Crypto Regulation through the Lens of Web3 Security

Ronghui Gu, CEO and Co-Founder of CertiK, discusses the current crypto chaos, what regulation will look like, and some possible security solutions.

The current upheavals across the web3 ecosystem have likely accelerated regulatory intervention in the space. 

As the bear market and the so-called ‘crypto winter’ set in amid the wider economic downturn, a few landmark events have refocused the conversation around regulatory intervention in the space.

Most recently, the UK National Crime Agency announced that it has seized £26.8 million in cryptocurrencies, stating in its report that the increase in hacks and attacks could harm the UK’s economy and institutions.

This comes after the lending platform Celsius froze all withdrawals and transfers on 13 June, citing ‘extreme market conditions’. And before both, the now notorious collapse of the Terra Network after its algorithmic stablecoin UST de-pegged, and Luna crashed.

Independently, each of these events is enough to draw the attention of regulators; taken together they amount to an alarm bell.

Indeed, across the pond, the US securities regulators have already launched an investigation into the Celsius freeze. Similarly, the Law Commission, a British statutory body, have published proposals for law reforms on digital assets which, in the words of the Law Commissioner for Commercial and Common Law, Professor Sarah Green, “aim to create a strong legal framework that offers greater consistency and protection for users and promotes an environment that is able to encourage further technological innovation”.

With both nations seeking solutions, UK and US regulators met recently to discuss crypto regulations, particularly, “crypto-asset regulation and recent market developments, including those in relation to stablecoins, and the exploration of central bank digital currencies (CBDCs)”.

With the current clearly moving towards regulation, the web3 ecosystem is naturally wondering:

What Will Regulation Look Like?

Whilst we cannot be certain of what an eventual web3 regulatory framework will look like, the European Union’s recent MiCA bill points to regulations on stablecoins and the classification of crypto assets, as well as introducing KYC and AML checks into the space.

The prospect of government regulation in web3 is a divisive topic in the crypto community. Some welcome the stabilizing force of regulation in what has been a tumultuous space (to say the least), whilst others see any regulations as compromising an essential feature of cryptocurrencies.

Indeed, given the current onslaught of the bear market, the catastrophic losses suffered by retail investors, and the routine attacks perpetrated by hackers and bad actors, it is perhaps no wonder that regulatory bodies are becoming keener to intervene in web3.

As a case in point, the Bank of England’s deputy governor for financial stability, Sir Jon Cunliffe encouraged regulators to “get on with the job”, stating that “the interesting question for regulators is not what will happen next to the value of crypto assets, but what do we need to do to ensure that … prospective innovation … can happen without giving rise to increasing and potentially systemic risks”.

The View from Web3 Security

Wherever you stand on regulation, there are some clear points of alignment between the aims of regulation, and the aims of those who want a more prosperous web3, and this alignment maps neatly onto what has become an essential sector within the web3 ecosystem: web3 security.

Ultimately, both stability and user protection should be a priority for leaders in the space regardless of regulation, and web3 projects should act now to restore user confidence in the market rather than wait and rely on regulators. Projects that anticipate regulation in this way will be better insulated from any potential fallout caused by it.

To that end, web3 security companies are working to ensure a web3 ecosystem that ensures stability, trust and user protections, whilst fostering anonymity, the free flow of trade, growth, and innovation that has made web3 such a revolutionary industry.

For the regulations that stipulate KYC checks to combat the negative fallout from crypto’s culture of anonymity, some security companies are anticipating the checks by offering KYC verification for project teams.

In doing so, it works to combat some of the most disastrous consequences of anonymity – namely, the lack of accountability around project teams that allows for high-risk behaviors such as rugpulls and exit scams.

The uses of such checks are highlighted when applied to the recent UST crash, where it was revealed that the stablecoin’s founder Do Kwon was in fact one of the pseudonymous founders of another previously failed stablecoin, Basis Cash.

Had KYC verifications been a norm throughout all web3 projects, users would have been able to make more informed decisions. Furthermore, the disruption caused by this information being revealed at such a delicate time may have saved both investors, and the wider web3 ecosystem, from some of the pain born out of Terra’s collapse.

Regulators will look at the scale of losses as cause for intervention, and any regulatory framework will likely include measures that better prevent hackers and scammers from exploiting investors. On this point, regulators and the web3 security industry have the same goal in mind: securing the web3 ecosystem. To that end, security companies are developing a diverse stack of tools that provide web3 projects with end-to-end security.

This begins with third-party security audits, which provide line-by-line analysis of a project’s code, flag attack vectors and errors, and provide recommendations on how to proceed. Auditing plays a key role in defining risk to a crypto project, a term widely anticipated with crypto but hard to define by regulators.

In addition to this, blockchain analytics tools help projects stay on top of on-chain activity after they launch. This allows them to better anticipate and respond to attacks.

Wallet visualization tools, in particular, allow projects to track the flow of funds after an attack, which helps hold hackers accountable by tying their identities to their attacks. From a regulatory perspective, checks and analytics provided outside of regulatory bodies can also help address insider trading within the web3 ecosystem, which has become a growing topic of concern for both regulators and the web3 community in recent months.

Web3 Security: A Pillar of Regulations and Standards

The when and how of regulators’ eventual intervention into web3 is still in question. Yet regardless of how such regulation will look, web3 projects can better anticipate any regulatory framework by working to secure and stabilize the web3 ecosystem in the here and now.

They do this by making web3 security a vital pillar of any web3 project, and ensuring that any developments in the space are matched by a growing web3 security sector that can support it. Doing so will not only help insulate against any upheaval caused by regulation, they will also better pave the way for mass adoption and ensure that web3 becomes the essential global infrastructure that it has the potential to be.

By Ronghui Gu, CEO and Co-Founder of CertiK.

Guest Contributor
Guest Contributor
Follow on Twitter @eWeekUK

Popular Articles