Exclusive Q&A with CertiK’s Prof. Ronghui Gu | Airdrop Alert Pro

Web3 has been a year of progress and danger in 2024. Despite regulatory breakthroughs, such as the U.S. approval of Bitcoin and Ethereum Exchange Fund (ETFS) signaling mainstream acceptance, the industry has been hacked and scamput billions of dollars in danger.

To unravel the scale of these threats, we spoke with Professor Ronghui Gu, co-founder of Certik, Certik’s company’s latest Hack3d: Web3 Safety The 2024 Report shows that in 760 on-chain events, losses were US$2.36 billion, an increase of 31.61% over last year. With nearly half of the losses caused by phishing attacks alone, these findings underscore the urgent need for stronger security measures across the ecosystem.

Beincrypto: What are the key factors behind Ethereum’s high number of target attacks?

Professor March: Ethereum’s status as the most popular EVM chain reflects its success, but it is also a major goal of leverage, given the projects and users running on the network.

Furthermore, its open and synthetic ecosystem allows developers to build on existing protocols to inadvertently introduce vulnerabilities through interconnect dependencies while facilitating innovation. New projects often add these risks further by experimental or untested code deployment.

Beincrypto: How does the industry cope with the rise of phishing attacks that cost nearly 50% in 2024?

Professor March: Education, technological innovation and collaboration are key to addressing the growing threat of phishing attacks. Educating users to identify red flags (such as suspicious links, unsolicited communications and fake websites) is essential for prevention. Clear, continuous communication about these risks gives individuals the ability to protect themselves.

In terms of technology, integrated advanced detection systems such as AI-driven threat monitoring and real-time alerts can help organizations preempt attacks. The collaboration of sharing threat intelligence and best practices across the industry further enhances defense capabilities.

Beincrypto: Which one defi The protocol is the most vulnerable, what steps can they take to enhance security?

Professor March: In 2024, we observe an increase in private key compromise and phishing events across the ecosystem. This represents a general shift from contractual vulnerability to human vulnerability, which is often considered the weakest link in such a system.

Protocols can take two biggest steps to ensure they stay secure, which is to securely store private keys and implement powerful procedures to ensure employees themselves are not targeting.

Beincrypto: How effective are efforts to solve the frequent problems of smart contract utilization?

Professor March: Overall, the losses caused by code vulnerabilities have dropped year-on-year since 2022, indicating that smart contracts have become more secure. Beyond that, we have seen a shift to private key compromise and phishing, which may be due to the difficulty most users find code vulnerabilities, except for high-skilled bug hunters.

Beincrypto: Will Bitcoin and Ethereum ETF approval expose the ecosystem to new threats?

Professor March: These products bridge traditional finance and cryptocurrencies, potentially exposing the ecosystem to threats such as regulatory arbitrage, insider trading, and scrutiny of bad actors at investors and institutions involved in these products.

Cybersecurity threats, such as attacks on managed services or ETF infrastructure, are a major issue. Protecting these assets requires strong security protocols, including refrigeration solutions and real-time monitoring.

In addition, transparency in ETF operations and working with regulators can help mitigate risks. While Bitcoin and Ethereum ETFs are positive steps in mainstream adoption, ensuring security and trust in these products is critical to their long-term success.

Beincrypto: What role does user education play in mitigating private key compromise?

Many events are due to a lack of understanding of security practices, such as protecting keys and understanding social engineering strategies. Providing users with knowledge about secure storage methods, including hardware wallets and encrypted backups, can help minimize exposure.

In addition, training users to identify phishing schemes, avoid sharing sensitive information and use multi-factor authentication can further enhance the overall security posture.

Beincrypto: How blockchain developers address growing research on hacking strategies?

Professor March: Many developers are integrating advanced encryption methods, increasing consensus mechanisms and conducting rigorous security audits. The formal verification process helps ensure that smart contract codes are free of vulnerabilities, while AI and AI and Machine learning Tools monitor the network in real time to detect and neutralize exceptions.

Beincrypto: What lessons can the Web3 industry learn from the biggest attacks of 2024 to shape the security framework for the future?

Professor March: Overall, we expect regulations such as institutions and governments from European Mica, improved security measures, and broader educational efforts to help mitigate risks associated with hackers and scams. However, as technology advances, so will the strategies adopted by bad actors.

The industry must stay ahead by fostering collaboration among developers, regulators and security professionals. With continued efforts, encryption-related losses may decrease over time, but vigilance remains crucial.

Certik’s Hack3D: Web3 Security Report 2024 provides in-depth research to understand the biggest risks facing ecosystems, as well as key points to help projects and users stay ahead of emerging threats. To gain insight into trends, attack vectors and solutions to shape Web3 security, read the full report hereEssence