By Ruben Merre, Co-Founder and CEO of NGRAVE
At the advent of Web1, online security for individual web users was a significantly less pertinent issue than it is today. Web1, or the read-only web, undoubtedly opened up certain individuals to hacks, phishing, and data breaches; however, due to the lack of accessible personal data, these incidents were substantially less harmful than what was to come afterward.
Web2 saw a gargantuan influx of personal data into the internet sphere, opening individuals up to a ream of new vulnerabilities, from the leaking of sensitive personal information to the dissemination of banking details. By incorporating payment processors, the likelihood of financial loss due to a data breach became significantly higher for all users. Today, with the arrival of the metaverse and the spread of Web3 technologies, the ballgame has shifted. The threats to users are greater than ever, but there is much we can learn from the iterations of the internet that came before Web3.
In October 2021, on the day of Facebook's corporate rebrand to Meta, a quick database search shows that there was a 236% uptick in mentions of the word ‘metaverse’, as opposed to the same day one month before. While the spike in Google searches can be put down to sheer curiosity, the metaverse has actually been a key theme within the crypto world for some time already. As opposed to Facebook’s proprietary metaverse, the decentralised and open metaverse gives users full control of their identity and any value they create in-world. This occurs predominantly through crypto wallets, which allow users to securely store their holdings, data, or NFTs, to name a few. However, the emergence of every new technology brings substantial risks. Now, it is not just our personal data or financial data that is at risk: it is both our personal data and financial data, as well as our digital assets.
With so much at stake, security must be front and center as real, online, and virtual worlds increasingly collide. Luminaries that are paving the path forward for the future of Web3 must learn from the grave mistakes made by Web1 and Web2 leaders. We now have the technology and the tools to not only ensure that security is a priority but to hard-encode it into all Web3 processes.
As of 2021, phishing scams, which have been prevalent in Web2 since its inception, had nearly quadrupled over the previous six years, costing large US companies an average of $14.8 million annually. In a Web3 world, phishing scams can become significantly more dangerous. If a scammer steals money from your traditional bank account, there is a high likelihood that a bank will reimburse you for the stolen funds, or launch an exhaustive investigation at the very least. In Web3, these guarantees are not afforded to all crypto holders, and as such, all funds can be lost with no guarantee of reimbursement. This places the onus on crypto holders to ensure they have the highest level of security that can be afforded to them.
Hot wallets are online by default, which makes them vulnerable to scams. Without a wallet seed, the failsafe for recovering a wallet, everything you create and own in the metaverse could be lost. Browser wallets play an important function in the metaverse; in Decentraland, for example, users without a linked hot wallet are unable to access full, customisable accounts, and must play as guests. However, hot wallets are a point of weakness. Throughout all virtual worlds, hackers are preying on inexperienced newcomers, employing the scams that Web2 users have become all too familiar with.
Users can mitigate this risk by taking the additional step of connecting a MetaMask or online wallet to a cold wallet; removing the connectivity of assets to the vulnerabilities presented by access to the digital world. Users can also stay safe in the metaverse by following some of the basic guidelines of Web2, such as avoiding clicking on unknown links or pop ups, and keeping general online security as tight as possible. As with all new technologies, knowledge is power. Accessing educational resources is key, and this could not be more important when it comes to engaging with the metaverse.
Placing security at its core will be essential if the metaverse is to reach its full potential. However, the onus cannot be placed on the individual alone. As with all nascent technologies, there is an educational responsibility on developers and industry professionals to ensure that potential users, policymakers, and enterprises are aware of the risks, and equipped as well as possible to navigate them. If the metaverse is to become as omnipotent as it has the potential to be, the security of assets, data, and information as well as cohesive, effective content moderation practices will need to be even greater than they were in Web2.
Now, during the foundational building process of Web3, is the time to hard-code these protections, not retroactively. Trust in the metaverse is of utmost importance in order to secure its future success. This can only be achieved by righting the wrongs of former iterations of the internet as early as possible, and by developing solutions that are designed to never compromise on security.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.