Lost keys already cost billions, many more at risk
While private or mnemonic keys offer many security benefits, they also present practical challenges, according to Mudit Gupta, chief information security officer at Layer-2 scaling solution Polygon.
Speaking at the Ethereum Community Conference (EthCC) event on July 17, Gupta discussed the differences between theoretical security and practical security in the blockchain and crypto space. Gupta told audiences at EthCC in Paris that the industry is “moving very fast” when it comes to theoretical security. But, Polygon executive believes industry is ‘far behind’ when it comes to practical security.
For example, the administrator explained that private keys are more difficult to secure than passwords because passwords can be changed in the event of a data leak. He explained:
“The mnemonic is a one-time thing. And if you make a mistake, it’s done if it’s exposed. So keeping the mnemonic or private key safe is a much, much harder problem.”
According to Gupta, at least several billion dollars were lost due to the loss of mnemonic keys. The manager underlined how great the risk is due to the lack of adequate security. “Billions of dollars in improperly protected user wallets”Gupta argues.
Besides, Gupta pointed out that private keys are theoretically 100% secure.. “If nobody knows your private key, nobody can access your money”, declared. But the security expert acknowledged that practical problems could arise.
“What if you die for some reason? How can your loved ones access your funds? A difficult problem to solve. There’s also the issue of key rotation. What if for some reason your key is compromised?”explained.
In addition to these problems; The administrator also discussed the challenges of being an advocate in the security world. According to Gupta, forwards have a much easier time than defenders. He declared:
“As a defender you have to control every point. If you leave a gap, someone can get in. As an attacker, that’s easier. You overlook the security system. You find a way around it. You just have to find a way inside and that’s it”.
For this reason, the administrator pointed out that those working in the field of security live a much more difficult life than hackers and malicious people. Gupta underlined that being a defender means covering all bases. Despite all these difficulties, the executive concluded that: “Someone needs to defend”.
Translation of Walter Rizzo