KEY POINTS
- A recent paper showed that consumer lawsuits are increasingly 'creative' in their claims against Web3 firms
- Such creativity stems from higher expectations from Web3 players since security technology is evolving
- 'What was once considered 'proactive' may now be seen as the bare minimum': Blockaid
- Blockaid focuses on prevention over reaction, offering solutions for multi-layered security capabilities
Web3 firms and platforms face heightened risk from consumer lawsuits due to exploits and fraud within the space as consumers' expectations regarding security reach new highs.
A recent paper published on Bloomberg Law revealed how "plaintiffs' lawyers are showing expected creativity in the types of claims they bring" against blockchain and cryptocurrency firms. The paper noted that such creativity was triggered by increased regulatory enforcement and scrutiny due to security incidents in the industry.
Consumer Lawsuits Pick on Web3's 'Achilles Heel'
Several lawsuits against Web3 firms and platforms have focused on the known "Achilles heel" of the industry: negligence. The said sticking point is what led Binance's Changpeng Zhao to step down from his CEO position and get jail time to avoid the ultimate collapse of the crypto empire he built.
The joint paper from Cravath Swaine & Moore and Variant researchers noted that for platforms to select which security solutions and measures to implement, they should "be mindful of the potential liability they face from private and governmental actors following a cybersecurity-related exploit."
In some cases, plaintiffs claim that defendants had a duty to remedy vulnerabilities in their systems. In other cases, plaintiffs argued that protocols or crypto platforms should have known their systems had inadequate security measures, regardless if they were made aware of such lacking mitigating tools by sleuths or not.
Web3's increasing liability exposure also boil down to increased expectations by consumers – expectations that crypto and blockchain platforms should be committed to security now more than ever.
In an exclusive with International Business Times, the team behind Web3 security company Blockaid, shared their thoughts on the paper, noting that it highlighted how Web3 security is all about striking a balance between ensuring consumer protection and protecting company interests from litigation by employing the necessary tools for increased security.
Multiple Liability Fronts and Heightened Regulatory Attention
Blockaid said the paper provides Web3 platforms with a deeper look into the evolving liability landscape dedicated to the emerging industry. Companies in the space are now faced with multiple liability fronts such as negligence claims, securities laws violations, breach of contract, and more.
Regulatory agencies such as the U.S. Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) are also increasingly paying attention to the sector. A recent study showed that this year alone, the SEC levied a staggering $4.68 billion in fines against crypto firms and individuals in the digital assets space.
A Higher Bar for Security Standards
Apart from regulation and financial consequences that come with regulatory violations, there is growing awareness among consumers in the Web3 space.
Improvements around security technology are improving, automatically making consumers and users raise their expectations regarding cybersecurity standards, Blockaid said. Legal standards of care are also evolving, highlighting the need for Web3 companies to become even more dedicated to improving their security measures.
"Companies in the sector should indeed strengthen their security measures, not only to protect users but also to mitigate their own legal and financial risks," the Blockaid team said.
Is Proactivity Enough?
Many security firms are urging companies to be "proactive" in security. However, the paper emphasized that even as security tools improve and companies establish certain security measures, there is a gap due to the evolution of threat actors.
"This suggests that what was once considered 'proactive' may now be seen as the bare minimum. The evolving standards mean that Web3 platforms need to continuously update and improve their security measures," Blockaid pointed out.
What Measures Should Web3 Platforms Take to Improve Security and Ensure Compliance?
For Blockaid, it is important for all blockchain and crypto firms to implement multi-layered measures to protect consumer funds and prevent liability that may stem from both compliance issues and cybercrime activity.
- Implement proactive security solutions: Tools like Blockaid can help identify and prevent malicious activities before they cause harm. The paper mentioned Blockaid as a security tool that can help Web3 platforms identify malicious activity. MetaMask has integrated the security tool to provide alerts for dApps, while Coinbase Wallet quietly integrated the tool last year.
- Regular security audits: Thorough audits can help platforms identify and address potential weaknesses.
- Robust governance and compliance procedures: Adequate and regularly updated governance and compliance procedures will help Web3 platforms keep up with the evolving regulatory and legal landscape.
- Risk-based cybersecurity programs: Such programs are necessary to ensure strengthened systems.
- Incident response plans: Having a well-defined incident response plan can help platforms detect incidents promptly and report accurately, which is crucial for regulatory compliance and mitigating legal risks.
- User education and warnings: Users should be given clear warnings and educational materials so companies can at least argue that they've taken reasonable steps in relation to user education when faced with such legal claims.
- Careful representation of security measures: Companies shouldn't make vague claims about security without having the technical solutions to back them up.
- Continuous monitoring and improvement: Given the evolving nature of threats and security standards, platforms should continuously monitor for new vulnerabilities and improve their security measures.
- Compliance with regulatory requirements: Web3 platforms should stay abreast and comply with regulatory requirements, such as the SEC's cybersecurity disclosure rules for public companies.
- Integration of both on-chain and off-chain security measures: When planning security strategies, Web3 firms should always consider both on-chain and off-chain vulnerabilities.
Trust is critical for many consumers, and it is related to the low levels of mass adoption in Web3, Blockaid noted. In this regard, Web3 firms should "implement, audit, and constantly evolve their security postures to keep the entire ecosystem safe."
Blockaid also emphasized the importance of having a strong security system from the get go – not after a security incident has taken place or after an exploit has already made users pay the price.
Blockaid's Role in Security for Consumer Protection and Liability Prevention
As threats from both the Web2 and Web3 spaces increase, Blockaid is on a mission to provide proactive technology that monitors, detects, and responds to a wide variety of threats in real-time.
"The problem we saw with the first generation of security tools for Web3 was that they are fundamentally reactive. They require successful attacks before they begin protecting users. With direct access to capital on Web3, we believe the stakes are too high to respond after users and companies have already been impacted," the Blockaid team reiterated.
With a focus on prevention instead of reaction, Blockaid offers proactive scanning that allows blockchain and crypto firms to proactively scan for malicious actors – a crucial aspect of preventing exploits before they occur.
The tool also provides comprehensive threat detection through the use of both on-chain and off-chain data, as well as transaction simulation, which warns users of potential dangers before they sign smart contract transactions.
Finally, Blockaid provides token differentiation, which enables firms to differentiate between legitimate and potentially fake tokens.
By providing Web3 platforms with a host of security capabilities, Blockaid is playing a crucial role in helping Web3 meet the evolving standards of customer protection and legal risk mitigation.