September 29, 2022

Keeping your website secure with ENS and IPFS

This article follows up on Anya Nova's previous article about the hacks in the crypto world. Here, Anya explains different ways that can help you protect your website against hackers while also giving a brief overview of how Powerledger plans to address this issue moving forward.

In the previous post, we looked at the hacks that affected the crypto ecosystem, including the DNS Curve hack, and the requirement to keep your website secure by using reliable DNS providers. 

This post is about developments in this space that take website security further.   

But first what’s the worst that can happen if your website is down?  Aside from the minor annoyance of people not being able to access your website, there are risks of theft if the website links to smart contracts, such as those enabling staking for example. Hijacking a website and using a different allowance address can result in user funds being drained. 

There are fascinating solutions emerging, which we look at in more detail in this post. 

The benefits of ENS, Ethereum Name Service, are well explained by 101 blockchains as  

“Much like the IP address stage in the early days of the internet, crypto transactions come with hexadecimal strings of numbers. Therefore, users encounter issues in accessibility and ease of use with different blockchain-based solutions. 

ENS emerged as a productive solution for simplifying the crypto and DeFi sector, especially for beginners. It allows users to create universal nicknames for all their public addresses and decentralized accounts. Rather than using an incomprehensible string of keys for different crypto addresses, users can rely on one ENS Ethereum domain….. as a simple lookup service developed on the Ethereum blockchain. You can think of ENS as the nickname generator in the case of public Ethereum addresses, improving accessibility of crypto.”

What it means in practice, is that an Ethereum staking contact, such as the one Powerledger uses - 0xba33aa06901b7662e17869f588b77c04fb0cd872 - can be represented by a simple “nickname” so that users are less likely to make a mistake when typing it into the browser. 

And that’s just the beginning. 

In conjunction with IPFS, it can act as an additional safety measure against hacking. 

What is IPFS? In short, IPFS, an Interplanetary File System, is a decentralized storage system.  

This means that an entire Web3-enabled website, including an associated smart contract and the website’s front end, can be represented by a hash, meaning that any change to the website’s front end or smart contract (benign or malicious) will result in a hash breaking, preventing a user from accessing the website which in turn alerts the user of potential malicious activity.

What are some of the considerations when creating an ENS/IPFS enabled, i.e. decentralised website?  

First, a few browsers have native compatibility, amongst them Brave and Opera.  More browsers are adding support for decentralized websites.    In the meantime, it’s important to understand what browser most of the visitors to your website are using. 

Second, and most importantly, it requires skills and resources to set up and maintain.   The time and cost of setting up and maintaining a decentralized website is probably an overkill for most websites where the risk of attacks is small, while the skills required to set it up are not yet widely spread. 

At Powerledger, we are taking steps to create an alternative ENS/IPFS pathway to access the staking website, although at this stage it is more of an add-on, rather than a necessity, which would only appeal to a very small percentage of visitors.   However, it is a great backup to have in case of a security breach of our conventional front end.

In the future, we might make it available as ENS/IPFS gains greater adoption or as an emergency measure in case of a security breach of our conventional front end. 

Author: Anya Nova, Blockchain development and staking operations, Powerledger

Disclaimer: Powerledger does not provide financial advice, we recommend seeking independent financial, tax and legal advice prior to purchasing any cryptocurrency.

Let's chat

Get in touch