Dialogues, Insights

Strategic Insights on Security, Challenges, and Entrepreneurial Opportunities with SlowMist | Disruptors Unplugged

If Web3 is a dark forest shrouded in mist, it harbors hunters lying in wait for a clear shot, security personnel seasoned in reconnaissance, and vigilantes unveiling wrongdoing. SlowMist belongs to the latter two groups.

—Starlabs

Cyber threats in Web3 space have surged in 2024, with 165 security incidents resulting in over $2.3 billion in losses — a 40% increase compared to 2023 ($1.69 billion), partly driven by market factors, according to a report summarizing key security trends in 2024 by Cyvers. Among these, access control-related incidents (67) accounted for 81% of the $2.3 billion loss. Approximately 98 incidents involving smart contract vulnerabilities caused a loss of $456.3 million in total, while 1 address poisoning led to losses exceeding $68 million. 

However, compared to 2022 ($3.78 billion), losses from security incidents in 2024 decreased by $1.48 billion (a 40% drop), with $1.3 billion of stolen funds recovered.

At Starlabs, we’ve always regarded security as a critical pillar for the Web3 industry. Over the past few years, through forums, conferences, articles, interviews, and business consulting, etc., we’ve worked alongside our partners to explore ways to further strengthen user security and privacy in the Web3 space. In this edition of Disruptors Unplugged, we’re honored to have SlowMist with us, a globally renowned security platform, to delve into the current state of security in Web3 and what lies ahead for the industry.

If Web3 is a dark forest veiled in mist, it conceals hunters lying in wait for the perfect shot, seasoned security experts skilled in reconnaissance, and vigilant crusaders uncovering wrongdoing. SlowMist stands firmly with the latter two.

Founded in January 2018, SlowMist is a blockchain security company specializing in providing tailored end-to-end security solutions, from threat discovery to threat defense. It has served numerous top-tier and renowned projects worldwide, evolving into a leading international blockchain security firm with thousands of commercial clients across more than a dozen countries. SlowMist’s offerings include security audits, threat intelligence (BTI), and defensive deployments, complemented by SaaS-based security products like cryptocurrency anti-money laundering (AML) tools, fake recharge vulnerability scanners, security monitoring (MistEye), hacked archives (SlowMist Hacked), and smart contract firewalls (FireWall.X). The company has independently discovered and disclosed multiple high-risk blockchain vulnerabilities, earning widespread recognition in the industry.

Key Takeaways:

  • Smart contract vulnerabilities, private key leaks, social engineering attacks, and supply chain attacks are the most common and severe consistent threats to the Web3 ecosystem. 
  • Security is a dynamic process. While third-party security audits can guide projects toward implementing security practices in the short term, they cannot guarantee long-term operational stability. Therefore, building and refining an internal security system is crucial.
  • MistTrack has amassed over 300 million address labels, over 1,000+ address entities, 500,000+ threat intelligence records, and 90 million+ risky addresses. These resources significantly enhance the protection of digital assets and the fight against money laundering. 
  • The explosive growth of Web3 has introduced a multitude of new projects and users, yet the prevalence of security incidents underscores a growing demand for professional security services. Additionally, a growing number of projects are emphasizing the integration of security and compliance, providing a valuable entry point for specialized security service providers.

On the Web3 Industry

Starlabs: What do you  identify as the most serious security threats in the current Web3 ecosystem?

SlowMist: In the current Web3 landscape, we believe the following threats are the most common and severe, continually challenging the industry:

First, smart contract vulnerabilities are a widely recognized issue. Given the immutability of smart contracts, any exploited vulnerability can lead to irreversible losses, which is the root cause of most attacks. Common issues include improper permissions management, integer overflow, and logical errors.

Second, private key leaks are a major reason for asset theft. Whether it’s users or project teams, negligence in private key management (e.g., improper storage or compromised devices). The security of private keys directly determines control over assets.

Third, social engineering attacks like phishing, account takeovers, and identity spoofing are frequent attack vectors. The lack of security awareness among some users and project teams often serves as an entry point for attackers.

Besides, recent supply chain attacks highlight the growing significance of supply chain security in Web3. Vulnerabilities in the software supply chain—including development tools, third-party libraries, cloud services, and update processes—can have devastating consequences. Malicious elements inserted at any stage may enable attackers to steal crypto assets, obtain sensitive user information, disrupt system functionality, conduct ransomware operations, or spread malware extensively.

Starlabs: With the high frequency of attacks in the Web3 space, what can projects — especially startups — do beyond collaborating with third-party security providers like SlowMist? Any advice?

SlowMist: Web3 projects face a wide variety of attack methods, and the increasing complexity of interactions between projects often introduces new security risks. Many Web3 development teams lack hands-on experience in offensive and defensive security. During development, teams tend to focus more on business logic and functionality while neglecting security systems.

Without a robust security framework, it’s difficult to ensure security throughout a Web3 project’s lifecycle. Most projects hire professional blockchain security teams for code audits. While audits help enforce short-term security practices, they don’t establish a sustainable security framework.

To address this, we’ve open-sourced the Web3 Project Security Practice Requirement (https://github.com/slowmist/Web3-Project-Security-Practice-Requirement) to help teams acquire essential Web3 security skills. Projects can use these guidelines to build and improve their security systems, ensuring security capabilities even after an audit.

Security is a dynamic management process, and solely relying on third-party audits doesn’t guarantee long-term stability. Teams must develop their own security expertise to better safeguard their projects. Additionally, we recommend that teams:

  • Engage actively with the security community to learn the latest offensive and defensive techniques and share experiences.
  • Collaborate with other projects and experts to enhance ecosystem security collectively.
  • Strengthen internal security training and awareness to elevate the team’s overall security capabilities.

Starlabs: How do security firms stay ahead of increasingly sophisticated attack methods?

SlowMist: Taking SlowMist as an example, we stay vigilant about emerging threats and constantly monitor the latest attack trends. By developing customized vulnerability detection, on-chain analysis, and monitoring tools, we achieve real-time protection and efficient response capabilities.We also have a shared threat intelligence network, collaborating closely with industry partners and project teams to access real-time security intelligence.

Utilizing on-chain data analysis, we trace attackers’ fund flows and help victims recover losses where possible. Besides, case reviews and reverse engineering are necessary. Deep analysis of past security incidents and regular Hacking Time sharing sessions enable us to refine our technical capabilities continuously.

About SlowMist

Starlabs: You are burdened with tremendous work including fund tracking and attack analysis. So how much of it  is client-driven versus community-driven?

SlowMist: Our anti-money laundering (AML) and fund-tracking efforts are driven by two sources: client requests and community service. For community-focused initiatives, we’ve participated in tracking many high-profile public attacks. Even without direct client involvement, we proactively follow up on such incidents, motivated by a responsibility to support the industry’s healthy development.

Beyond exposing hacker activities and analyzing attack techniques, we aim to contribute to the Web3 ecosystem’s security. We also receive numerous assistance requests from victims, including individuals who’ve lost millions. For these cases, we provide free community evaluation services (https://aml.slowmist.com/recovery-funds.html).

For projects, we offer incident response services (https://cn.slowmist.com/service-incident-response.html), help projects to respond effectively in case of emergencies like hacking. We will analyze intrusion paths and post-breach actions, and profile attackers both on-chain and off-chain. Additionally, we will track stolen assets’ flow,  leveraging our blockchain AML system and the InMist threat intelligence network to assist projects effectively to help recover funds where possible.

Starlabs: Blockchain transactions are complex, with intricate links. How does SlowMist efficiently handle massive tracking tasks, and how does your MistTrack tools differ for internal versus public use?

SlowMist: We use MistTrack (https://misttrack.io), which is straightforward, comprehensive, and user-friendly. MistTrack has amassed over 300 million address labels, 1,000+ address entities, 500,000+ threat intelligence records, and 90 million+ risky addresses—resources critical for asset protection and anti-money laundering. Internally, we’ve developed a knowledge base to enhance tracking efficiency.

Starlabs: Should users of MistTrack worry about their privacy? How does SlowMist safeguard client data?

SlowMist: Users don’t need to worry. As a security company, we prioritize privacy protection. Before any engagement, we make sure that users are aware of our privacy policies. We retain only necessary data for completing services, restrict access to authorized personnel, and use strong encryption for data transmission and storage.

Starlabs: SlowMist also offers consortium blockchain security solutions. How does consortium blockchain security differ from public blockchain security?

SlowMist: The security needs of consortium and public blockchains differ significantly due to variations in network architecture, user base, and application scenarios. In terms of access control, for example, consortium blockchains (permissioned chains) restrict participation to authenticated nodes and users. Internal threats like malicious node operations, misconfigured permissions, and data leaks are more common.

Public blockchains, being open networks, face more complex challenges like 51% attacks, smart contract exploits, and cross-chain bridge attacks.Regarding node security, consortium blockchains have fewer nodes maintained by trusted parties, posing higher single-point failure risks. To enhance performance, they often use efficient consensus mechanisms (e.g., PBFT, Raft), sacrificing some decentralization.

Public blockchains, with widespread nodes and higher decentralization, rely on consensus mechanisms like PoW and PoS to resist malicious behavior. In the light of compliance, consortium blockchains often serve enterprise-grade scenarios, requiring adherence to strict legal and regulatory standards. In contrast, public blockchains operate globally, navigating diverse legal and regulatory landscapes while balancing decentralization and efficiency.

To address these distinctions, SlowMist offers tailored security solutions for each type of blockchain.

On Entrepreneurial Opportunities in Security Sector”

Starlabs: Is Web3 security still a blue ocean? What opportunities are there for startups or Web2 security firms entering this field?

SlowMist: The explosive growth of Web3 has introduced numerous new projects and users, alongside frequent security incidents, driving demand for professional security services. Increasing emphasis on security-compliance integration also creates entry points for security firms.

Opportunities include:

  • User-End Security: Addressing phishing attacks, malware, and private key mismanagement.
  • Funds Tracking and Anti-Money Laundering (AML): Managing the complexity and volume of on-chain fund tracking.

At the end of the day, Web3 security is challenging but filled with immense opportunities.

—SlowMist

Starlabs: What do you think about the potential threats that quantum computing poses to cryptography algorithms?

SlowMist: While threats from quantum computing haven’t fully materialized, quantum computing is heavily reliant on the safety of cryptographic algorithms. The industry can adopt technical innovation, international cooperation, and phased strategies to ensure long-term security and resilience.

About Starlabs Consulting

Starlabs Consulting is a premier strategic and marketing consultancy specializing in the Web3 sector, established in 2018. Our mission is to empower visionary companies to navigate complex challenges across marketing, operations, and growth initiatives, enabling them to excel in a competitive market landscape. With our in-depth knowledge of the Web3 industry and extensive global network, Starlabs Consulting has become a trusted partner for leading Web3 exchanges and projects. Our dedicated team of professionals and their profound understanding of client needs have solidified our reputation as an industry leader.

Website: https://www.starlabsconsulting.com/

Top
contact
Our mission is to empower the next generation of change-makers.
Chosen by over 100 global Web3 projects and several leading cryptocurrency exchanges, we are at the forefront of driving transformative success in the digital finance landscape.

GENERAL INQUIRIES
starconsultinginfo@gmail.com

SOCIAL MEDIA