Hacked: What's the Next Step for Web3 Companies? - Part 2DeFi Security Expert Explains Short and Long-Term Mitigation for Web3 Firms
Web3 companies are under attack by cybercriminals all year. After a compromise occurs, how should organizations respond? In Part 2 of this interview, Martin Derka of Web3 security firm Quantstamp discusses short-term and long-term mitigation steps and how to defend against cryptocurrency theft.
Victim companies need to be aware of the damage the exploit caused and talk to centralized exchanges to freeze funds in case the attacker uses their platform to off-ramp the stolen money, he said. They must also communicate with the stakeholders about what happened during the hack and how they're mitigating the damage.
"Web3 is a fortunate space. You have a lot of communities actively involved with projects, so usually [hack] analytics come for free," says Derka, head of new initiatives at Quantstamp. Security companies can actively discuss on Telegram and Twitter the vulnerability exploited and trace the funds stolen by following the transactions on the attacker wallet address.
In Part 1 of a two-part interview, Derka describes how threat actors find and exploit vulnerabilities in Web3 systems. In Part 2, he discusses:
- What Web3 companies must do immediately after a hack;
- Why criminals are finding it harder to cash out stolen funds;
- The novel challenges posed by Web3, and how they overlap with Web2 risks.
Derka has years of experience in the development of smart contracts and platforms built on Ethereum, specializing in decentralized finance security and economic manipulations. At Quantstamp, he assists with both securing projects prior to deployment and crisis management in the aftermath of an exploit.