Session:

Security and Privacy in Web3

Session: Security and Privacy in Web3
Session Objectives
• Understand the importance of security and privacy in the Web3 ecosystem.
• Explore different types of wallets and their security features.
• Learn best practices for securing digital assets.
• Identify common Web3 exploits and risks associated with decentralized applications.
• Examine privacy-enhancing solutions such as Zero-Knowledge Proofs and
privacy-focused cryptocurrencies.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 2
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Agenda
1. Wallet Types
2. Web3 Exploits and Risks
3. Privacy Solutions in Web3
4. Conclusions
5. Further Reading

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 3
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3

1. Wallet Types
Session: Security and Privacy in Web3
Wallet addresses
“Like email addresses, Bitcoin addresses can be
shared with other Bitcoin users who can use
them to send bitcoins directly to your wallet.
Unlike email addresses, you can create new
addresses as often as you like, all of which will
direct funds to your wallet. A wallet is simply a
collection of addresses and the keys that unlock
the funds within. There is practically no limit to
the number of addresses a user can create.”

Antonopoulos, A. M., "Mastering Bitcoin Second

Edition: Programming the Open Blockchain"
(2018), Source: https://aantonop.com/about/
https://github.com/bitcoinbook/bitcoinbook

Session: This work is released under a Creative Commons Attribution 4.0

International (CC BY 4.0) License © University of Nicosia, 5
Security and Privacy in Web3 Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Exploring key wallet types
You may choose a wallet based on what best Wallets and clients can be chosen based on a
suits your needs. In this session, we will number of criteria:
explore various types of wallets and clients:
• How much crypto is being used / stored
• IT proficiency (beginner vs. expert)
1. Web
• Type of device
2. Desktop
• Occasional use vs. everyday use
3. Mobile
• Security and privacy concerns
4. Hardware
• Type and complexity of transactions
5. Paper

Find the wallet that’s right for you:

• Bitcoin Wallets
• Ethereum Wallets

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 6
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Browser-based (web) wallets
After exchanges, web wallets are the least secure choice:
• Web wallets often store your private key for you on their servers
• They can be used through a mobile application or browser on your personal computer

Web Wallets Pros & Cons:

✓ Convenient access from any device
✓ Third party handles the responsibility for managing funds

✗ You are trusting a company to secure your private key and protect your funds from theft or hacking
✗ Third-party access increases vulnerability to attacks
✗ High risk of phishing attacks, as users can be redirected to fake websites that capture login details

Note: Although you hold the seed phrase, the security of your funds depends on the web wallet provider’s
software security.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 7
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Popular browser-based (web) wallets

MyEtherWallet (MEW) Blockchain.com Wallet Coinbase Wallet

(Web Version)

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 8
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Browser extension wallets
More Secure Than Web Wallets, but Still Risky:
• Browser extension wallets differ from web wallets by storing the private key locally, on your computer.
• They are accessed directly from the browser as an extension, which may offer a more controlled
environment than web wallets.

Web Wallets Pros & Cons:

✓ Private keys are stored locally, reducing reliance on a third party for security
✓ More secure than web wallets since they are less susceptible to phishing attacks and are not fully
server-based

✗ Still vulnerable to browser-based attacks, like malware or malicious extensions

✗ Extensions can be impersonated, leading to potential phishing risks
✗ Security depends on the browser’s overall security and how well the extension itself is maintained

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 9
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Popular browser extension wallets

Metamask Coinbase Wallet Trust Wallet

(Extension)

Phantom Wallet Rabby Wallet

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 10
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Desktop wallets – Lightweight
Desktop wallets can be lightweight (such as Electrum, see next page):
• Only a small portion of the blockchain (headers of blocks) is downloaded
• The client relies on other full nodes to verify transactions, and will only receive transactions that are relevant to its
wallet.

Lightweight Wallets Pros & Cons:

✓ Some of the advantages of a desktop wallet without the hassle of running a full node
✓ Less hard disk space and less bandwidth compared to a full node
✓ Private keys are stored locally on your computer, meaning that you retain complete control
✓ Some can manage a wide range of coins and tokens

✗ Cannot verify transactions as it does not store a full copy of the blockchain. You must trust third-party servers
to access and receive information about the Bitcoin network. A malicious third party might spy your
transactions
✗ General-purpose computers are vulnerable to malware malfunctions and are attractive targets for thieves

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 11
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Lightweight Client - Electrum
Electrum has the following characteristics:
• Available on Windows, MacOS, Linux and Android under the MIT license.
• It makes performing Bitcoin transactions quick and simple.
• It supports cold storage and multisig features.

In addition, Electrum is easy to install:

• Go to https://electrum.org/#download
• Download the appropriate installer. (Optional: you can verify the PGP signature: to check that the
software packages you downloaded are authentic and were not maliciously modified in transit.)
• Run the installer
• Run the Electrum client

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 12
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Popular desktop wallets (lightweight)

Exodus Electrum

Atomic Wallet Guarda Wallet

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 13
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Desktop wallets – Full Nodes
Desktop Wallet Features:
• Software downloaded and installed on a PC or laptop.
• The Bitcoin Core desktop full client comes with a bitcoin wallet.

Full Node Wallets Pros & Cons:

✓ Contributing to the maintenance of the decentralized Bitcoin network
✓ Full control and protection, especially if private keys are encrypted with strong passphrases and regularly
backed up
✓ Harder to target each individual user's computer than to compromise custodial services storing the funds of
thousands or millions of users.

✗ General-purpose computers are vulnerable to malware, malfunctions, and are attractive for thieves.
✗ It may take days to download and synchronize, with noticeable bandwidth and disk space requirements.
✗ Often have advanced features and functionality that are confusing for beginners.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 14
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Mobile wallets
Installed on a mobile device (examples: Copay, BRD for iOS and Mycelium, Coinomi for Android) –
usually operate as a lightweight client or a web client.

Mobile Wallets Pros & Cons:

✓ Portable, easy and comfortable - The smartphone’s camera scans QR codes of receivers / merchants
✓ Good for day-to-day transactions
✓ If your mobile device is lost or stolen, the funds are not gone as long as you have made a proper
backup. Most mobile wallets require making backups upon setup (usually a 12-word mnemonic
phrase).

✗ Harder to run with / as a full client (though many wallets have been adding support for this recently).
✗ When in the presence of others or cameras, take care that your PINs and other sensitive wallet info is
not visible.
✗ Take care to secure your mobile device and accounts against popular attacks such as SIM-swaps.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 15
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Hardware wallets
Hardware wallets are special-purpose devices.

Hardware Wallets Pros & Cons:

✓ Security through isolation (less complex than a general purpose computer, therefore less vulnerable to
common attacks)
✓ Private keys generated and stored locally, controlled by the user
✓ PIN protection for accessing the keys and sending transactions in wallet interface
✓ Backups are required by most of these wallets during the setup process; recorded on paper or metal
(usually as a 12 to 24 word mnemonic phrase)

✗ Expensive
✗ Less convenient than mobile wallets for day-to-day transactions
✗ Do not lose both the device and the backup mnemonic phrase
✗ Beware buying from third-party resellers rather than the manufacturer

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 16
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Popular hardware wallets

Ledger Trezor SafePal

COLDCARD BitBox

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 17
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Cold storage (1/2)
• Keeping your private keys offline is arguably one the best ways to protect them.

• This can happen in a number of ways, depending on whether the medium of key storage can be connected
to the internet or other devices.

• Cold storage refers to using an offline medium for storing bitcoin private keys, i.e. a device that is not
connected to the internet, at least most of the time. This method is more common for the long-term storage
of large sums that do not need to be accessed or used regularly. Today the most popular medium for this is
hardware wallets.

• “Deep” cold storage refers to a method of cold storage where private keys are generated entirely offline,
sign transactions offline, and are stored on a device that is not / has never been connected to the internet. A
device which has been modified to remove networking features and used under various isolation
techniques is known as “airgapped.”

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 18
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Cold storage (2/2)

On a USB drive or other data storage medium

On a paper wallet

On a bearer item, such as a bitcoin

Online on encrypted media, where the

encryption key is stored offline

On an offline Bitcoin hardware wallet

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 19
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Paper wallets (1/2)
“A paper wallet is a mechanism for storing bitcoins offline as a physical document or object that
can be secured. Paper wallets are generally created by printing a brand-new public address and
private key onto paper, and then sending bitcoins from a 'live' wallet to the printed wallet's public
address for safekeeping.”
– from the Bitcoin Wiki

A “paper wallet” consists of two components:

• The public address, which can be shared with anyone who wants to send bitcoin to you.
• The private key, which you need in order to spend the bitcoin.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 20
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Paper wallets (2/2)
Documents that contain pairs of public and private keys. Must be stored on a safe place.
Recommended to make at least two copies. Always generate paper wallets offline!

Paper Wallets Pros & Cons:

✓ Protection from cyber-attacks or hardware failures.
✓ Can be generated offline.
✓ Ideal for long-term storage of funds and gifts

✗ Loss, theft, destruction (water, fire)

✗ Must be imported to software at some time, unlike hardware wallets

Paper wallets are no longer recommended!

Many paper wallet generators have been compromised and
they are difficult to use properly.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 21
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Hierarchical Deterministic (HD) wallets (1/2)
• Based on BIP 32, HD wallets generate a hierarchical tree-like structure of keys from a single
master seed.
• When you restore an HD wallet using the seed, the wallet can derive all "child" private keys
and addresses.
• Since this mechanism allows many receiving addresses to be generated, it reduces address
reuse and therefore enhances privacy.
• Examples of HD wallets include Coinomi, Mycelium, Electrum, and all the hardware wallets.

• Read more about HD Wallets: https://coinsutra.com/hd-wallets-deterministic-wallet/

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 22
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Hierarchical Deterministic (HD) wallets (2/2)

Source: https://coinsutra.com/hd-wallets-deterministic-wallet/

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 23
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Custodial vs Non-Custodial wallets
Custodial Wallets: Non-Custodial Wallets:
• Wallets where a third party, such as an • Wallets where the user controls their private
exchange or service provider, holds and keys and, therefore, has full control over
manages the user's private keys. their funds.
• The third party controls the user's funds, • The user has complete ownership of their
meaning they rely on this service for access funds with no reliance on third parties.
and security.

✓ Greater security since the user controls the

✓ User-friendly, no need for the user to manage private keys.
private keys. ✓ Full ownership and control of assets.
✓ Often includes customer support and recovery
options.
✗ Loss of private keys results in permanent loss
of funds.
✗ Higher security risk (exchange hacks). ✗ Requires more technical knowledge from the
✗ Lack of full control over funds. user.

Source: https://crypto.com/university/custodial-vs-non-custodial-wallets

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 24
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Not your keys, not your crypto…
“A wallet is software that holds all your addresses. Use it to send bitcoins
and manage your keys.”
Antonopoulos, A. M. "Mastering Bitcoin Second Edition: Programming the Open Blockchain”, (2018),
https://github.com/bitcoinbook/bitcoinbook/blob/develop/glossary.asciidoc

● Crypto ownership is established through digital keys and signatures.

● Ideally, keys should be generated locally on the user's desktop, laptop, smartphone, or special-purpose
hardware device. Users can access and manage keys through a variety of wallet software. "Possession
of the key that can sign a transaction is the only prerequisite to spending bitcoin, putting the control
entirely in the hands of each user."
● Keep in mind that if you don’t know who generates your private keys, where they are stored, or if
someone else has them (such as in the case of a custodial exchange), they are not actually yours. The
case of Mt.Gox, which discontinued operations in February 2014, is a well-known example of this
lesson.

Session: This work is released under a Creative Commons Attribution 4.0

International (CC BY 4.0) License © University of Nicosia, 25
Security and Privacy in Web3 Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Secure your wallet, no matter what type it is!
Some ways of securing your wallet include:

• Avoiding (if possible) the use of online services or devices to generate private keys.
• Use different types of wallets for different purposes and amounts. For example, you may use a mobile
wallet for small everyday purchases, whereas your long-term savings are kept on a hardware wallet.
• Create backups of all your wallets and occasionally test recovering them to your device(s). Make sure that
they are stored in a safe and secure place.
• Encrypt your wallet with a passphrase -- even if someone steals your mnemonic seed, they won't be able
to access your coins without the passphrase!
• Do NOT split your mnemonic seed words and store them in different places, as such practices generally
increase the chances of accidental loss. Instead, you can use multisig or the more experimental Shamir's
secret sharing scheme (SSSS).

Finally, in general, make sure to use the most up-to-date versions of software on your
devices. Otherwise you may miss important security patches!

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 26
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3

2. Web3 Exploits and Risks

Session: Security and Privacy in Web3
Contrast between CeFi and DeFi
• In centralized finance, the code that runs • In DeFi, the code is open source and visible to
financial services (e.g., banking systems) is everyone. This openness is a strength for
closed and secure behind firewalls, making it transparency but also makes DeFi more
difficult for malicious actors to find susceptible to exploitation because adversaries
vulnerabilities. can examine the code for weaknesses.

Source: https://appinventiv.com/blog/defi-vs-cefi/

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 28
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
DeFi risks (1/3)
As promising as the DeFi technology is, like with anything else, there are risks involved.
In the next few slides, we cover some DeFi-specific risks.

• Market Risk
• Token prices can be highly volatile

• Technology Risk
• Transactions cannot be processed due to capacity limits of underlying blockchain
• Smart contract failures
• Inaccurate oracle information or delayed oracle updates

• Liquidity Risk
• Inability to obtain sufficient tokens in time or at a reasonable cost.
• A major source of DeFi’s liquidity risk is that collateralized tokens lock up liquidity.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 29
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
DeFi risks (2/3)
• Governance risk • Consensus risk
• Many DeFi protocols have ended up being • DeFi is blockchain-based, so it inherits most, if
quasi-centralized, hence many of the theoretical not all, of the risks of blockchains, e.g.
advantages of DeFi are not true in these vulnerability to 51% and/or Sybil attacks.
implementations.
• Key management is also a real vulnerability for • Further, if economic incentives are incorrectly
DeFi protocols. If key holders lose control of their aligned, validators/miners can collude and
keys, they lose access and effectively ownership, manipulate block formation and transaction
of their tokens. To address this vulnerability, histories. Miners/validators can also extract value
multi-signature key approaches have been by frontrunning users and/or selectively
developed, placing user deposits in custody of reordering transactions.
consortiums. However, placing admin keys in
multisig key arrangements enable discretionary
and opaque control of user funds, which could be • Protocol Risk
exploited.
• DeFi in general may be promising, but individual
projects (protocols) may prove to be far from so.
This is a field still at an embryonic stage of
development and significant caution should be
exercised when exposed to specific protocols.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 30
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
DeFi risks (3/3)
• Rug pulls are a new type of exit scam where DeFi developers create a new token, pair it to a
leading cryptocurrency such as tether or ether and set up a liquidity pool.
• They then market the newly created token and encourage people to deposit into the pool, often
promising extremely high yields.
• Once the pool has a substantial amount of the leading cryptocurrency in it, the DeFi developers then
use back doors intentionally coded into the token’s smart contract to mint millions of new coins that they
use to sell for the popular cryptocurrency.
• This completely drains the popular cryptocurrency from the pool and leaves millions of worthless coins
in it.
• The founders then disappear without a trace.

• Other software risks include Distributed Denial of Service or DDoS attacks, injection,
uncontrolled format strings, and buffer overflow attacks against DeFi platforms.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 31
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Smart contract risk
• Smart contracts are the foundational component of DeFi.
• DeFi relies heavily on smart contracts, with billions of dollars in assets locked in them.

• Poorly designed smart contracts can expose significant risks due to their widespread use in
lending, trading, and staking protocols.
• Even a small error in the code can lead to massive financial losses or contract failures, exposing
users to fund theft or permanent fund locks.
• That is why smart contracts must be thoroughly tested and audited for security flaws before
deployment.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 32
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
There are many types of smart contract exploits…
1. Reentrancy and Call Issues 4. Gas and Resource Limitations
• Reentrancy Attacks • Gas Limit and Loop Exploits
• Unchecked Call Return Values • Block Gas Limit Vulnerability
• Delegatecall Vulnerabilities
• Self-Destruct/Destruction Vulnerabilities 5. External Dependencies and Manipulation
• Cross-Contract Exploits • Timestamp Dependency
• Randomness Vulnerability
2. Math and Overflow Problems • Oracle Manipulation
• Integer Overflow/Underflow • Flash Loan Attacks
• Floating Point Precision Errors • Race Conditions (Transaction Ordering)

3. Access and Control Flaws 6. Phishing and Interface Issues

• Access Control Flaws • Phishing Attacks via Contract Interfaces
• Denial of Service (DoS) • Uninitialized Storage Pointers
• Short Address Attack
• Front-Running We'll dive deeper into some of these vulnerabilities
to understand their mechanics and potential risks.
Sources: https://blaize.tech/article-type/web3-security/9-most-common-smart-contract-vulnerabilities-found-by-blaize/, https://shorturl.at/zX9H9, https://shorturl.at/dBIvV

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 33
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Other types of exploits
• Hacks (Malicious Intent) • Centralized Exchange Hacks
• Directly stealing funds or manipulating • Poor security on centralized platforms (not
contract logic for financial gain. directly related to blockchain or smart
• Hackers exploit flaws in the contract code, contracts).
such as unchecked transfers or • Hackers breach a centralized exchange's
reentrancy bugs. internal systems, such as databases or
wallets.
• Arbitrage Exploits
• Users take advantage of inefficiencies or • Logic or Oracle Vulnerabilities
discrepancies in the market or contract • Flaws in the logic of a contract or
logic. manipulate external dependencies such
• They exploit price differences between as oracles.
markets or manipulate oracles without • A price of an oracle on a decentralized
breaking the law. exchange can be manipulated to gain an
• Flash loans are often used to manipulate unfair advantage on trades.
prices on decentralized exchanges for
instant profit.

Source: https://appinventiv.com/blog/defi-vs-cefi/

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 34
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Logic errors
• Logic errors occur when the smart contract's internal rules or calculations are flawed,
potentially locking funds or causing unintended behavior.
• A small coding mistake can lead to incorrect behavior.
• For example, rounding errors or out-of-order operations can cause severe issues like locking
funds or failing transactions.
• Even small errors, such as incorrect decimal places, can cause failed transactions.
• In extreme cases, these errors can cause contracts to be "bricked," making funds
inaccessible.

Scenario:
• A smart contract intends to transfer 1,000 tokens, but due to a rounding error, it rounds up to
1,001 tokens.
• The contract has insufficient funds (1 token short) and the transfer fails. This can lock up the
entire pool of 999 tokens permanently in the contract.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 35
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Oracles - External Dependencies
• These attacks take advantage of vulnerabilities in external dependencies, such as oracles.
• Oracles provide off-chain data (e.g., token prices) to a smart contract.

• A single or illiquid oracle can be manipulated.

• Attackers artificially lower the price on one oracle and buy assets at a discount on another
platform relying on the manipulated price.

• Flash loans are Instant, no-collateral loans that must be repaid within one transaction.
• They allow attackers to manipulate token prices through oracles by quickly selling tokens, lowering
the price, and then buying them at a lower price on other platforms.

• Flash Loan Attacks:

• The attacker borrows a large amount of capital, manipulates the market using multiple DeFi
protocols, and repays the loan in the same transaction.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 36
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Arbitrage exploits
• Arbitrage exploits involve taking advantage of price discrepancies across different platforms or
assets without outright malicious intent.

• A good example would be rounding errors that lead to incorrect token balances or failed
transactions.

• Even small errors, such as incorrect decimal places, can cause failed transactions and lock
funds.

• In extreme cases, these errors can cause contracts to be "bricked," making funds
inaccessible.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 37
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
The DAO incident: A classic smart contract exploit
• The DAO (Decentralized Autonomous • The reentrancy bug is a flaw where the
Organization) was launched in 2016 as one of contract allowed repeated withdrawals before
the first decentralized venture capital funds. updating balances.
• Investors sent Ether (ETH) to the DAO in
• The attacker exploited this flaw to drain 30% of
exchange for DAO tokens, which gave them
voting rights on startup investments the DAO’s funds (around $50 million at the
time), by repeatedly calling the withdrawal
• Raised $150 million USD worth of ETH from function and draining funds before the contract
more than 11,000 investors, becoming one of could check the balance.
the largest crowdfunding campaigns ever.
• The DAO Hack led to the infamous DAO hard
• At its peak, 14% of all ETH was locked in the fork on July 20, 2016, (Block #1,920,000). At
DAO smart contract. the time of the fork, the ETH price was $12.54.
• The DAO’s structure aimed to replace
traditional venture capital with a decentralized, • The Ethereum network split into two:
transparent decision-making process. • Ethereum (ETH): The main chain, and
• Ethereum Classic (ETC): The original chain
that maintained the hack in its history.
Sources: https://www.gemini.com/cryptopedia/the-dao-hack-makerdao, https://ethereum.org/en/history/

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 38
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
The bZx oracle attacks (1/2)
Attack #1 (Feb 14, 2020) Attack #2 (Feb 18, 2020)
• Flash Loan: Attacker borrowed 10,000 ETH • Flash Loan: Attacker borrowed 7,500 ETH from
($2.7 million) from dYdX. bZx.
• Collateral Setup: Used 5,500 ETH to acquire • Price Manipulation: Manipulated the price of
112 wBTC on Compound. sUSD by trading on Synthetix, Uniswap, and
• Short Position: Opened a 5x-leveraged short Kyber, spiking its price to $2.30.
position against the ETHBTC ratio on bZx. • Profit: Pocketed 2,379 ETH (~$640,000) after
• Price Manipulation: Spiked wBTC prices on repaying the loan.
Uniswap, increasing it to 3x the norm.
• Profit: Sold the 112 wBTC for 6,871 ETH,
gaining a profit of around $350,000.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 39
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
The bZx oracle attacks (2/2)
• Single Price Oracle Dependency:
• bZx relied solely on Kyber for price feeds, creating a single point of failure.
• Attackers manipulated prices on illiquid platforms (Kyber, Uniswap), which then affected bZx’s
contracts.

• Composability Between DeFi Platforms:

• Attackers exploited the composability of DeFi protocols, allowing them to easily borrow large
amounts and manipulate prices across platforms.
• Illiquid assets and flash loans allowed attackers to take large, under-collateralized positions.

• Smart Contract Bug:

• A bug in bZx’s code allowed attackers to bypass collateral checks, facilitating under-collateralized
loans.
• Undercollateralized Positions: Both attacks took advantage of this bug to create much larger loan
positions than the collateral provided.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 40
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3

3. Web 3 Privacy Solutions

Session: Security and Privacy in Web3
Zero- Knowledge Proofs (ZKPs)
• ZKPs are advanced cryptographic protocols that allow a prover to convince a verifier that a
statement is true without revealing any information other than the fact that the statement is true.

• Core Concepts of ZKPs:

• Completeness: If the statement is true, an honest prover can convince the verifier of its truth.
• Soundness: If the statement is false, no dishonest prover can convince the verifier that it's true, except
with negligible probability.
• Zero-Knowledge: The verifier learns nothing beyond the fact that the statement is true. The prover reveals
no additional information

• ZKPs enable privacy-preserving transactions (e.g., Zcash), secure voting systems (proving
voters' participation without revealing choices), and authentication protocols for identity
verification without disclosing personal information.

Source: https://chain.link/education/zero-knowledge-proof-zkp

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 42
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Understanding ZKPs
We will use the classic example of Alice and Bob
1. Alice and Bob are in front of a cave with two paths, A and
B, both leading to a locked door requiring a passcode.
Alice knows the passcode and wants to prove this to Bob
without revealing it.
2. Alice enters the cave, randomly choosing either path A or
B and waits at the door.
3. Standing outside, Bob, unaware of her choice, randomly
calls for her to return via either path A or path B.
• If her chosen path matches Bob’s request, she simply exits.
• If not, she unlocks the door and switches paths, proving she
knows the passcode.
4. If Alice can consistently switch paths as requested, it
proves she knows the passcode. Repeating this multiple
times increases Bob's confidence in her knowledge,
without revealing the passcode itself.

Source: https://chain.link/education/zero-knowledge-proof-zkp

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 43
Institute for the Future, unic.ac.cy/blockchain
Session: Decentralized Finance
ZK Proofs are becoming more and more popular

● ZK proofs are
becoming cheaper
while gaining
popularity on
Ethereum.

● ETH-denominated
value on ZK rollups
has increased,
despite declining
verification costs.

Source: https://a16zcrypto.com/posts/article/state-of-crypto-report-2024

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 44
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
ZKP types
zk-SNARKs (Succinct Non-Interactive Argument zk-STARKs (Scalable Transparent Argument of
of Knowledge) Knowledge)
• zk-SNARKs generate small cryptographic proofs that • STARK-based proofs are more scalable due to their
are easy to verify. minimal prover-verifier interaction.
• Uses elliptical curve cryptography for greater • Unlike zk-SNARKs, STARKs do not require a trusted
gas-efficiency. setup.
• Require no back-and-forth communication between • STARKs are faster than SNARKs due to reduced
prover and verifier. interaction requirements.
• Commonly used in privacy-preserving blockchains like • STARKs utilize transparent cryptographic
Zcash. assumptions (no need for elliptical curves).

PLONK (Permutations Over Lagrange-bases for Bulletproofs

Oecumenical Non-Interactive Arguments of • Bulletproofs eliminate the need for a trusted setup,
Knowledge) making them more secure.
• PLONK uses a universal trusted setup that can be • They are non-interactive, like zk-SNARKs, but more
reused for any program. efficient
• Supports many participants in the proving process. • They can generates short zero-knowledge proofs that
• Is known for generating verifiable proofs that can work are lightweight and efficient.
across different systems.

Source: https://chain.link/education/zero-knowledge-proof-zkp

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 45
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Zcash
• Zcash (ZEC) is a privacy-focused cryptocurrency that uses advanced cryptography to ensure
transaction privacy while maintaining a public blockchain.
• It is built on the bitcoin codebase, but offers significant privacy enhancements.

• Features:
• Proof of Work consensus mechanism
• Fixed Total Supply: 21 million ZEC, identical to Bitcoin.
• Low Fees: Default .0001 ZEC per transaction, configurable by users.
• Encrypted Memos: Users can include private messages or data to transactions.
• Transaction Expiration: Default expiration of 40 blocks (50 minutes) to prevent mempool bloat.

• Zcash's zk-SNARKs allows encrypted transactions without requiring parties to share private
keys or data. It ensures that all inputs and outputs of shielded transactions remain encrypted,
while still being validated by the network.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 46
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Zcash- Address and transaction types
• Zcash supports two unique address types:
• Private (z-addresses): Begin with "z" and offer privacy protections.
• Transparent (t-addresses): Begin with "t" and function like Bitcoin addresses (public sender, receiver,
and value).
• Funds can be transferred between z-addresses and t-addresses, though privacy implications
exist when shielding or deshielding information.

• Transaction Types:
• Transparent (t-to-t): Public transactions, similar to Bitcoin.
• Shielded (z-to-z): Most secure, encrypting sender, receiver, and amount.
• Shielding (t-to-z) and Deshielding (z-to-t): Transition transactions between privacy and transparency.

• While the transaction details are encrypted in z-to-z, all transactions are
visible on the public blockchain, ensuring transparency in occurrence and fees.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 47
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Ring Signatures
• A ring signature is a type of digital
signature that allows one member of a
group to sign a message on behalf of the
group. However, the actual signer’s
identity remains anonymous.

• Key Features:
• Anonymity: The identity of the real
signer is hidden among the group of
possible signers.
• Unlinkability: No one can determine
which member of the group actually
signed the message.
• No Setup Required: Unlike other
anonymity protocols, no trusted setup is
necessary for ring signatures.

Source: https://www.sciencedirect.com/topics/computer-science/ring-signature

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 48
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Monero
• Monero (XMR) is a fully privacy-focused Features:
cryptocurrency designed to make • Proof of Work (RandomX, ASIC-resistant
transactions untraceable and unlinkable. algorithm designed by the community.)
• Infinite supply with main emission (~18.1 million
XMR by May 2022) followed by tail emission (0.6
• Unlike Zcash, Monero enforces privacy by XMR/block).
default on all transactions. • Blocks created every ~2 minutes, with dynamic
block size and reward penalty for scalability.
• In Monero, all transactions are private, ensuring
the fungibility of coins.
• Monero utilizes a dual key system: • Each Monero unit is indistinguishable from any
• Private View Key: Allows users to view other, making it immune to blacklisting.
incoming transactions without revealing
spending abilities.
• Private Spend Key: Used to authorize
transactions, maintaining control over funds.

Source: https://www.getmonero.org

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 49
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Monero’s privacy-enhancing technologies:
RingCT (Ring Confidential Transactions): Ring Signatures:
• Makes the amount in each transaction invisible to • Mixes the sender's transaction with multiple decoy
everyone but the parties involved. transactions.
• Prevents any observer from knowing how much Monero is • Makes it unclear which input is the actual source of the
being transferred. funds.
• Anonymizes the sender by making it impossible to
definitively identify them from a group of possible
participants.
Stealth Addresses:
• Creates a one-time, unique address for every transaction.
• Makes it impossible to determine the recipient’s address Dandelion++:
or transaction history by viewing the blockchain.
• Splits transaction broadcasting into two phases: "stem"
and "fluff."
• Stem: The transaction is passed privately between nodes
Tor/I2P: before it is broadcast.
• Routes transactions through Tor or I2P networks to hide IP • Fluff: The transaction is spread across the network,
addresses. making it harder to trace back to the original source.
• Prevents tracking of the sender’s or recipient’s physical • Protects the sender’s IP address from being exposed
location. when broadcasting a transaction.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 50
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3
Tornado Cash: A privacy solution under scrutiny
• Tornado Cash is a decentralized, non-custodial privacy solution built on Ethereum that uses
zk-SNARKs to enable anonymous transactions by obfuscating user identity and transaction
details.

• Features:
• Utilizes zk-SNARKs for privacy.
• Allows users to send and receive Ethereum and ERC-20 tokens anonymously.
• Non-custodial: Users retain control over their funds without intermediaries.

• Tornado Cash has faced legal challenges and was banned by U.S. authorities in 2022,
accused of facilitating money laundering, raising concerns about the balance between privacy
and regulatory oversight in DeFi.

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 51
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3

4. Conclusions
Session: Security and Privacy in Web3
Conclusions
• Choosing the right wallet type and securing private keys are essential for protecting digital
assets in Web3
• Awareness of smart contract risks and common exploits empowers users to safeguard against
vulnerabilities
• Zero-Knowledge Proofs and other privacy tools are fundamental for preserving anonymity on
public blockchains
• Privacy must be carefully balanced with transparency to maintain trust and integrity in
decentralized platforms

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 53
Institute for the Future, unic.ac.cy/blockchain
Session: Security and Privacy in Web3

5. Further Reading
Session: Security and Privacy in Web3
Further Reading
Everything you need to know about crypto addresses
https://www.exodus.com/support/en/articles/8599045-everything-you-need-to-know-about-crypto-addresses

Security 101 - How to protect yourself in the world of DeFi

https://help.1inch.io/en/articles/5702506-security-101-how-to-protect-yourself-in-the-world-of-defi

How to stay safe in DeFi

https://www.kraken.com/learn/how-to-stay-safe-in-defi

Understanding User-Perceived Security Risks and Mitigation Strategies in the Web3 Ecosystem
https://dl.acm.org/doi/pdf/10.1145/3613904.3642291

What Is a Zero-Knowledge Proof?

https://chain.link/education/zero-knowledge-proof-zkp

Session: This work is released under a Creative Commons Attribution 4.0

Security and Privacy in Web3 International (CC BY 4.0) License © University of Nicosia, 55
Institute for the Future, unic.ac.cy/blockchain
Questions?
Contact Us:

Twitter: @mscdigital
Course Support:
[email protected]
discord.gg/bq2P9XUfnD
IT & Live Session Support: [email protected]