The decentralized nature of Web3 fascinates many people. However, not everyone realizes that with greater power also comes greater responsibility. During the previous Web2 era, the backends of websites quietly handled verification tasks. Now, some of these tasks have been shifted to Web3 users. With a diverse range of verification requests being presented to users, is it realistic to expect untrained users to process and navigate them effectively? In this talk, I will introduce you to the differences between Web2 and Web3 verification, as well as common tactics used by scammers.

Since the emergence of decentralized finance (DeFi) in 2019, the total number of hacker attacks on blockchain has exceeded 700, with losses totaling over 23 billion USD. Meanwhile, some sanctioned countries have also utilized blockchain technology to launch attacks and generate significant income. Through data analysis, it can be seen that Web3 security issues are still in the early stages of development due to limited resources and the difficulty of getting started. For many users who have just started using Web3, the experience may not be as good as traditional application services. Despite this, Web3 has enormous development potential and will bring revolutionary changes to the international financial system and even human economic operating models in the future.

In this session, we will analyze the differences in cybersecurity and defense logic between Web2 and Web3 from a blue team perspective, and analyze the security challenges faced by Web3 project parties, including recent hacker attacks and financial fraud events observed by XREX. Finally, we will reveal Web3 attack methods and share how XREX utilizes these resources to build comprehensive defense tools and provide practical suggestions for participants in the cryptocurrency industry to stay safe.

Through the cybersecurity conference, we hope to share experiences and information within the Web3 industry, lead everyone to learn from past examples, and have the opportunity to participate more closely in the development of the Web3 industry. At the same time, we also hope to attract more Web2 security experts to enter the Web3 field and jointly build a more secure decentralized ecosystem.

Smart contracts are a key technology in decentralized finance (DeFi) today. However, news of significant financial losses arising from contract vulnerabilities is far from infrequent. Indeed, we often hear about multi-million-dollar losses due to an error in a single line of code or in some aspect of the logic design. This underscores how the need for rigor in smart contract development goes far beyond that of generic software. Fortunately, outside of the costly process of manual auditing, there are now various rule/fuzzing-based automated scanning tools available that allow developers to conduct programming checks more efficiently and inexpensively. Training AI models on a large volume of contracts and developing models based on Transformer technology has enabled us to develop an AI vulnerability detection tool featuring both high accuracy and speed.