Web3 Security Roundtable Focuses on Wallets and Custody Technology

Recently, a roundtable forum themed "Web3 Wallet and Custody Security" was held at the Global Web3 and AI Summit. The forum delved into how to build a more secure and scalable Web3 asset protection mechanism from the underlying perspective of hardware and system software.

The guests participating in the discussion included executives and founders from several well-known technology companies. They engaged in in-depth discussions on topics such as the pain points of Web3 user security, advanced custody architecture, and the challenges and breakthroughs of the open-source ecosystem.

The forum host pointed out at the beginning that current discussions on Web3 security often focus on on-chain protocols and smart contracts, while the decisive role of underlying hardware and system architecture is often overlooked. He emphasized that the security of private key custody and Web3 wallet security heavily relies on the security of devices and hardware, but discussions on underlying system and hardware security are not common.

A guest from a large technology company shared the technical architecture of their team in high-security digital asset custody, including partitioning and cold storage signing processes based on EAL5+, as well as an offline signing orchestrator system that supports bank-level custody services.

Another guest approached the issue from a practical perspective, pointing out through examples that the existing custody models "delegated custody" and "self-custody" both expose systemic risks. He further introduced a solution based on "distributed custody" and MPC-TSS technology, emphasizing the application value of a flexible and scalable signing structure for both enterprises and individual users.

A founder focused on open-source technology began by discussing practical challenges, sharing his team's experiences in multi-terminal computing and local security isolation, and calling for the industry to think more systematically about the openness and reliability of the underlying architecture while ensuring user experience.

Experts in hardware security modules (HSM) and key management have analyzed the key bottlenecks and response strategies in current hardware custody solutions. They stated that the hardware trust boundary is crucial when building global digital asset infrastructure.

When discussing the future forms of Web3 Wallets, guests generally believe that composable and modular multi-signature architectures will become mainstream trends, with balancing user experience and security being the core challenge. The host added that financial enterprises have become accustomed to using dedicated hardware for private key and signature management, and relevant security assessments are widely accepted by regulatory agencies. However, these assessments are not specifically designed to verify the security of blockchain signature implementations, so the level of security protection these systems offer for digital assets still needs to be audited by professional blockchain security companies.

Guests expressed a cautious yet optimistic attitude towards the role of open-source software in Web3 hosting. One guest pointed out the legal gaps and market barriers faced by open-source chip design, calling for the industry to advance further in security and transparency. Another guest discussed how to achieve module-level open-source isolation without sacrificing performance from the perspective of operating system-level security.

At the end of the forum, the host concluded that the underlying technology of private key custody and wallets is still evolving, and looks forward to future collaborations that can provide verifiable and user-trusted security solutions.

This roundtable forum aims to promote the establishment and development of Web3 security standards, providing cross-layer collaborative security solutions for developers, enterprises, and regulatory agencies. As regulations become clearer and technology increasingly complex, global cybersecurity practitioners join hands to discuss the future development direction of Web3 security.