Web3 Security: Attack Types and Lessons Learned — from a16z.com by Riyaz Faizullabhoy and Matt Gleason


A good deal of web3 security rests on blockchains’ special ability to make commitments and to be resilient to human intervention. But the related feature of finality – where transactions are generally irreversible – makes these software-controlled networks a tempting target for attackers. Indeed, as blockchains – the distributed computer networks that are the foundation of web3 – and their accompanying technologies and applications accrue value, they become increasingly coveted targets for attackers.

Despite web3’s differences from earlier iterations of the internet, we’ve observed commonalities with previous software security trends. In many cases, the biggest problems remain the same as ever. By studying these areas, defenders – whether builders, security teams, or everyday crypto users – can better guard themselves, their projects, and their wallets against would-be thieves. Below we present some common themes and projections based on our experience.