Several risk factors are common in most decentralized applications nowadays. One is a reliance on Web2 software distribution channels such as centralized CDN, DNS and Apple’s App Store. A hacker can hijack the administrator account of a CDN or DNS server and alter the distribution secretly, so the alteration will be discovered only after some portion of the user base downloads the infected version and becomes exposed to the malicious alteration. Such attacks happened with the MyEtherWallet web application, the Enigma ICO campaign and more recently with the Premint NFT platform.
One of the approaches to address the issue is to use technology such as IPFS and Filecoin that make it easier to ensure the integrity and availability of an application. However, it mitigates the abovementioned attack vector only to some degree.
Apple’s App Store is the only distribution channel available for iOS devices, and numerous cases are known when crypto-related mobile applications were denied listing or updates due to internal policies. While this practice is directed to protect iOS users and revenue streams, such a monopoly impedes the development of Web3 applications. However, both US and EU regulators are trying to change the rules of the game.
The development of a Web3-friendly, end-to-end ecosystem that will be a viable alternative to Apple and Google software/hardware ecosystems can be another resolution to the problem. Though it’s extremely difficult to build a competitive alternative, Web3 incumbents like Solana are testing the waters of this endeavor.
Another important issue is that nowadays most Web3 app users access the blockchain data via centralized API like Infura or Alchemy. While this approach removes the cost of running blockchain nodes by end users, it adds another centralization point that can be disruptive to the ecosystem. When Infura API was down in 2022 and 2020, there were major outages across the whole Ethereum ecosystem of wallets and applications.
One of the most popular Web3 wallets, Metamask, uses Infura as a default data provider and has more than 10 million users, and most of them don’t have knowledge of how to change blockchain data provider when needed. In addition to that, Infura can collect and store the IP addresses of end users and link it to their Ethereum addresses. A data leak of this mapping on such a great scale can lead to industry-wide disaster, as revealing IP address history helps thieves locate their victims and conduct physical attacks alongside other possible attacks.
The solution to the problem with a centralized blockchain data layer could be the mainstream adoption of light clients that directly connects the user’s device to a blockchain network and serves as a lightweight analog of blockchain network nodes. This technology is not mature enough to be used in production today, though it is expected to develop rapidly in the near future.
And the major centralization point of cryptocurrencies and Web3 nowadays is the widespread adoption of centralized asset custody. Though it’s much more convenient to purchase and store crypto on a centralized exchange, it exposes users to a set of risks. Due to a lack of regulations, there is no reliable way for users to assess the solvency of a centralized exchange or other financial institution.
Earlier this year, a number of centralized crypto-lending platforms became insolvent due to mismanagement of depositors’ funds and halted withdrawals. In addition to that, centralized exchanges are prominent targets of cyber criminals. According to hedgewithcrypto.com, since 2012 there were 46 instances of crypto thefts of centralized exchanges with a total stolen amount of $2.66 billion at the time of writing.
Self-custody is the main alternative to holding crypto on a centralized exchange.
Even though using a traditional seed phase-based wallet imposes its own set of risks, some self-custody wallets alleviate issues with seed phrases and are more suitable for mainstream users.
Another potential danger lies in the reliance on centralized stablecoins like Tether (USDT). Though such assets are issued on a blockchain, they are issued and controlled by centralized entities. Oftentimes it’s not trivial to assess the underlying reserves of centralized stablecoins even for governmental regulators. Moreover, issuing entities of such stablecoins can freeze the funds of any user at their own will, diminishing the benefits of using cryptocurrency. The risk is amplified by the scale of adoption of centralized stablecoins in the industry and can trigger an industry-wide shock when it occurs.
As the main value prop of Web3 is a decentralized web infrastructure controlled by users, the points of centralization of power outlined above pose a threat to the long-term development of the industry. Though they streamline the development and distribution of Web3 nowadays, it’s crucial for the whole Web3 industry to come up with a decentralized and reliable alternative to ensure the proliferation of the space in the long run.
Alex Bazhanau is the co-founder of Linen Wallet.
This article was published through Cointelegraph Innovation Circle, a vetted organization of senior executives and experts in the blockchain technology industry who are building the future through the power of connections, collaboration and thought leadership. Opinions expressed do not necessarily reflect those of Cointelegraph.