“We are not sure where the metaverse, Web3 and NFTs are going to lead, or if blockchain will remain a viable solution to support these technologies, or even what the future of these digital worlds may hold; but we do know that they are all going to need better approaches to security,” she adds. “There is a lot of money being invested into this field and a lot of money being stolen too. Even if it all appears over-hyped right now, we have to find ways to better protect the consumers, users and investors of these ecosystems.”
Smart contracts, NFTs, dApps and cryptocurrencies are building blocks of the future metaverse and will need to be assessed more closely. Fad or not, the metaverse and its surrounding technologies can potentially evolve to provide organisations with additional places to operate and individuals with new worlds to explore, which means that security has to play a lead role in making sure that the billions being invested are not about to be the billions being stolen.
“There are multiple definitions of the metaverse and what it means, but even though it is primarily conceptual right now, some elements exist already,” explains Collard. “Currently, it is an umbrella term for extended reality– virtual and augmented – and the rapid adoption and development of tools like Oculus, which made these more mainstream. Spearheaded by the gaming community, AR and VR as well as the virtual worlds or “lands” in which we can play, engage, learn or meet one another are now being readily explored by children and adults alike.”
“Decentralisation forms a large part of this as well, but that design principle brings with it a host of challenges” says Collard. “Blockchain evolved out of the wish to remove control of finance from an unscrupulous financial services industry as a result of the financial crisis of 2008. However, decentralized finance, or “DeFi” brings with it the risk of repeating the same sins of the original unregulated banking system, and then makes it worse, such as enabling criminals and financial fraud or scams.
Also, consider that the main investors in this space are venture capitalists and financial services groups and the biggest mining pools are controlled by a handful of companies. So the ecosystem is not even as decentralised as it is being made out to be.”
“There will always be fraud and crime, especially if systems are decentralised or if we rely too much on pieces of code such as smart contracts,” concludes Collard.
“At the end of the day, smart contracts are pieces of code written by people and people make mistakes. There is opportunity for vulnerabilities to be exploited on every layer. Let’s also not forget that criminals often target the users because they are the easiest to attack. This does not mean that the world should not move forward and explore these opportunities, only that we have to educate developers and users and ensure that they are aware of the risks and that security is involved from the very first step.”