How Should We Regulate Crypto/Web3 Cybersecurity?

Welcome to Part 1 of our Staking Series... Consensus mechanisms serve as the backbone of decentralised networks, ensuring security, efficiency, and trust in the evolving landscape of blockchain technology. In recent years, Proof of Stake (PoS) has emerged as an energy-efficient alternative to Proof of Work (PoW), becoming one of the most widely adopted consensus mechanisms today. Unlike PoW, which relies on computational power, PoS leverages token ownership to validate transactions and secure the network, reducing energy consumption while maintaining security and decentralisation. Staking - A Brief History and Explanation A consensus mechanism is exactly as it sounds - a means of reaching agreement between network participants. In the absence of a centralized intermediary that can review and verify transactions, as well as monitor participants, decentralised networks need to build trust and reach consensus through other means. This is also known as the Byzantine Generals problem. Proof of Work (PoW) was the first widely adopted consensus mechanism, and supports tokens like Bitcoin - it actually originated in the early 1990s as a way of preventing email spam. Miners compete to find a valid cryptographic hash that meets the network’s difficulty target. The first miner to succeed proposes a new block of transactions and if the network verifies the block as valid, it is permanently added to the blockchain. The successful miner receives a block reward (newly minted tokens + transaction fees). PoW makes fraudulent transactions extremely difficult, because it requires huge amounts of computational power to execute a 51% attack (controlling the majority of mining power). However, PoW has faced criticism as the growing number, diversity, and value of PoW networks and their cryptocurrencies have led to a significant increase in computational power demands, reaching levels comparable to those of mid-sized countries. Proof of Stake (PoS) has been developed as an alternative consensus mechanism, aiming to achieve the same level of network security but without such high energy demands. Unlike the outright competition of proof-of-work, proof-of-stake (PoS) uses a different set of incentives to make sure that network participants behave honestly. PoS relies on participants—known as validators—to lock up, or "stake," their tokens in order to propose and validate new blocks. Validators, like miners, provide technology services to the blockchain. They run software to implement the consensus and validation process. They operate infrastructure hardware and software (akin to Internet service providers). Both miners and validators have a critical role in recording information to their respective blockchains and enabling decentralized systems, but they do so differently. Validators are selected based on the size of their stake and other network-specific criteria, rather than engaging in energy-intensive computational puzzles as seen in PoW. The more tokens a participant stakes, the higher their chances of being chosen to validate the next block. However, this selection process is often weighted with additional mechanisms to prevent undue centralization. When a validator is chosen, they are responsible for verifying transactions, adding new blocks to the chain, and ensuring the overall integrity of the network. In return for their services, they receive staking rewards in the form of newly minted tokens and transaction fees.  As shown by the explanations above, PoW and PoS are not actually the core of how validation of transactions and consensus about adding blocks are achieved. Rather, they are the mechanism by which the participants in those activities and the proposers of blocks are permissioned by the network.  This is known as “sybil resistance” because it stops attackers from gaining easy access to these very important functions by imposing a cost to participate.  Validation of transactions and consensus about which block to add next are carried about by the miners and validators who have paid the price of admission through their work or their stake.  Staking market today PoS has demonstrated its ability to strengthen network security while also being significantly more energy efficient. Additionally, unlike PoW which requires significant upfront investment, PoS allows a broader range of participants to contribute to network security. In a PoS system, validators are selected based on the amount of cryptocurrency they stake rather than computational power, which means that individuals and organizations with varying levels of resources can participate without needing expensive mining rigs or access to cheap electricity.  As such, PoS blockchains have evolved quickly over the past few years, accompanied by an increase in staking activity. In Q1 2024, the average staking reward was 10%, translating to annualized staking rewards of $14 billion—up from $4.9 billion in the same quarter of 2023. The total value of staked assets during this period was projected to reach $239 billion. Staking has come a long way, offering a more energy-efficient and accessible alternative to traditional mining. As the market continues to grow, understanding the different models of staking becomes essential for both newcomers and seasoned participants.  So how do different models compare, and what are the trade-offs between them? Stay tuned for our next post, where we’ll break down the various staking models and what they mean for investors, networks, and the broader crypto ecosystem.

Get ready to witness the convergence of global policy minds at the Owl Explains Crypto Summit Presented by Sidley! This isn't just another crypto conference—it's a unique gathering designed to tackle the most pressing policy and regulatory trends in 2025. Set in the vibrant heart of Central London on May 22nd, 2025, this event promises to be the definitive meeting point for decision-makers influencing the future of blockchain and digital assets. The timing couldn't be more critical. With a new US administration setting the tone, the UK crafting its regulatory regime, MiCA implementation rolling out in Europe, and pivotal changes happening in Hong Kong, Korea, South America, and Southeast Asia, the global regulatory landscape is more dynamic than ever. The Owl Explains Crypto Summit is strategically organized alongside the Avalanche Summit London. This isn’t about passively listening to panel after panel—it's about active participation. Our roundtable format encourages interactive dialogues, allowing you to engage directly with experts and peers. Key Topics Include: Tokenization and the Nature of an Asset: Redefining ownership in a digital world. Decentralization and Open Source Code: Balancing innovation with regulation. Infrastructure vs. Intermediary Requirements: Crafting rules that make sense. Stablecoins, Cybersecurity, AI... and so much more! This immersive format ensures that every voice is heard, and no stone is left unturned as we navigate the complex policy terrain of Web3. The summit is set to bring together a diverse group of 200+ policymakers, regulators, academics, and industry practitioners from around the world. This is your chance to connect directly with the very people shaping the policy and regulatory agenda that will influence blockchain's future. 📅 Save the Date: May 22nd, 2025 📍 Location: The Dorchester, London 💌 Contact Us: OEsummit@avalabs.org for sponsorship and speaking opportunities. 🌐 Learn More: Owl Explains | Sidley This summit offers unparalleled opportunities for networking, knowledge exchange, and influencing the next wave of crypto policy. Sponsoring this event is your gateway to connecting directly with global policy shapers and key stakeholders who are setting the regulatory agenda worldwide. Don’t miss out on the premier event that brings together the brightest minds in blockchain policy and regulation. Follow us on Twitter and LinkedIn for the latest updates and insights leading up to the event. Ticketing opens soon. Stay tuned!

As recently as three or four  years ago, if you were a central bank,  financial institution or large enterprise wanting to experiment with blockchain technology, it would be a no-brainer to choose a private, permissioned network. Public permissionless blockchains were - and in many cases still are - viewed as a Wild West of DeFi lawlessness and NFT-driven hedonism. However, the tide is rapidly turning, and in the past couple of years we’ve seen increased interest from banks in building on public blockchain. Even the Bank for International Settlements - the ‘central bank of central banks’ - has started to run projects built on public blockchain!  In this article we’re going to explain what public permissionless blockchains are, the benefits they can bring, and some examples of how financial institutions are already building on them. We’ll then look at why so many people in both the public and private sectors  have historically been inherently against public permissionless blockchains, what’s changing in terms of both technology developments and public perception, and how the barriers previously perceived by regulators and regulated entities are being broken down. But first, let’s start with a few definitions.  What do we mean when we say "public" and "permissionless"? Public blockchains are open and accessible to anyone. Anyone can join the network, view the ledger and validate transactions, without any restrictions. In this respect, they’re fully decentralized and self-governing, and have a high degree of autonomy and resilience.  Permissionless means that there are no gatekeeping requirements associated with access to and participation in the blockchain, and nobody needs special permission in order to join, validate or develop applications on the network.   While these terms often overlap, they are not entirely synonymous. A blockchain can be public but not entirely permissionless if, for example, only authorized nodes can validate transactions (as in some ‘hybrid’ models, like Hedera). Conversely, a permissionless blockchain is typically public, as it relies on open participation to maintain its decentralized ethos. But taken together, these qualities underpin the trustless and open nature of many blockchain systems, enabling broad participation. What are some of the benefits of public permissionless blockchains? Public permissionless blockchains don’t rely  on a central authority exercising power and control to create trust between unknown counterparties. The ‘trust’ in this instance comes from the combination of decentralization, robust consensus mechanisms and economic incentives, cryptographic security, transparency and immutability of public blockchains. This decentralization eliminates single points of failure, making these networks more resilient against outages or cyberattacks. Open access allows global participation, enabling a broad range of developers and institutions to build and integrate applications, driving innovation, liquidity, and diverse use cases through composable ecosystems. Network effects also play a role. The larger and more established a blockchain's user base, the more secure and trustworthy it becomes. This is because a larger network typically has more nodes validating transactions, making attacks less feasible. Public blockchains also often rely on open-source software, allowing the best developers and security experts globally to test, audit and improve the code. This open scrutiny helps identify vulnerabilities and maintain robustness. For the blockchain community, it’s axiomatic that all this is better: safer, more reliable, more universal. Permissioned networks are still great for certain applications, particularly those in which there are a limited number of participants who all need to be on-boarded and known to each other,  implementing a very specific use case and with no need to interact with a broader range of participants or assets. But there’s an increasing recognition of the benefits that public permissionless blockchains bring for asset tokenization: distribution and liquidity, the benefits of a diverse ecosystem, and other network effects.  Why and how are regulated financial institutions starting to use public blockchain? Issue an asset on a private permissioned network and it’s available only for the use case implemented on that network, and to the participants in that network. Issue onto a public permissionless blockchain, and your tokenized asset can be accessible to any participant. It can be exchanged bilaterally between wallet-holders, picked up and integrated into decentralized exchanges or used as collateral in lending protocols.  Users can pay for them in any stablecoins available on the network, or swap them directly for other tokenized assets. It can also be composed with other tokenized assets into use cases and applications that you as an issuer might never have foreseen. It can be bridged onto other public permissionless blockchains and made available to their ecosystems. All of this distribution capability drives greater liquidity and innovation - and that’s evidenced by the growing trend towards tokenized fund issuance on public chains.  A growing recognition of these benefits - alongside all the other benefits of the technology - is fueling more experimentation and a growing cohort of live projects on public chains. Some high-profile examples include: A set of institutional players, including T. Rowe Price Associates, WisdomTree, Wellington Management, and Cumberland, partnering to tokenize assets and build trading and other applications on Avalanche Spruce.  Citi’s FX pricing and execution solution for Project Guardian. Citi’s exploration of tokenized private market funds. Membrane Finance’s launch of the first Mica-compliant Euro stablecoin.   Franklin Templeton’s tokenized money market fund, BENJI.  DTCC’s Digital Asset Launchpad sandbox, as well as its Smart NAV pilot.  JP Morgan’s Kinexys blockchain infrastructure for tokenized investments and cross-border payments.  Standard Chartered and Ant International blockchain-based settlements infrastructure.  What are the regulators’  concerns about public permissionless blockchain? Regulators often start from some assumptions that challenge the benefits or need for public permissionless blockchains. Essentially, because of the way regulation works in the traditional financial sector, this initial mistrust comes out of  how different institutions and parts of the financial, regulatory and technology ecosystems look at the world. They see the words ‘public’ and ‘permissionless’ and conflate these with a lack of control over activities that should be regulated, and an inability to apply concepts like AML and KYC to participants. There’s a clash between worldviews. Are these concerns justified? A public blockchain typically isn’t a single application. It’s a network-based technology platform on which a range of applications and protocols can be built. These protocols themselves can have on-boarding requirements. Permissioning can also be implemented at the token level, so that tokens can only be transferred in accordance with predefined requirements.  Nevertheless, public blockchains are increasingly recognizing the importance and value of supporting different permissioning mechanisms. Multichain blockchains, such as Avalanche and Cosmos, enable the creation of specialized blockchains, sometimes referred to as subnets or app-chains, that can be compliant by design. In these systems, developers can create chains with custom rule sets, execution environments, and governance regimes tailored to their needs. These custom blockchains unlock use cases previously not possible on blockchains with single rule sets, and isolate traffic and data into environments purpose-built for a given use case. They can also be natively interoperable with their mainnets and with other custom chains in the same network, enabling more of a balance to be struck between control and distribution of tokenized assets.  Why go public and permissionless? Just as we don’t try today to control who has access to the internet and who can build on it, regulators and governments don’t need to try to control public blockchains to mitigate potential risks from them. They come with significant, in-built benefits in terms of robustness, security and resilience. Additionally, public and permissionless at the blockchain technology level is not synonymous with public and permissionless at the application level, and this is where regulators should focus their attention. There are many mechanisms available to implement robust compliance at the protocol and token level, while still benefiting from the network effects of a diverse, innovative ecosystem.   As we’ve seen, there are valid use cases for both private, permissioned and public, permissionless blockchains, and both will continue to exist, and co-exist, into the future. Which one you use for your business will depend on the outcomes you wish to achieve, and how that aligns with the relative attributes of different blockchains. More and more actors both in the crypto space and traditional financial system are realising that public, permissionless blockchains can be a strong foundation for new ways of doing business.