by Cliff Stacy & Editorial Team
May 24, 2023
The art of self regulation in web3
Bad actors will always do bad things. Here’s how to get ahead of them and protect yourself.
It shouldn’t surprise anyone that bad actors are having their cybercrime moment. But web3, not web2, is gaining a reputation as a particularly unsafe environment. Compounding this challenge, technology is evolving faster than the global regulatory landscape. Things like web3 can feel like the wild west sometimes.
At some point, the regulatory picture will become clearer; it will just take time. In the meantime, it’s up to individuals to self-define standards for governance and what constitutes ethical conduct. That’s a big vision with a lot of complexities. Here are some steps that we can all consider in our thinking.
Step 1: Recognize that worst case scenarios hit harder on web3
That’s a fundamental flaw of the blockchain-powered internet right now.
In web2, hacks are temporary in nature, writes Shubham Pandey in an article for BeInCrypto. That means, in a worst case scenario, people risk personal information like names, addresses, and credit card numbers.
To counter a data exploit someone can implement a credit freeze and change their account number. Banking institutions also have insurance policies to protect account holders.
With web3, people (and companies) have less recourse in large part because the foundational premise of web3 is self-sovereign ownership in the digital world. There’s no backstop. In the event of a web3 hack or exploit, people permanently lose possession and control of their assets. Consider the following scenarios:
- A company hosts an NFT drop. Bad actors decide to run a phishing campaign using the company’s brand. Through social engineering, users may reveal their secret recovery phrase to the bad actors who then steal assets like cryptocurrencies and NFTs from user wallets.
- Funds can be intercepted by malicious parties who sweep a network, assigning a script to users’ wallets and intervening with new transactions.
- Scammers take over a user’s identity mid-transaction through a process called clipboard hacking.
There’s a lot more that can go wrong, without a clear chain of liability for who’s ultimately responsible for data protection.
“You are best off in web3 by simply avoiding situations that place your wallet’s contents at risk,” writes Joel Willmore for Consensys.
With this context in mind, de-risking is key.
Step 2: Focus on bottom-up education
Remember that web3 is built on creativity and people, not machines. Michael Pierce, Co-founder and CEO of NotCommon, emphasized in an article for NASDAQ that educating users will ultimately keep them safer in the long run.
“Thinking from the bottom up, implementing good hygiene in web3 should start with the user,” he writes.
“Whether web-savvy or utterly new to the space, properly onboarding individuals is critical to creating a positive and beneficial web3 experience. Education can start with simply teaching users about best security practices, like using a minting wallet, hardware wallet and proper crypto wallet hygiene, regardless of their activities.”
This perspective is especially important for major brands launching NFTs, particularly because the regulatory picture — and chain of liability — isn’t exactly clear.
More practically, fewer problems are likely to arise if people are aware of the various threats out there.
Step 3: Test privately before launching anything publicly
The entire premise of web3 is that it’s decentralized, such that there is no central authority that controls or regulates the conduct of software builders and market participants. It’s the wild west of the internet. So if you’re launching an NFT project, it’s up to you to implement systems that prioritize a project’s integrity.
Recently, there has been a trend of people rushing their NFT projects to market from public testnets to mainnet, while omitting critical steps around smart contract simulation and auditing. Under this scenario, what ends up happening is:
(1) NFT project owners risk losing millions of dollars due to bugs that can’t be solved after launch;
(2) Organizations fail to maintain a proper audit trail for regulators; and
(3) Project owners leak critical IP and proprietary data within public environments, which exposes them to front running and the potential for copycats.
A confidential, auditable environment is necessary for NFT project builders, particularly those building on behalf of large organizations, to implement greater precautions and protections. At the end of the day, the long-term viability of web3 depends on the actions that project owners choose to take now. It’s a good idea to build things right, without cutting corners.
Precautions go a long way
Yep, that’s what it’s all about. If web3 truly is the new internet that we hope will come to fruition, it’s up to the builders to make common sense decisions.
While we wait for a regulatory framework for web3, we can make smarter product testing and communications decisions on a day-to-day basis. It’s in all of our best interests to self-regulate. After all, life is better with fewer scams, fewer lawsuits, and better conditions that promote trust and safety.
Contributors Statement
This work was a collaboration between the nameless editorial team. August Wang and Cliff Stacy contributed to the story.
Disclosure statement
Copyright © 2023 nft42, Inc. All Rights Reserved. This material is for informational purposes only, and is not offered or intended to be used or relied upon as investment, accounting, financial, legal, or tax advice, or advice of any kind. The material is not an endorsement of any particular company, project or token. The material herein represents the opinions of the author(s) at the time of writing, and does not necessarily reflect the views of the publisher or editor. nft42, Inc. makes no warranties, express or implied, as to the accuracy, completeness, or timeliness of the information contained in the material. By using this website, you agree to the Terms of Use and Privacy Policy. If you have any questions, please contact us using the information provided in those documents.