HackenProof CEO Dives Into Web3 Security Trends, Bug Bounty Effectiveness, And Growing Role Of AI In Cybersecurity At Hack Seasons Cannes
In Brief
HackenProof CEO Dmytro Matviiv emphasized at the Hack Seasons Conference that while Web3 attacks are becoming more complex, bug bounties and AI integration offer powerful tools to enhance cybersecurity and address evolving threats.
CEO of HackenProof, Dmytro Matviiv spoke at the Hack Seasons Conference in Cannes on July 3rd about trends in Web3 security, the evolving threat landscape, and the role of AI in cybersecurity.
HackenProof actively collaborates with multiple Layer 1 and Layer 2 protocols such as Ethereum Foundation, Sui, Aptos, Near, and cryptocurrency exchanges, including Bybit, and Gate, among others. They engage the security community to identify vulnerabilities, and upon validation of submitted reports, compensate security researchers accordingly. This process operates within a bug bounty and crowdsourced security model.
Evolving Cybersecurity Landscape: Rising Complexity Of Attacks, Bug Bounty Effectiveness, And Security Challenges In Emerging Ecosystems
According to Dmytro Matviiv, in HackenProof internal research is conducted on a continuous basis, with quarterly reports released to track trends in the cybersecurity landscape. Over the past two years, the number of reported hacks has declined, but the complexity of these incidents has increased. In the current quarter alone, over $2 billion has been siphoned through various attacks. Many of these incidents appear to be premeditated, with some individuals potentially working within organizations for extended periods before leaving behind backdoors and later executing coordinated attacks. A notable trend observed is the involvement of state-sponsored actors, particularly from North Korea, which presents challenges for enforcement and extradition, even when the identities of the perpetrators are known.
However, many companies offer competitive bug bounty programs. For malicious actors, it can be more beneficial to report vulnerabilities through official channels and receive legal compensation—sometimes amounting to hundreds of thousands or even millions of dollars—rather than exploiting those vulnerabilities, believes Dmytro Matviiv. In contrast, inadequate bounty structures may discourage responsible disclosure. For example, in a case involving Bybit, the maximum payout for a critical vulnerability on the company’s website was set at $4,000. A researcher exploited a vulnerability and caused a $1.3 billion loss. This raises the argument that offering a bounty equivalent to even 10% of the potential damage could serve as a more effective preventative measure.
“So if a company decides to legalize the bug bounty process, companies and researchers will certainly submit reports to help discover these vulnerabilities,” highlighted Dmytro Matviiv.
Recently, another security incident occurred involving the Cetus protocol, which operates within the Sui ecosystem. Observations indicate that the Sui ecosystem continues to experience a range of security challenges, partly due to its fast development and growing activity. The ecosystem maintains a large and engaged team and has shown a strong commitment to security through frequent bug bounty programs, contests, and audits. Despite the recent breach, Cetus is proceeding with a new bug bounty initiative in collaboration with HackenProof, scheduled for the following week. Overall, the Sui ecosystem remains active and responsive in addressing vulnerabilities.
“I believe Sui is one of the ecosystems that is still quite young. They have a new language, which combines Move and Rust, and there is a lot of potentially risky code where vulnerabilities might be found — this is why there are currently many issues in the Sui ecosystem. However, it is a very promising ecosystem, and many people are even buying their tokens. We believe this ecosystem will definitely take security to the next level.”
Integration Of AI Agents In Cybersecurity: Enhancing Automation While Managing Risks
AI and decentralization are currently widely discussed topics within the technology and cybersecurity sectors. HackenProof is actively engaging with these developments as part of its operational focus.
In some cases, security auditors create AI agents to perform tasks traditionally handled by humans, such as identifying security issues across various bug bounty platforms. HackenProof supports such security companies by assisting in the validation of reports generated by these AI agents.
“For example, those AI agents can scan a repository and generate 200 reports, and we validate them to determine whether each report is valid,” illustrated Dmytro Matviiv.
Another example is the use of AI agents to assist in detecting and organizing incoming reports submitted to HackenProof. These AI agents contribute to process automation; however, the quality and reliability of the outcome are highly dependent on the accuracy of the input data.
“Let’s say if you fully trust the AI agent and someone inputs incorrect data, that could trigger an action—for example, the AI agent might transfer money from one account to another, and so on. So it is very dangerous,” noted Dmytro Matviiv. “You have to isolate the AI environment and work only with the exact cases you understand, and ensure that the AI agent has been publicly verified as a proven one,” he added.
Last year saw a lot of investment in AI development, including the emergence of Layer 1 AI protocols. Currently, AI has become an important component for many companies, and those that do not integrate AI development into their processes may risk losing market relevance or business opportunities within six months or later.
“For sure, AI has to be a part of your business processes and, at minimum, help you understand what kinds of business opportunities you might miss. AI is also likely to become one of the biggest security threats for every company,” Dmytro Matviiv concluded.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
