Web3 Domain Alliance Emerges to Address Cybersecurity Concerns

A Web3 Domain Alliance has been formed this week to create domains that will advance interoperability of Web3 domain registries and better secure digital identities by preventing, for example, cybersquatting.

Members of the Web3 Domain Alliance include Unstoppable Domains, owner of .crypto, .nft, .x, .wallet, .bitcoin, .dao, .888, .zil and .blockchain domains, Tezos Domain, owner of .tez, Polkadot Name System (.dot), and Hedera (.hbar), Syscoin (.sys) and klaytn.domains (.klay). Collectively, those domains span Polygon, Ethereum, Tezos, Polkadot, Hedera and Klayton blockchains.

Sandy Carter, senior vice president and channel chief of Unstoppable Domains said this coalition is dedicated to creating the equivalent to how Web2 domain names are organized by the Internet Corporation for Assigned Names and Numbers (ICANN), a nonprofit organization responsible for coordinating namespace databases. Today, there is no such governing body for Web3 domains, she noted.

Web3 Domain Alliance goals include preventing malicious phishing attacks, impersonations of top-level domains (W3TLDs) and domain collisions, Carter added. The Web3 Domain Alliance also plans to proactively engage in discussions with ICANN to increase awareness and recognition of W3TLDs as part of its effort to align the intellectual property rights of all Web3 naming services, said Carter.

A Web3 domain is different from traditional domains in that it is minted on the blockchain and stored in an end user’s wallet. In contrast to Web2 domains, the entire Web3 approach is based on a decentralized architecture that gives end users more control over their data.

It’s still early days as far as the development of Web3 applications and sites is concerned. It’s apparent that cybersecurity challenges will be substantial when employing any type of decentralized platform based on an immutable blockchain platform. The challenge is that each of those decentralized platforms will contain sensitive data that needs to be secured.

Less clear is to what degree Web3 applications might subsume Web2 applications but cybersecurity teams should assume both architectures will exist alongside one another for the next decade or more. In fact, cybercriminals have already begun to launch attacks against blockchain networks using traditional phishing attacks to compromise digital identities and wallets.

There are, of course, a host of other Web3 issues that span everything from finding more efficient ways to manage blockchain nodes at scale to reducing the amount of carbon that will be generated as more blockchain nodes come online. The issue is not so much whether decentralized applications will be created but rather to what degree they will be employed. The one thing that is certain is many of these applications, such as tracking goods as they traverse a supply chain, will present cybercriminals with targets that are too tempting to ignore.

The hope is that proponents of Web3 will address cybersecurity issues before these applications become more widely deployed. Should that occur, however, it would mark the first time in the history of IT that cybersecurity concerns were addressed before a platform was built and deployed, so cybersecurity professionals might want to prepare for the worst.

Featured eBook
The State of Cloud Native Security 2020

The State of Cloud Native Security 2020

The first annual State of Cloud Native Security report examines the practices, tools and technologies innovative companies are using to manage cloud environments and drive cloud native development. Based on a survey of 3,000 cloud architecture, InfoSec and DevOps professionals across five countries, the report surfaces insights from a proprietary set of well-analyzed data. Sponsorships … Read More