Speaking at the Ethereum Community Conference event, Mudit Gupta, Chief Information Security Officer of Polygon, highlighted the significant disparities between theoretical security and practical security within the blockchain and crypto space. Gupta emphasized that while the industry is making rapid progress in theoretical security, it lags far behind in practical security.
Gupta drew attention to the challenges associated with private or mnemonic keys, which offer enhanced security but also present practical difficulties. He explained that mnemonic keys are more challenging to safeguard compared to passwords because once leaked, they cannot be changed. Losing mnemonic keys has already resulted in the loss of billions of dollars, and Gupta warned that even more funds are at risk due to inadequate security measures.
The executive acknowledged that theoretically, private keys are 100% secure as long as they remain undisclosed. However, he pointed out practical issues that can arise, such as how loved ones would access funds in the event of the key holder’s death. Another concern is the potential compromise of keys. Gupta recognized these as complex problems that require solutions.
Additionally, Gupta shed light on the asymmetric nature of defending against attackers compared to hacking and exploitation. Defenders must cover every possible vulnerability, whereas attackers only need to find one effective breach. This discrepancy makes the work of defenders considerably more challenging, emphasizing the importance of comprehensive security measures.
Despite these obstacles, Gupta stressed the necessity of defending the crypto space from threats. The article concludes by highlighting the need for a robust security framework that addresses practical challenges and ensures the protection of user funds.