_Follow along with this video_ --- ## The Current State of Web3 Security: A Crucial Call to Action! The current state of Web3 security is pretty objectively terrible. Let's look at where we're at and what needs to be done to improve security in the industry. ### A Shocking Reality: Billions Lost in Hacks - **Billion-Dollar Troubles:** Did you know in 2022 alone, a jaw-dropping $3.1 billion was stolen in crypto hacks? And 2023 isn't looking much better. It's a call to arms for all of us in the Web3 space! - **DeFi's Dilemma:** Imagine this - about 7% of DeFi's total value is getting swiped by hackers. That's like saying, "Hey, deposit your money here, but there's a scary chance it might vanish!" ### Attack Patterns: The Usual Suspects **Top Threats:** - Price oracle manipulation - reward manipulation - stolen private keys These represent only a few of the common attack vectors we see lately. Some vulnerabilities have been around for years and _still_ people are making these mistakes - I'm looking at you _reentrancy_. There's a clear lack of best practices and we need to push back! There's an amazing newsletter, every serious security researcher should sign up for called [Block Threat Intelligence](https://newsletter.blockthreat.io/) by Peter Kacherginsky. Just recently (as of October, 2023), we've seen multi-million dollar hacks, just in the last couple months. ### The Big Picture: How do we move forward? - **Mainstream Hesitation:** With all these risks, no wonder big financial players are tiptoeing around Web3. It's incumbent upon us to make this space safer for mainstream adoption. How do we do accomplish this? - **Reducing the Risk:** It's simple - fewer hacks, more trust. More security focused education, fewer hacks. ### The Bright Side: The future of Web3 Security Security in Web3 is improving every day. 1. More and more people are moving into the security space in Web3. More auditors, more experts, more...safe! 2. Education is improving in Web3 Security and Web3 as a whole. People are more informed of best practices and what to watch out for 3. Tooling is improving - with AI and constantly developments in static analysis and vulnerability aggregation - we've never been more equipped to improve security in the space. [Solodit](https://solodit.xyz/) in particular is a tool we'll come back to again and again in this course. **Protocols Playing It Safe:** More and more Web3 protocols are investing in security. They're auditing their code, they're opening bug bounties for post deployment coverage, they're finally realizing that spending $1 Million on security now, is worth saving $100 Million in being hacked. We also have an increase of pre-deployment experts like: - Cyfrin - Trail of Bits - OpenZeppelin Competitive audit platforms ([CodeHawks](https://www.codehawks.com/)), independent security researchers like ([Pashov](https://twitter.com/pashovkrum)) and a greater security focus all come together to make me optimistic about the future of Web3 Security. ### Yet, There's More to Do: Our Collective Mission - **Centralized Technology** is a big problem. Private keys being compromised, or offchain centralizing are regular vulnerabilities seen in the space. - **Lack of Post Deployment Practices** is something we'll cover later in the course. But needless to say, active monitoring practices and emergency triage in Web3 leave much to be desired. Few even leverage bug bounties to incentivize ongoing security on their protocol post launch. - **Not Following Best Practices** - **A Disconnect** seems to exist between the industry and security professionals. Audit(security review) != 100% Safe. If no one is reading the security reports, no one is any safer. ### Wrapping Up: Your Role in Shaping Web3's Destiny This isn't just a course. It's a mission. Together, we can transform Web3 into a fortress of trust and innovation. Keep going for some exercises to sharpen your skills.