Next year is going to be a big year for building in technology.
While the investment side of coin struggles to repair grotesque violations of trust in centralized finance, the tech side must focus more on improving user safety.
The issue needs to be addressed more than ever, and the work has already started. Peer-to-Peer (P2P) transactions are possible with the help of the internet. Any work to improve this is a positive trend that will have profound beneficial and lasting impacts.
The senior counsel and director of global regulatory matters at ConsenSys Software Inc. is Bill Hughes.
The lesson to be taken away from FTX and other CeFi debacles is not just that the digital asset investment stuff should have been regulated yesterday. Disintegrating transactions using software on global peer-to-peer networks could be a way to avoid these sorts of failures. Defi could fix this.
The problem with that argument is that the risk profile of DeFi is very different from that of Cefi. For middleman-less finance to succeed, protocols must be safe. If its risk profile is low enough for the average person to feel safe using it, DeFi will fix things.
The tech has yet to catch up to many of the threats that DeFi users face today. Bad actors have many attacks. Some are walking away in disgust, fear and financial ruin because of the news of splashy exploits and scam. Many more never become users due to the difficulties and risks.
It is said that Jeff Bezos’ success with Amazon was down to his realization that it was all about the customer. Builders will have to start thinking about the user in the future.
Developers have focused on making the technology work with it being still very early in the game. With more to come they have made great strides in this regard. Nobody should be criticized for putting the horse before the cart.
Making the tech work isn’t the only concern. The user experience within the system is important, and a big part of that is how safe it is. It isn’t safe enough.
Putting aside the fact that a technological paradigm shift requires patience and an appetite for trial and error, leaving each user to brave on-chain risks alone will mean almost no one will show up.
Users need to be aware of what is happening. smart contracts are deployed by scammers. They use email, social media and direct messages. Front-end user interfaces will be spoofed. There are serious challenges posed by these threats.
Understanding them is the first step in fighting the common scam. User interface like MetaMask and other software wallets play a big role here, both by providing insights into the transactions users are engaging in and designing ways to prevent fraud.
A token allowance attack is a common attack. This is where a fake contract is created so that a user approves unlimited control over their funds when they execute a transaction. The user’s funds can be stolen by the owner of the malicious address. There are very similar attacks on non-fungible token.
wallets is working on ways to tell users in real time what approvals they are being asked to sign. The value proposition of companies that focus on anti-phishing and pre-transaction fraud detection will be unmistakable in 2023.
Despite the best efforts of the community and institutions, the general understanding of how to stay safe is not very good. A high-effort, low return endeavor is the use of Blogs, FAQ, and other means. The lessons are voluntary and don’t impact actual behavior.
Improving safety is dependent on how and when you educate. Techcryptocurrencies are working on ways to supplement general education with mechanisms to better inform users about specific transaction risks in real time.
Security service providers are one approach. The third parties that are experts on the threats targeting their particular communities include platforms, DAO, and even CeFi operators. They gather real-time intelligence about attacks on their communities, which they are already incentivized to do.
It is possible that your favorite platforms could warn you of a threat. The pop ups that read “what your security provider says about this transaction” can inform people before they do a risky transaction. If people allow their wallet to receive these messages, these systems will be effective.
Social media has become a breeding ground for these scam artists. Tech crypto is exploring novel ways to help users identify scam in real time, but it should do more to stop frauds.
The teams behind MetaMask and Laconic have collaborated on a new initiative to protect their users. The community of reporters that are cultivated by this project are those who identify and aggregate scam. Information can be built into applications to help prevent users from getting suckered.
These criminals are criminals and real-world law and order should play a part. Phishing operations have become more entwined with international criminal organizations. Many of us are sick and tired of simply playing defense, so we should embrace a collaboration between traditional law enforcement and the digital world.
We should see more scrutiny of the risks presented by the tech in the years to come. Improvement to the private key would increase user safety.
Private keys and secret recovery phrases have always been a user safety concern, and will get more warnings and protections in 2023. Further integrations of software wallet with different hardware wallet cold storage solutions will make it harder for criminals to access a victim’s funds.
Multi-party computation (MPC) will be built beyond these measures and towards solutions. Multi-factor authentication involves splitting a user’s key between a local wallet and a signing server, which is an example of it. When a transaction needs to be signed, the shards would work together to guard against a loss of funds.
There will be more debate about concepts such as account abstraction in the future. Vitalik Buterin, co-founder of ethereum, describes account abstraction as updating the software to make all addresses readable. This will allow for more options to be explored to safeguard wallet and improve recovery of lost or stolen funds.
The chorus of voices calling for account abstraction is growing. The arguments for it are getting more compelling. That is likely to accelerate in the future.
The community of tech crypto developers has an impact on user safety. There is a way of engineering the software. Incremental change, auditability and reliability have been articulated to some extent, but they must be expanded, refined and more widely embraced.
When a smart contract has explicit financial applications, smart contract security auditing should be expanded and become more regular. If the ecosystem is going to make honest assessments of its progress, Analyses like Solidus Labs’ recent ” Rug Pull Report” are sorely needed.
It is important for the community to think about whether to laugh off incidents where a developer hurts users.
Investing in projects that prioritize user safety should be prioritized by venture capital and other investors during the winter. If they are truly in it for the technology. It could be a good investment strategy.
There is a due diligence list for things like responsible development principles and audits. Requiring these elements as table stakes for making an investment will help identify good founders andprojects, good founders who are focusing on safety, and incentive markets towards more sustainable and safer building practices.
The most important point is that if we don’t prioritize safety, regulators will take care of us. There are a lot of things that are more certain.
There will be more movement out of consumer protection policymakers. The fire is at CeFi, so they will first attend there. Regulators will determine what rules are needed to better protect P2P network users if people are still getting hurt frequently in the space.
For-profit software developers may be the only ones who will be subject to those rules. Regulators may simply say that it is all too dangerous and write rules that restrict users. We aren’t sure, necessarily. If user safety does not improve as adoption increases, then P2P networks and the apps on them will be regulated by investor and/or consumer protection authorities.
Because regulators are unlikely to know how to help without degrading innovation or user choice, and because consumer protection enforcers, state Attorneys General in particular, have incredibly broad powers to hold service providers accountable for user injuries, this is concerning. It is better to get the house in order than it is to let the regulators do it.
If it is safe for everyday people to use, the P2P system will flourish. We can get there, but not yet. The space with the most dramatic adoption will be built by those builders who make user safety a priority. The builders will be in charge.