep up with the "magic high one foot, Tao high one zhang"?Slowmist:Taking Slowmist's current response methods as an example. First, we must always maintain sensitivity to new threats, continuously monitor the latest attack dynamics, and achieve real-time protection and more efficient response capabilities through the development of customized vulnerability detection, on-chain analysis, and monitoring tools.Secondly, we have a threat intelligence sharing network. Through close cooperation with industry partners and project parties, we can obtain the latest security intelligence in a timely manner, and at the same time, use on-chain data analysis technology to track the flow of attackers' funds, helping victims recover losses as much as possible.In addition, reverse engineering and case review are also indispensable parts. Through in-depth review of past security incidents and regular Hacking Time sharing, we continuously improve our own technical capabilities.About Slowmist
🌃 Starlabs Consulting: You do so much work every day, investigating hacker addresses, analyzing chains, and tracking fund movements. What proportion of this work is commissioned and what proportion is for public welfare?Slowmist: Slowmist's anti-money laundering and fund tracking business comes mainly from two sources: client commissions and public welfare services.In terms of public welfare services, we have participated in tracking many major public attack incidents. Whether the project party has actively contacted us or not, we will follow up immediately. This part of the work is mainly driven by our sense of responsibility for the healthy development of the industry. By promptly exposing hacker behavior and analyzing attack methods, we hope to contribute to the security of the entire Web3 ecosystem. In addition, Slowmist receives a large number of victim assistance requests every day, including many large-scale victims who have lost tens of millions of dollars, requesting our fund tracking and loss recovery services. For these cases, we provide free community assistance services for case evaluation and recovery (https://aml.slowmist.com/recovery-funds.html).On the other hand, Slowmist also provides specialized emergency response services (https://cn.slowmist.com/service-incident-response.html) for Web3 projects. This service helps project parties quickly and effectively respond to risks when they encounter hacker attacks and other emergencies. We will analyze the attacker's invasion path and post-invasion behavior in detail, and construct a chain-on-chain profile of the attacker. At the same time, we will also track the flow of stolen assets. This service includes the entire process from on-chain and off-chain intrusion analysis to fund tracking and tracing, helping project parties review security incidents and, based on Slowmist's blockchain anti-money laundering system (AML) and the InMist threat intelligence network, try to help project parties recover financial losses as much as possible.🌃 Starlabs Consulting: Blockchain transaction records are complex and intricate, and even ordinary users find it difficult to analyze a single transaction. With the massive amount of tracking work you face every day, do you have more efficient analysis tools and databases? How do the internal tracking and analysis tools you use differ from the MistTrack tool for end users?Slowmist: In fact, we also use MistTrack (https://misttrack.io), as it is simple and easy to use, and the data is comprehensive. MistTrack has currently accumulated more than 300 million address tags, more than 1,000 address entities, over 500,000 threat intelligence data, and over 90 million risk addresses, which provide strong protection for ensuring the security of digital assets and combating money laundering crimes. The difference is that our team has established an internal knowledge base to ensure the efficiency of our tracking work.🌃 Starlabs Consulting: When users use Slowmist's MistTrack tracking service, do they need to worry about personal privacy? How do you protect client personal information?Slowmist: You don't need to worry about that. As a security company, Slowmist attaches great importance to privacy protection and will inform users of our privacy policy before cooperation. We try to only retain the data necessary to complete the service, and also strictly limit access permissions to ensure that only authorized personnel can access the relevant information. All user data is encrypted during transmission and storage.🌃 Starlabs Consulting: We noticed that Slowmist also provides blockchain security solutions for consortium chains. What are the main differences between consortium chain security and public chain security?Slowmist: Consortium chains and public chains have significant differences in security requirements, which are mainly reflected in the differences in network architecture, user groups, and application scenarios. For example, in terms of access control, consortium chains are usually permissioned chains, where only authenticated nodes and users can join. Consortium chains face more threats from within, such as malicious node operations, improper permission configurations, and data leaks. Public chains, on the other hand, are open networks, and public chains face more complex and diverse security challenges, including 51% attacks, smart contract vulnerabilities, and cross-chain bridge attacks.In terms of node security, consortium chains have fewer nodes, usually maintained by a few trusted parties, with a higher trust base, but also a higher risk of single point of failure. To improve performance, consortium chains often adopt more efficient consensus mechanisms (such as PBFT, Raft), sacrificing some decentralization. In contrast, public chains have a wider distribution of nodes and a higher degree of decentralization, so they rely more on consensus mechanisms to resist the behavior of malicious nodes. Public chains usually adopt consensus mechanisms with a higher degree of decentralization but lower performance (such as PoW, PoS) to enhance censorship resistance and the openness of the system.In terms of compliance requirements, consortium chains are typically used in enterprise scenarios, so they need to meet strict legal and regulatory requirements. When designing security solutions, the needs of auditing and supervision must be fully considered. In contrast, the operation of public chains is more globalized, facing the challenges of cross-national laws and regulations, and their security design needs to balance decentralization and efficiency.Based on the characteristics of these two types of chains, Slowmist provides differentiated security solutions to address their respective security challenges.About the Security Industry
🌃 Starlabs Consulting: Is the Web3 security track still a blue ocean? If a startup wants to enter this track, or if a Web2 security company wants to expand into Web3 security business, which sub-sectors do you think have more opportunities?Slowmist: The explosive growth of Web3 has brought a large number of new projects and users, but security incidents are frequent, and the market's demand for professional security services continues to increase. At the same time, more and more projects are beginning to attach importance to the combination of security and compliance, which also provides an entry point for professional security service companies. For example, ordinary users often suffer asset losses due to phishing attacks, malware, and improper key management, so user-side security can be considered; and the complexity and huge workload of on-chain fund tracking, as well as the increasing demand for anti-money laundering, can also be developed in the direction of fund tracking and anti-money laundering (AML). In general, the Web3 security track is full of challenges, but also contains huge opportunities.🌃 Starlabs Consulting: How do you assess the potential threat of quantum computing technology to existing encryption algorithms, and what strategies can the encryption field adopt in the future?Slowmist: The threat of quantum computing has not yet fully emerged, but in the Web3 and blockchain fields, quantum computing technology is highly dependent on the security of encryption algorithms. The encryption field can ensure the long-term security and stability of the ecosystem through technological innovation, international cooperation, and phased implementation strategies.
