The crypto industry is constantly facing security issues. Therefore, it is important to remember to apply security methods. Ethereum founder Vitalik Buterin has repeatedly shared his wisdom with cryptocurrency users.
Recently, Buterin published an article analyzing the growing risks in the cryptocurrency sector, including the problem of “deep fakes” and their implications for security measures.
Let’s take a closer look at this article.
In his article, Buterin writes that every year it becomes harder and harder to recognize deep fakes as they become more realistic in appearance. He says that he recently became a target himself when a video featuring him was used to promote a scam and questionable investments.
He also emphasizes that audio and video recordings of a person are no longer a safe method of identifying their authenticity, citing the example of a company that lost $25 million due to a video conversation with a deep fake.
Cryptographic Signatures Are Not The Only Solution
Buterin criticizes the approach to cryptographic signatures as a method of verification. In his view, this approach ignores the broader context of security – the human factor.
Buterin argues that the practice of multiple signatures for transaction approval, which is intended to provide multi-level verification, can fail because an attacker can impersonate the manager not only for the last request but also for the previous stages of the approval process.
“The other signers accepting that you are you, if you sign with your key, kills the whole point: it turns the entire contract into a 1-of-1 multisig where someone needs to only grab control of your single key to steal the funds!” he notes.
Personal Questions As a Security Measures
Buterin writes: “Suppose that someone texts you claiming to be a particular person who is your friend. They are texting from an account you have never seen before, and they are claiming to have lost all of their devices. How do you determine if they are who they say they are?”
Probably inspired by Harry Potter, Buterin proposed a simple but powerful method of protection as a solution: “Ask them things that only they would know about their life.”
It is better to ask them, for example, about your experiences together:
When the two of us last saw each other, what restaurant did we eat at for dinner, and what food did you have?
Which movie did we recently watch that you did not like?
Which of our friends made that joke about an ancient politician?
The more unique your question, the better. Questions that make a person think, and they may even forget the answer, are good, but if your opponent claims to have forgotten, ask them a few more questions.
It’s always better to ask questions that relate to some “micro” details (what someone liked/disliked, personal jokes, etc.) than “macro” questions. Since the former are usually much harder for third parties to accidentally dig up (e.g. if even one person posted a photo of the dinner on Instagram, modern LLMs may well be fast enough to catch that and provide the location in real-time)
It Is Always Better to Combine Several Security Strategies
There is no perfect security strategy, so it’s best to combine several methods at once.
You can agree with a friend in advance on the passwords that you will use to authenticate each other. Or you can agree on a “duress” key, a word you can use to signal that you are being coerced or threatened.
The word should be common enough that you feel natural using it, but rare enough that you don’t use it accidentally in everyday conversation.
If you receive an ETH address, ask the person to send it to you through several communication channels (other social networks or messengers).
Protection against MitM attacks: Man-in-the-middle attacks are a common threat in digital communications. It involves an attacker covertly transmitting and potentially altering messages between two parties who believe they are communicating directly with each other.
To solve this problem, Buterin suggests using cryptographic protocols such as Transport Layer Security (TLS) and Secure Sockets Layer (SSL) to encrypt data in transit, making intercepted conversations unintelligible to outsiders.
Additionally, the implementation of end-to-end encryption in messengers ensures that only the users who are speaking can read messages, effectively eliminating the threat posed by these attacks.
The expert concludes the article with the following words: “Each person’s situation is unique, and so the kinds of unique shared information that you have with the people you might need to authenticate with differs for different people. It’s generally better to adapt the technique to the people, and not the people to the technique. A technique does not need to be perfect to work: the ideal approach is to stack together multiple techniques at the same time, and choose the techniques that work best for you.”
SoulBound Token
Vitalik Buterin is known for his brilliant ideas for projects. SoulBound Token was one of those projects. The Ethereum founder, along with lawyer Puja Alhaver and economist Eric Glenn, first proposed the concept in May 2022 to address some of the shortcomings of non-fungible tokens (NFTs) and similar ones.
SoulBound Token is an irreplaceable token valid for only one address that cannot be transferred or sold. This feature makes them ideal for representing assets that cannot be acquired through purchase, such as certificates of competence, reputation, medical records, etc.
SBT can be used for a variety of purposes, for example:
Maintaining medical recordsStorage of digital identity cardsMaintaining an employment record bookVerification of event attendanceAllows people to build a verified digital reputation based on past actions
Some companies and organizations have also used SBT to create a decentralized and secure digital identification system, for example:
Binance – launched its own SBT called Binance Account Bound (BAB) to improve Web3 identity verification and prevent fraud.
WhiteBIT – their Web3 service, WB Soul Ecosystem, allows for the recreation of a user’s identity in the Whitechain through the WB Soul and characterizes it according to your account.
Blockmate – discussing the use of SBT to display payment and debt history, enabling unsecured lending and improving credit scores.
Summary
Even though the expert recently stated that he is already “outdated” and will soon be replaced by a new talent, people still find his ideas and advice useful. They have repeatedly made life easier not only for cryptocurrency users but also for people not connected with crypto. And while Buterin hasn’t left cryptocurrencies yet, we will be waiting for new brilliant ideas from him.
#News #security #Buterin #deepfake