Upcoming Event

Owl Explains Crypto Summit
Presented by Sidley

Get tickets

How Should We Regulate Crypto/Web3 Cybersecurity?

The Owl
By and The Owl
How Should We Regulate Crypto/Web3 Cybersecurity?

Cybersecurity is all about the financial incentives. Getting cybersecurity regulation right means using the threat of regulatory fines to align financial incentives so that companies do the right thing. Compared to most existing cybersecurity regulations, however, the financial incentives in cryptocurrency/Web3 are very different. 

Most existing cybersecurity regulations aim to improve the security of consumer PII and personal information that companies hold. Because the theft (more accurately: copying) of consumer PII by hackers during a data breach does not result in an immediate financial impact to a company's bottom line, companies have historically paid less attention to cybersecurity than they should. Since the free market financial incentives for companies to secure consumer data are poor, regulators have naturally stepped in with a regulatory stick (where the free market carrot has failed).

The financial incentives in crypto, however, are very different. With crypto, if you are hacked and your crypto is stolen, you've lost your own assets. That's a huge incentive to do cybersecurity properly.

Here are five major takeaways that regulators should consider:

  • For companies self-custodying their own crypto, financial incentives are already 100% aligned. If Company X holds $1 million in cryptocurrency, and a hacker steals it, the company just suffers an immediate financial loss of $1 million. Regulatory fines would not offer any greater financial incentives for Company X to do the right thing.

  • For companies that hold someone else's crypto assets, the financial incentives are not quite so aligned. If a company custodies $100 million, only $1 million of which is their own, and a hacker steals all $100 million, then the company will simply declare bankruptcy and leave their debtors with nothing. An example might be a centralized crypto exchange, or a DeFi service built on top of a smart contract. In these kinds of situations it might be appropriate for regulators to require minimum security controls to protect users.

  • Getting cybersecurity regulations right is hard. The result of cybersecurity regulations in other areas (such as consumer PII or PHI) has been that companies will do the bare minimum to satisfy cybersecurity regulations, and no more. Finding the right balance between creating regulatory financial incentives without unduly stifling innovation becomes a difficult balancing act.

  • Hackers don't care about regulatory compliance. Cyber defenders have to be right every single time, and attackers only have to be right once. Unlike environmental protection regulation, where accidental oil spills or illegal toxic waste dumping is the primary concern, in cybersecurity we are worried about malicious third parties acting outside the reach of the law in countries like North Korea or Russia. There is frequently no legal recourse in the event of a crypto hack.

  • Crypto startups need to front-load security spending. In most startups, the biggest risk is going out of business, not cybersecurity risk. As a result, startups tend to run very insecure for a couple of years until they are financially successful enough to go back and fix things (so-called "tech debt"). However, this approach does not work in the crypto space, where hackers frequently prey on lean, insecure startups that enjoy overnight financial success. Forcing crypto startups to frontload security expenditure from the beginning could be a key lever of effective regulation.

Cybersecurity risk in the crypto/Web3 space is high...

... higher than in most other verticals, because we're not talking about the security of information, but about real, fungible, and non-reversible financial assets. The stakes are high and companies in the crypto space take security seriously.

Financial incentives to do security properly align much more closely in the crypto space than in almost any other vertical. The alignment is not 100% perfect, but it is close enough that regulators should take a "light touch" approach to crypto cybersecurity regulation.

Articles

shutterstock 2434091823
2025-04-03

Exploring Models of Staking

This is Part Two in our Staking series. Click here to read Part 1. Staking is frequently a mischaracterized and misunderstood activity, in large part due to a lack of understanding surrounding the fundamental principles of staking as well as the different models. Staking is an integral part of the infrastructure that keeps a blockchain functioning and secure. It is a technological activity utilizing hardware and software, and reliant on communications over the internet.  It determines who participates in the updating of the blockchain to maintain Byzantine fault tolerance. It does not require the participant to transfer ownership of their tokens to a third party - it is not lending or custody —but some models do involve the token owner transferring control. While rewards are in place to act as an incentive for participants to stake their tokens, this is an outcome of the process, not the driver for it.  PoS includes several variations, each catering to different user needs and blockchain architectures. Solo or Direct Staking Users run their own validator nodes via their own software and hardware, maintaining full control over their staked assets and potentially receiving higher rewards than if they were using a third party. However, the barrier to entry for solo staking is high - there is significant technical expertise required as well as a large up front equipment cost. Additionally, there is the cost of the stake that must be posted:  32 ETH to activate a validator on Ethereum, 2000 AVAX on Avalanche, for example. Users are solely responsible for maintaining hardware uptime and security, and therefore will bear the full effect of any penalties from the protocol if there are failings.  Third party models The term Staking-as-a-Service (StaaS)  is often used very broadly in the blockchain ecosystem, but is actually not particularly helpful, as it is too generic a description. A third party can manage many different aspects of the staking process for users depending on a number of factors; it is best therefore to split this category out. Non-custodial delegated staking: Token holders stake their cryptoassets via a self-hosted wallet but delegate validator operation to a third party, such as a StaaS provider, in exchange for a service fee. This reduces costs and technical complexity compared to solo staking while ensuring that only the token holder can sign transactions, claim rewards, and unstake using their private keys. Custodial delegated staking: many large cryptoasset custodians now offer staking as an ancillary activity. The custodian stakes the tokens (with permission) on behalf of the token holder in exchange for a service fee. While the third party will take custody of the assets in this example, it is because of their nature as a custodian, not because staking requires it. Custodians can store the tokens in different wallets based on the requirements of the tokenholders: segregated staking keeps the tokens entirely separate from others and there is no co-mingling of assets; omnibus staking puts all tokens together in an omnibus or aggregated wallet, lowering the barrier to entry; pooled staking combines assets across multiple participants in return for a ‘share’ of an already active staking position.    Liquid Staking:  A commonly cited concern with staking is that once a token is staked to the network, it can’t be accessed until the end of the lock up period. Liquid staking providers allow tokens to be deployed via a protocol to receive a receipt token (or Liquid Staking Token (LST)) which acts as proof of the underlying staked tokens and any associated rewards. The LST can then be deployed in other activities e.g. on Defi protocols and can continue earning rewards.  Staking isn’t a one-size-fits-all approach—different models cater to different needs, from solo staking for those who want full control to third-party and liquid staking options that lower barriers to entry. That’s why it is important to read the fine print on whichever model you choose.  While these models make staking more accessible and flexible, they also come with varying degrees of risk, from slashing penalties to counterparty exposure. So, what should you watch out for when staking your assets? In our final post, we’ll explore the key risks and considerations to keep in mind before getting started. Stay tuned!

The Owl
By and The Owl
shutterstock 1852315756
2025-03-11

The Fundamentals: What is Staking? 

Welcome to Part 1 of our Staking Series... Consensus mechanisms serve as the backbone of decentralised networks, ensuring security, efficiency, and trust in the evolving landscape of blockchain technology. In recent years, Proof of Stake (PoS) has emerged as an energy-efficient alternative to Proof of Work (PoW), becoming one of the most widely adopted consensus mechanisms today. Unlike PoW, which relies on computational power, PoS leverages token ownership to validate transactions and secure the network, reducing energy consumption while maintaining security and decentralisation. Staking - A Brief History and Explanation A consensus mechanism is exactly as it sounds - a means of reaching agreement between network participants. In the absence of a centralized intermediary that can review and verify transactions, as well as monitor participants, decentralised networks need to build trust and reach consensus through other means. This is also known as the Byzantine Generals problem. Proof of Work (PoW) was the first widely adopted consensus mechanism, and supports tokens like Bitcoin - it actually originated in the early 1990s as a way of preventing email spam. Miners compete to find a valid cryptographic hash that meets the network’s difficulty target. The first miner to succeed proposes a new block of transactions and if the network verifies the block as valid, it is permanently added to the blockchain. The successful miner receives a block reward (newly minted tokens + transaction fees). PoW makes fraudulent transactions extremely difficult, because it requires huge amounts of computational power to execute a 51% attack (controlling the majority of mining power). However, PoW has faced criticism as the growing number, diversity, and value of PoW networks and their cryptocurrencies have led to a significant increase in computational power demands, reaching levels comparable to those of mid-sized countries. Proof of Stake (PoS) has been developed as an alternative consensus mechanism, aiming to achieve the same level of network security but without such high energy demands. Unlike the outright competition of proof-of-work, proof-of-stake (PoS) uses a different set of incentives to make sure that network participants behave honestly. PoS relies on participants—known as validators—to lock up, or "stake," their tokens in order to propose and validate new blocks. Validators, like miners, provide technology services to the blockchain. They run software to implement the consensus and validation process. They operate infrastructure hardware and software (akin to Internet service providers). Both miners and validators have a critical role in recording information to their respective blockchains and enabling decentralized systems, but they do so differently. Validators are selected based on the size of their stake and other network-specific criteria, rather than engaging in energy-intensive computational puzzles as seen in PoW. The more tokens a participant stakes, the higher their chances of being chosen to validate the next block. However, this selection process is often weighted with additional mechanisms to prevent undue centralization. When a validator is chosen, they are responsible for verifying transactions, adding new blocks to the chain, and ensuring the overall integrity of the network. In return for their services, they receive staking rewards in the form of newly minted tokens and transaction fees.  As shown by the explanations above, PoW and PoS are not actually the core of how validation of transactions and consensus about adding blocks are achieved. Rather, they are the mechanism by which the participants in those activities and the proposers of blocks are permissioned by the network.  This is known as “sybil resistance” because it stops attackers from gaining easy access to these very important functions by imposing a cost to participate.  Validation of transactions and consensus about which block to add next are carried about by the miners and validators who have paid the price of admission through their work or their stake.  Staking market today PoS has demonstrated its ability to strengthen network security while also being significantly more energy efficient. Additionally, unlike PoW which requires significant upfront investment, PoS allows a broader range of participants to contribute to network security. In a PoS system, validators are selected based on the amount of cryptocurrency they stake rather than computational power, which means that individuals and organizations with varying levels of resources can participate without needing expensive mining rigs or access to cheap electricity.  As such, PoS blockchains have evolved quickly over the past few years, accompanied by an increase in staking activity. In Q1 2024, the average staking reward was 10%, translating to annualized staking rewards of $14 billion—up from $4.9 billion in the same quarter of 2023. The total value of staked assets during this period was projected to reach $239 billion. Staking has come a long way, offering a more energy-efficient and accessible alternative to traditional mining. As the market continues to grow, understanding the different models of staking becomes essential for both newcomers and seasoned participants.  So how do different models compare, and what are the trade-offs between them? Stay tuned for our next post, where we’ll break down the various staking models and what they mean for investors, networks, and the broader crypto ecosystem. Part 2 available now! "Exploring Models of Staking"

The Owl
By and The Owl
Untitled (672 x 367 px) (1)
2025-02-20

The Owl Explains Crypto Summit Presented by Sidley

Get ready to witness the convergence of global policy minds at the Owl Explains Crypto Summit Presented by Sidley! This isn't just another crypto conference—it's a unique gathering designed to tackle the most pressing policy and regulatory trends in 2025. Set in the vibrant heart of Central London on May 22nd, 2025, this event promises to be the definitive meeting point for decision-makers influencing the future of blockchain and digital assets. The timing couldn't be more critical. With a new US administration setting the tone, the UK crafting its regulatory regime, MiCA implementation rolling out in Europe, and pivotal changes happening in Hong Kong, Korea, South America, and Southeast Asia, the global regulatory landscape is more dynamic than ever. The Owl Explains Crypto Summit is strategically organized alongside the Avalanche Summit London. This isn’t about passively listening to panel after panel—it's about active participation. Our roundtable format encourages interactive dialogues, allowing you to engage directly with experts and peers. Key Topics Include: Tokenization and the Nature of an Asset: Redefining ownership in a digital world. Decentralization and Open Source Code: Balancing innovation with regulation. Infrastructure vs. Intermediary Requirements: Crafting rules that make sense. Stablecoins, Cybersecurity, AI... and so much more! This immersive format ensures that every voice is heard, and no stone is left unturned as we navigate the complex policy terrain of Web3. The summit is set to bring together a diverse group of 200+ policymakers, regulators, academics, and industry practitioners from around the world. This is your chance to connect directly with the very people shaping the policy and regulatory agenda that will influence blockchain's future. 📅 Save the Date: May 22nd, 2025 📍 Location: The Dorchester, London 💌 Contact Us: OEsummit@avalabs.org for sponsorship and speaking opportunities. 🌐 Learn More: Owl Explains | Sidley This summit offers unparalleled opportunities for networking, knowledge exchange, and influencing the next wave of crypto policy. Sponsoring this event is your gateway to connecting directly with global policy shapers and key stakeholders who are setting the regulatory agenda worldwide. Don’t miss out on the premier event that brings together the brightest minds in blockchain policy and regulation. Follow us on Twitter and LinkedIn for the latest updates and insights leading up to the event. Ticketing opens soon. Stay tuned!

The Owl
By and The Owl