Web3 as an industry has made it through some very rough times over the last five or so years. From bullish spikes to bearish dips creating whiplash for the traders that were trying hard to hang on, to multiple breaches (both inside and out), the Web3 name has taken some hits. Thankfully, the unique value of what a decentralized ecosystem can provide is just too much to abandon, and through the efforts of many different developers and visionary teams, the industry continues to build, improve, and convince more and more people to explore Web3’s use cases.
Today, as always, one of the key goals for Web3 is mass adoption. The benefits of Web3 will grow exponentially the more people join, and the number of use cases will also increase as the demand increases. Ecosystems flourish when they grow, and Web3’s anatomy is an excellent example of this.
Part of the problem is that the larger community has a strange amount of knowledge toward Web3. They have spikes of understanding in some areas, but are grossly ignorant in others. A big part of this is the nature of the media ecosystem, which takes those easy to digest elements of any technical subject and focuses on those stories for their viewers who aren’t familiar (or interested) with the subtle details of the technology being discussed. AI and quantum computing certainly share this same curse, but with Web3 the selection of things “worth talking about” can be distilled into a few areas. First, the value and brief explanation of Bitcoin. It’s risen in value an unbelievable amount, it is somehow created using a bunch of computers (maybe in a mine somewhere?), and it uses something called blockchain, which might be the same thing as Bitcoin. Second, NFTs. This is especially unfortunate as a silly and fairly brief fad-bubble was easy enough to explain that it caught the attention of the average news consumer, leading this massive audience to believe that NFTs, which are digital trading cards or perhaps just pixelated jpegs, were a dumb fad and those who spent money and lost it got what they deserved. It takes away any understanding or value of an NFT as a gateway to RWAs, proof of ownership, or other Web3 elements. Finally, the average news cycle ignored Web3 for the most part except to report on the scams, the breaches, the inside job corruption, the smart contract weaknesses, and anything else that led to either a massive theft or a major scandal. Yes, these were newsworthy events, but they weren’t balanced by the equal number of amazing developments in Web3 that weren’t reported.
So what can we do about these issues? For Bitcoin, it’s going to keep doing what it does best, and news will keep reporting on it. NFTs in their primitive form are likely not going to hit another rapid bubble and make the news. But the security of Web3 is something tangible that is worth addressing, for the sake of the industry and community, but also to show the potential “mass adoption audience” that Web3 has matured quickly and has become a leader in institutional security for the platforms and people involved. Let’s dive into the key areas of Web3 security, what it takes to build an institutional grade system, and which platforms are working on it. We’ll look at one platform in particular, Enclave Markets, which is the first of its kind to maximize many different aspects of security without hampering access or performance.
Institution Grade Security: Fixing Four Problems
Web3 has learned that if it wants to overcome these weak points, it will need to adopt best practices from industries like TradFi and information security, then adapt those practices to work with the specific elements of the Web3 architecture. The first issue to tackle is private key compromise risks. While traditional businesses have used standard encryption to work this, Web3 platforms have to use additional tools since there is often no centralized verification protocol. While this is excellent in terms of preventing insider threats, it makes it more difficult to verify access and authentication. Multi-party computation (MPC) has found an ideal role in this challenge, providing the means to authenticate without sending sensitive information in the open (encrypted or not). The second issue is smart contract exploits, which is a more comprehensive challenge as smart contracts take all forms, and as a result so do potential weaknesses. This can be solved through intensive software development best practices (like those used in traditional tech fields), along with third party audits and even more aggressive red team penetration tests. More and more developers are following this model, and this is leading to a Web3-specific set of best practices for smart contract building. The third challenge is that of malicious actors. This overlaps considerably with the first two issues, as the malicious actors are the ones trying to steal information or crack a smart contract. But for many organizations, the malicious actors come from within, and a transparent and well-built Web3 platform is both decentralized and stable, using standards like non-custodial wallets to ensure there simply cannot be an insider threat. The standards for creating consensus are improving as well, plugging security holes through better architecture rather than plugging them one at a time. Finally, the fourth problem faced by Web3 isn’t about theft or scandal, but regulation. Those Web3 platforms that are proactive in working with regulators have helped to develop reasonable guidelines that protect the Web3 platforms just as much as anyone else, setting clear expectations and guidelines to ensure the system as a whole can be healthy over the long term.
Confidential Computing Architecture: The Connected Black Box
As mentioned above, there are a few platforms working beyond the best practices to solve the four biggest problems in Web3 security. These platforms are using traditional best practices but then are leveraging those technologies and security protocols that can open up Web3 to performance but keep it tightly secured from threats. A leader here is Enclave Markets, for several reasons. They aren’t the only platform using these tools, but they might be the only platform using them in concert and keeping network performance high. The platform exercises a fully encrypted architecture, using trusted execution environments (TEE) to act almost as an airgap during sensitive computation, without cutting off access from the network. Using TEEs helps to ensure a tamper-proof and privacy-preserving environment, which in addition to security also helps shield trades from shady practices like front-running. At the same time, the system takes advantage of the top practices in traditional and Web3 industry, such as integrating MPC. Integrating all these elements together into a layered architecture, while still offering the high speed and low cost expected of top blockchain platforms is not only possible, it is in place and a key part of the appeal.
Final Thoughts
Web3’s rapid innovation cycle has allowed it to learn quickly from its mistakes and weaknesses, which take a potential liability and makes it a massive strength. While Enclave Markets illustrates an excellent example of what Web3 institutional grade security should look like, we should stop here. All serious platforms should understand that the bleeding edge for Web3 security is a moving target, always moving forward and demanding that the best will continue working to improve. With this attitude and momentum, it won’t be long until the mainstream news sources will begin reporting on the superior security offered by Web3, asking why traditional industries have been left behind.
