Securing the Metaverse — Taking the Wild West Out of Web3 Financials
by Beata Klein and Sabina Wizander
625 MUSD (or 173,600 Eth + 25.5 million in USDC) stolen.
Being a part of the Web3 financial system today is equal parts exciting and terrifying. This is something the Axie Infinity community learned the hard way last week with the Ronin bridge hack. Fortunately, the Axie community is a strong one and they will get through this.
At the same time, we see equally clever, if not more clever, individuals building for the good in this space. And they are spurred by the chance to add something new, with the potential monetary upside if they are successful.
We have previously written about the Metaverse from the perspective of interface and time. In this piece we want to take you on a journey throughout the resource layer , asking what makes up the basis for trade and ownership in a digital environment, and how we can keep these assets safe.
Why Web3 and Creators are a Match
While Web2 was great in allowing us to instantly distribute information, connect, and communicate at zero marginal cost, it also produced highly centralized structures as a byproduct. It goes without saying that the digital platforms of Web2 became immensely powerful and increasingly set up ‘the rules of the game’ in their own interest, e.g. by changing underlying service terms at will, with often dramatic consequences for small and medium-sized creators.
Web3 is a direct reaction to these problems, aiming to shift power from network orchestrators back to the initial value creators. In Web3 the core idea is that ownership is decentralized and driven by a tightly-knit community that strongly believes in these advantages. It gives power back to the creator and his/hers community both for ownership but also for reward.
Our Digital Identities
We believe that enabling creators (developers, designers, artists etc.) to better take charge of their own content and revenue through digital scarcity will be instrumental in the shift to strengthening our digital identities.
Recall the definition we had set for ourselves of the Metaverse, as:
“the moment in time where our digital life is worth more to us than our physical life” — Shaan Puri
So when comes the inflection point when our digital identity is worth more than our physical one? A partial answer to that is when our online assets are worth more as status markers than our physical ones.
If we look at the evolution of valuable assets, it has deviated throughout time. The value a certain asset holds is largely defined by a social agreement between individuals that it could be exchanged for that value.
If previously it was the red tie, the expensive watch or the fast car, now we see celebrities such as Justin Bieber buying his way into the Bored Ape Yacht Club via his 1.3 MUSD purchase of Bored Ape #3001. Or displaying your wallet address in your Twitter profile as a way to show your commitment to Web3.
In any case, in order to transition to the Metaverse “point in time”, we need assets that people are interested in buying, we need to have a functioning social agreement around value, and we need to have a system that enables trades, safekeeping, and prevent theft.
In this piece we will discuss these requirements from two different perspectives:
- The Web3 Asset Layer;
- Safeguarding and storing Web3 Assets
The Web3 Asset Layer
For creators, it is an obvious advantage to leverage the power of decentralization. It enables them to monetize by launching tokens or NFTs, giving fans a way to ‘invest’ in them while also gaining benefits like early access to premium content.
The initial value creator will naturally benefit most from the creations but can also choose to share the further upside with fans by giving ownership rights to token holders. Ownership also incentivizes each community member to drive engagement and improve the overall community.
More companies building out the asset layer are popping up all the time:
Asset creation. This category shows the interaction between creators and Web3 by enabling individuals to create and monetize their content across a variety of verticals such as music (Anotherblock), sports (Liquidi Team), art (DoinGud), and many more.
Asset marketplaces. Once the individual creations have been minted, they can be traded across specialized and general asset marketplaces, such as La Collection or Mintbase, which are supported by a variety of infrastructure tools providing compliance or helping with on-chain custody and distribution.
Social money and community incentives. Melon, for instance, allows creators to launch their DAOs as a way to build a community for their fans and enable them access through holding NFTs of the creator's work.
Safeguarding and Storing Web3 Assets
We started this article by mentioning the recent Ronin Hack. This instance is by no means an event in isolation. Since the start of this year, tokens, stablecoins, and NFTs have been exploited for a total value of over 1 BUSD.
At the same time, Open Sea admits that more than 80% of the assets created for free on the platform are fraud or spam. Other popular platforms, such as Cent, have decided to completely close down their NFT marketplace due to rampant fraud. There seems to be a problem.
But, you might ask: isn’t the core idea around smart contracts and blockchain inherently safe? Well, the answer is yes and no. The problem is not the fundamental theory but the implementation. Like most cases where humans write the code, there will be flaws that can be exploited.
This technology brings another challenge to the table. As opposed to Web2, where transactions can be reversed, the normal state in Web3 is that transactions cannot be changed once performed. This means systems need to be built securely, or there needs to be more proactivity in identifying a threat before the transaction takes place at all.
Below we will go through some of the companies working in this direction:
Protection & Insurance. This category is one of the most interesting. Venture funding has been relatively limited but last year reached 1 BUSD. Companies such as Hacken provide audits by checking the code before it is released. If something ultimately goes wrong, companies such as Chainanalysis can help investigate what happened. We think a lot more will happen in this space in the coming years.
Safekeeping. There are both physical and digital means of storage. French company Ledger is in the former and our portfolio company Argent in the latter. For the individual token or non-fungible token holder, having a good setup is crucial.
Developer Tools. Fundamentally allowing more companies to build and access Web3 capabilities should be a good thing. Despite that, many of the companies in this category have been under scrutiny for being centralized (read Jack Dorsey’s tweet, Moxie Marlinspike's article, and Dror Poleg’s response to both of them). Regardless these larger platforms and how they tackle security with other stakeholders are key to the future development of the space.
Making the Wild West a Little Saner
In this piece, we have so far covered the ways to create assets and keep them safe on the financial layer supporting the Metaverse.
Even though Web3 proponents dislike the phrase “It is still early days”… it still is early days. If we look back at the first years of Web1 and Web2 the security tooling was rudimentary at best. When Netscape tested the first version of SSL it was so bad that computer scientists could hack it in 10 minutes. Subsequent versions however became much better and became the core of securing the web. We think we are still just experiencing the first version of Web3.
We have identified a few areas where we would like to see more being made in order to create a more robust Metaverse:
- Proactive security: The Ronin exploit took 6 days before the news was revealed. We need tools that can identify hacks early on and allow companies to take action (read more about Forta if you think it sounds interesting.)
- Security first solutions: Many of the recent hacks are smart contract bugs. But we have also seen more attacks based on more traditional social engineering, showing security design issues rather than a specific software vulnerability. In the current gold rush, when things happen quickly, remembering to design with a security-first mindset is key.
- World-class curation: A case where 80% of uploaded assets on OpenSea are fraud or spam is not sustainable in the long term. We need solutions that can not only moderate in the 2D world of NFTs but also when it comes to keeping offensive behavior away from any Metaverse interface.
The good thing is, that the more valuable our digital assets become, the more time we will spend creating solutions to keep them safe.
Should we chat?
Ultimately despite the hype, the rug pulls, and the bridge exploits we are still very excited about what Web3 has to offer. At the end of the day, our thinking is that as long as there are intelligent people flocking to an ecosystem eager to build there will be great products coming out of it. We have already backed some great products in the Web3 space and are eager to back more of them!
Below is our full market map from our two posts on the Metaverse. If you are missing your company name on the market map. Let us know: here, here, or here.
Created with the help of Marco Soworka
Related reading:
Part 1: Populating the Metaverse
