Polygon CISO claims that the lack of sufficient security measures puts billions of crypto in user wallets at risk.
Mudit Gupta, Polygon's Chief Information Security Officer (CISO), recently voiced concerns over the loss and safety of private or mnemonic keys in the crypto industry.
Gupta was speaking at the Ethereum Community Conference in Paris on July 17th, where he made distinctions between the fast-paced developments in theoretical security and the slower progress in practical security in the crypto and blockchain sectors.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
How Do KYC & AML Work in Crypto? (Explained)
In his address, Gupta explained that private keys present more challenges compared to regular passwords. Unlike passwords, private keys can't be altered if leaked, making their safekeeping a more difficult task.
During his speech, Mudit Gupta pointed out:
A mnemonic is just a one-time thing. You have it once. And if you ever make a mistake, if it ever gets leaked, you are done. So, keeping your mnemonic or private key safe is a much, much harder problem.
According to Gupta, the industry has already lost billions of dollars due to individuals losing their mnemonic keys. Additionally, he warned that the lack of sufficient security measures puts billions of crypto in user wallets at risk.
While theoretically, private keys offer full security, Gupta acknowledged the practical challenges associated with it.
If nobody knows your private key, nobody can access your funds. <...> What if you die for some reason? How can your loved ones access your funds? So that’s a tough problem to solve. Then, there is the key rotation problem. What if, for whatever reason, your key is compromised?
Gupta also spoke about the difficulties faced by defenders in the security field. Defenders must cover all potential entry points, whereas attackers only need to find one weak point.
As a defender, you have to cover every single point. If you leave any hole, someone will get in. As an attacker, it’s easier. You just ignore the secure system. You find a way around. You just have to find one way to break in, and that’s it.
Despite these challenges, Gupta expressed the determination of security professionals to protect the crypto space, stating simply, "Someone has to defend."
One instance of such an attack happened recently. On July 2nd, Poly Network lost at least $5 million during an exploit where hackers compromised private keys.
