Web3 security is mostly immature, not inherently broken, and faces challenges due to open-source codebases and public blockchains, allowing attackers time to inspect code and the difficulty of traditional incident response mechanisms.
This article briefly described that the web3 security landscape is (currently) made up of the following verticals:
- Smart contract audit services
- Formal verification
- Crowdsourced security (bug bounties and audit contests)
- Threat monitoring and incident response
- Blockchain forensics (KYC + AML)
- Protocol risk management
- User security
