Despite its promise, the Web3 landscape faces significant security and custodial challenges that must be managed for the ecosystem to mature. Unlike traditional systems where established legal and technical safeguards have been carefully developed and adopted, Web3’s decentralised nature shifts much of the responsibility (and risk) to a reliance on the robustness of code within smart contracts and puts the onus for securing assets onto their owners and users. Several significant risk categories have emerged:
- Smart Contract Vulnerabilities: Web3 applications often rely on smart contracts – pieces of self-executing code written on blockchains – to hold funds and enforce rules. A flaw in this code can be catastrophic, since “code is law” in these systems.
- Governance Attacks: Decentralised governance – where token holders vote on proposals – is core to many DAOs. However, governance mechanisms themselves can be manipulated if not carefully designed.
- Key Management and Custody Risks: In Web3, holding the private keys to a digital asset wallet equates to holding its assets. This grants users sovereignty over funds, but it also means that lost or stolen keys can result in irretrievable losses since no central authority can reverse unauthorised transactions.
- Operational Custody Challenges: Beyond external threats and individual key loss, the inherent nature of these decentralised entities introduces distinct operational custody challenges.
- Regulatory and Legal Uncertainties: The regulatory environment for Web3 and DAOs remains uncertain and varies widely from jurisdiction to jurisdiction, posing compliance challenges.
Digital asset custodians sit at the heart of Web3. Without certainty over the security and safety of digital assets, enterprises and multinational institutions, who have fiduciary duties and are responsible for managing clients’ funds or holding their assets, would simply be unable and unwilling to open up their businesses to the potential risks posed by this emerging industry.
BEST PRACTICES FOR SECURING WEB3 ENTITIES AND DAOS:
- Ensuring strong governance, secure custody solutions and compliance: Web3 entities and DAOs are new organisational structures that understandably undergo a high degree of scrutiny from the media, as well as from potential investors, partners and clients. Reliable custody lies at the heart of trust in such organisations. Digital asset custodians have matured enormously since the birth of cryptocurrency and now offer solutions that have coalesced around a set of industry best practices which are equally suitable for both crypto-native organisations, as they are for heavily regulated financial institutions.
- Governance best practices: Segregation of business lines & segregation of duties: Custodians such as Zodia Custody were deliberately created by Standard Chartered to operate as a standalone business to segregate custody as a business line distinct from trading and other services. Digital asset custodians’ service offerings should also practice good governance and segregate duties across the different users who are responsible for managing assets.
- Secure Custody: Best practices in custody involve a high degree of due diligence. Having robust cyber security policies in place is a basic requirement including conducting regular pen tests, offering bug bounties, ensuring certification renewals, and frequent software testing.
- Compliance: Compliance is a market requirement for digital asset custodians whether they are operating in Web3 or in traditional finance Without it, digital assets would simply not be accessible to traditional financial institutions or consumers. The TradFi market relies on digital assets firms being able to marry the regulatory lessons and security processes common to a traditional financial market – which has matured over many decades – to the newer, faster, and more transparent digital asset ecosystem. The scope of compliance requirements for digital asset custodians is broad and multi-layered, encompassing not only financial crime prevention but also operational resilience, consumer protection and data privacy.
As Web3 and tokenisation grow, they present custody providers with enormous potential to innovate. Current areas of growth include the rise of stablecoins, which are transforming payments and global trade with a range of innovative use cases, as well as the increasing convergence of cryptocurrencies, digital assets and blockchain with other frontier technologies such as AI, IoT devices and smart cities.
Successfully navigating this landscape requires advanced technology, robust governance, and enabling regulation. Institutional-grade custodians provide the specialised security infrastructure – utilising cold storage, sophisticated key management like MPC and multi-sig, and operational resilience – essential to safeguarding assets against increasingly complex threats. Simultaneously, Web3 entities, DAOs, and Blockchain Foundations must implement rigorous internal governance processes and adhere to best practices for treasury management and operational security, ensuring decentralised decision-making does not equate to vulnerability.
Leave a Reply