Web3 Security Experts Discuss Wallet and Accomplice Technology Development

Recently, a high-level roundtable forum focusing on "Web3 Wallet and Custody Security" was held at the Global Web3 and AI Summit. Technical experts from companies such as IBM, Crossbar, and DeepComputing gathered to discuss the future development direction of Web3 asset protection mechanisms.

The forum host pointed out at the beginning that current discussions on Web3 security are often focused on on-chain protocols and smart contracts, while the critical role of underlying hardware and system architecture is often overlooked. He emphasized that the security of private key custody and Web3 Wallet security highly depends on the safety of devices and hardware, thus it is necessary to examine this issue from a system-level perspective.

An IBM representative introduced the technical architecture of their team in high-security digital asset custody, including partitioning and cold storage signing processes based on EAL5+. He particularly mentioned an offline signing orchestrator system that provides strong support for bank-level custody services.

The CEO of Crossbar pointed out the systemic risks existing in the current "delegated custody" and "self-custody" models through case analysis. He further elaborated on a new solution based on "distributed custody" and MPC-TSS technology, emphasizing the application value of flexible and scalable signature structures among various users.

The founder of DeepComputing shared his team's practical experience in multi-terminal computing and local security isolation, starting from the actual challenges of open-source technology. He called on the industry to think more systematically about the openness and credibility of the underlying architecture while ensuring user experience.

Another expert, drawing on his extensive experience in hardware security modules (HSM) and key management, provided an in-depth analysis of the key bottlenecks and response strategies in current hardware custody solutions. He emphasized that the importance of hardware trust boundaries cannot be overlooked when constructing a global digital asset infrastructure.

Regarding the future development of Web3 Wallets, the attending experts generally believe that composable and modular multi-signature architectures are likely to become mainstream trends. They unanimously agree that balancing user experience and security will be the core challenge in this process.

The host added that financial enterprises have widely adopted specialized hardware for private key and signature management, and the relevant security assessments have also been recognized by regulatory agencies. However, these assessments are not specifically targeted at the security of blockchain signature implementations, so professional blockchain security audits are still required. He pointed out that "accomplice" is essentially an architectural design issue, and an ideal custody solution should effectively prevent operational errors through system mechanisms while ensuring users have a reasonable degree of operational freedom.

Participants expressed a cautious yet optimistic attitude towards the role of open-source software in Web3 hosting. Experts pointed out the legal gaps and market barriers faced by open-source chip design, calling for the industry to advance further in safety and transparency. Additionally, other experts explored how to achieve module-level open-source isolation without impacting performance, starting from operating system-level security.

At the end of the forum, the host summarized: "The underlying technology of private key custody and wallets is still evolving. We look forward to providing provable and user-trusted security solutions in the future through collaboration from all parties."

This high-level roundtable discussion not only delved into the technical frontiers of Web3 security but also provided an industry platform for promoting the establishment and development of Web3 security standards from a systemic and structured perspective. In an era where the regulatory environment is becoming increasingly clear and the complexity of technology is constantly rising, such cross-border exchanges will undoubtedly provide valuable cross-layer collaborative security solutions for developers, enterprises, and regulatory bodies.