Web3 Security Roundtable Focuses on Wallet and Custody Security

Recently, at a global Web3 and AI summit, executives and experts from several well-known technology companies gathered to have an in-depth discussion on the theme of "Web3 Wallet and Accomplice Security." This forum explored how to build a more secure and scalable Web3 asset protection mechanism from the underlying perspective of hardware and system software.

The forum host pointed out at the beginning that current discussions on Web3 security often focus on on-chain protocols and smart contracts, while the decisive role of underlying hardware and system architecture is often overlooked. He emphasized that the security of private key托 and Web3 Wallets heavily depends on the security of devices and hardware, but discussions in this area are not common.

The participants shared insights from their respective professional fields. One expert introduced the partitioning and cold storage signing processes based on EAL5+, as well as how to support bank-grade custody services. Another expert pointed out the systemic risks present in the existing custody models of "entrusted custody" and "self-custody" through case studies, and introduced solutions based on "distributed custody" and MPC-TSS technology.

In terms of open-source technology, experts have shared practical experiences in multi-terminal computing and local security isolation, calling for the industry to systematically consider the openness and trustworthiness of the underlying architecture while ensuring user experience. Another expert, drawing on years of experience in hardware security modules (HSM) and key management, analyzed the current key bottlenecks and response strategies in hardware custody solutions.

Regarding the future form of Web3 Wallets, participating experts generally believe that composable and modular multi-signature architectures will become the mainstream trend, while balancing user experience and security is the core challenge. Some experts pointed out that financial enterprises have become accustomed to using dedicated hardware for private key and signature management, and related security assessments are widely accepted by regulatory agencies. However, these assessments are not specifically designed to verify the security of blockchain signature implementations, so the level of security protection these systems provide for digital assets still needs to be audited by professional blockchain security companies.

Regarding the role of open-source software in Web3 hosting, the attending experts expressed a cautiously optimistic attitude. Some experts pointed out the legal gaps and market barriers faced by open-source chip design, calling for the industry to make further advancements in security and transparency. Other experts discussed how to achieve module-level open-source isolation without sacrificing performance, starting from operating system-level security.

At the end of the forum, the host summarized: "The underlying technology of private key custody and wallets is still evolving. We look forward to providing provable and user-trusted security solutions in the future through collaboration among all parties."

The holding of this roundtable forum reflects the industry's high regard for Web3 security issues. As the regulatory environment becomes increasingly clear and technology continues to grow more complex, industry professionals hope to provide more comprehensive support for developers, businesses, and regulatory agencies through cross-layer collaborative security solutions.