By Trevor Traina, Founder and CEO of Kresus
You are reading these words because our planet orbits the sun at just the right distance so as not to fry or freeze us. Our planet is perfectly balanced for life to thrive. And within that world, many other forces exist in a state of optimal balance: light and dark, tropical and polar, terrestrial and aquatic.
The same is true when it comes to designing blockchain systems. Their most powerful forces must be balanced in such a way that one cannot usurp the other. Security should be as high as possible, but this must be balanced with the need to maintain sufficient decentralization. Network fees should be low, but not so low as to induce spam attacks.
Finding that Goldilocks zone, the place where conditions are right, is both an ideological and technological challenge. After all, blockchain systems are ultimately designed and used by people who are only as strong as their weakest link. Web3 systems must walk the line between being optimized for security and for decentralization. It's a delicate balancing act that gets to the very heart of what makes blockchain valuable.
Too much decentralization can kill you
There is too much freedom, which is why societies have laws and moral codes to regulate the worst excesses of human behavior. When it comes to Web3, it is equally possible to have too much freedom (i.e. decentralization) in the form of systems that have no recourse for worst-case scenarios:
- A team member loses their multi-signature key
- A user loses access to their wallet
- Tokens are sent to the wrong address.
- Coding error leaves funds locked in smart contract
- Assets are stolen through an exploit
These are all “bad things” by Web3 standards, but they happen every day. As new users enter the space, the number of victims of phishing attacks, front-end injections, wallet poisoning, and other exploits will continue to increase. Attackers are becoming more sophisticated, while each wave of Web3 users remains as vulnerable as the last.
Recently, scammers used wallet drains on Google and X ads to crypto-what-is-it/articleshow/106261957.cms” data-wpel-link=”external” target=”_blank”>steal digital assets valued close to 60 million dollars. Meanwhile, in July, four separate purse thieves were reported to have stolen nearly $65 million since the beginning of 2023.
If a society is given too much freedom, some of its members will steal, assault and hurt, drive at high speeds, and engage in other risky behaviors. If Web3 users are given too much decentralization, some will get hacked, lose access to their wallets, and generally make mistakes.
Freedom in the real world is hindered by security: police forces and security cameras. And the freedom of blockchain (decentralization) is also mitigated through security, which must be set at the appropriate level to protect users from the most common errors while preserving the features that make blockchain so powerful:
- Strong purpose of the transaction
- Lack of centralized control
- Support for financial self-sovereignty
Some cryptocurrency users want full control over their assets while still maintaining an undo button if they make a mistake. Others shudder at the idea of non-custodial wallets being “weakened” by provisions like social login, seedless design, and developer-held key shares.
Too much centralization can kill you
You know that saying about pleasing some people some of the time but not all of them all the time? That. When it comes to securing decentralized systems, it is difficult to create a single product that satisfies every type of user. Put too many safeguards in place and hardcore users will abandon you; Force new users to record a seeding line to lose it at their own risk and sooner or later they will become unstuck.
Adding too many centralized levers to a supposedly decentralized protocol risks weakening the foundation that made it strong. Consider an ERC20 token contract that can be updated by its creator. On the one hand, this allows the token parameters to be updated to reflect a change of address. On the other hand, it allows unscrupulous token creators to deceive their operators.
As a result of this dichotomy, DeFi developers must strike a delicate balance between giving users autonomy over their digital assets and ensuring they are not taken advantage of by scammers looking for their next make. crypto wallets need to be more secure, but developers are afraid of overstepping the boundaries of the decentralized wallet they have created.
Opt for ripe fruit
So what is the solution? Well, for starters, developers need to implement security features that can resolve real threats, not theoretical ones. In other words, less “military-grade encryption” and more practical measures to warn users when they are connecting to a phishing site or when they are about to send funds to a known phisher.
A lot of this comes down to better user experience and more common sense on the part of developers. For example, it would be easy to filter out all address poisoning attacks in which a user receives a dust transaction from a “similar” wallet that he has recently interacted with. So why doesn't anyone do it?
Let's focus on thwarting the most common attacks and scams before moving on to address quantum computing threats and theoretical MiTM attacks. Hackers aren't looking for the most difficult exploit imaginable; They go for the easiest and get easy wins whenever possible. DeFi developers should do the same and focus on fixing the most common ways users get rekt.
Security and autonomy don't have to be in conflict with each other: with a little thought, it's possible to have the best of both worlds, combining the power of non-custodial ownership with a web2-level user interface that demystifies it all, from the signing of transactions. to the wallet backup.
Our planet may be perfectly balanced for life to thrive, but the chain environment still has a ways to go. Still, it took Earth millions of years to create a climate that was hospitable to intelligent life. At just 15 years old, blockchain has time on its side.
Author biography
Trevor Traina is the founder and CEO of Watercress, the benchmark Web3 SuperApp that combines a crypto wallet and an nft platform. He is an experienced investor and entrepreneur who co-founded five companies that were acquired by the likes of Microsoft, MasterCard, and Intuit, and served on multiple nonprofit boards, including the San Francisco Museum of Fine Arts and Venetian Heritage, among others. . Trevor served as the United States Ambassador to Austria from 2018 to 2021.
Binance Free $100 (Exclusive): Use this link to sign up and receive $100 free and 10% off fees on Binance Futures for the first month (terms).
<!– ai CONTENT END 1 –>