Risk, Innovation, Regulation, and the Future of Web3
TechFlow Selected TechFlow Selected
Risk, Innovation, Regulation, and the Future of Web3
At the intersection of innovation and regulation, embrace the future of Web3.
Navigating Web3 tides with focused insights
0xScope✖️Metatrust Labs✖️Mask Network✖️FixDAO✖️0xScope — From the first-hand perspective of ecosystem participants, master the control, identification, and response to risks in the crypto market, and embrace the future of Web3 at the intersection of innovation and regulation.
Speakers & Moderator Introduction
Moderator:
- Evelyn @ScopeProtocol / @yangqianyi31;
Speakers:
- Xueyue, Audit Specialist@MetaTrust Labs
- Xiaofei, Security Researcher@MetaTrust Labs
- Pinguis, FixDAO&Mask Network Legal Director / @realpinguis;
- Luka, 0xScope Researcher / @0xlukaL
Unignorable Risks in the Crypto Market: High Volatility, High Leverage, Spillover and Transmission
Evelyn @0xScope:
The ripple effects of the FTX incident continue to spread silently. This has prompted us to confront and reflect on the persistent crises within the crypto financial markets: if high risks in the crypto world remain unresolved over the long term, they will affect industry development and even shake its very foundations.
Currently, greater participation from traditional financial institutions may further drive growth in crypto assets while simultaneously increasing risks to traditional financial stability. Wealth effects, financial sector exposure, and crypto payments—these channels connecting crypto and traditional finance—are growing in scale and complexity. However, these conduits lack internal risk-stabilizing dampers or blocking mechanisms. Especially under heavy leverage usage, stability risks brewing in the crypto market can rapidly spill over into traditional finance.
For current growth and market integration trends to persist, the industry urgently needs to establish risk control infrastructure for crypto financial markets. Currently, key ecosystem participants are making significant efforts to reduce crypto market risks and maintain financial stability. In this roundtable discussion, we've invited MetaTrust (product auditing), 0xScope (on-chain data analytics platform), and Mask Network’s compliance team to discuss this topic from different angles, explaining how critical nodes within the Web3 system independently absorb and mitigate market risk points.
Financial market risks include:
-
Product mechanisms: complexity embedded with leverage
-
Market manipulation: lack of transparency and low liquidity
-
Credit risk: operational vulnerabilities, insider malfeasance
-
Regulatory gaps: absence of complaint procedures or recourse mechanisms and protections
-
Fraud and malicious activities: money laundering, cybercrime, hacking, ransomware
-
……
In reality, financial market risks often result from a multi-layered accumulation of factors. For example, product mechanisms provide basic functionality, but risk arises directly from operational practices based on business logic. Let's begin with the fundamental building blocks of crypto financial markets—code and products.
Metatrust Labs: How Can Auditing Reduce Crypto Market Risk at the Product Mechanism and Code Level?
Xiaofei@Metatrust
Hello everyone. MetaTrust currently provides developers with a complete SaaS security development toolchain covering the entire software development lifecycle (SDLC), including design validation during the design phase, MetaTrust Package Manager (MPM) during development, MetaScan during testing, MetaScout during deployment and operations, and overall security assessment via MetaCore. Among these, MetaScan is our flagship product—an automated security audit SaaS tool for smart contract developers. MetaTrust defines a comprehensive standard for smart contract vulnerabilities, ensuring results match those of the best existing audit services.
Metatrust Labs leverages an automated security toolchain and intelligent code auditing services to move security and compliance earlier into the development lifecycle, providing deep, dynamic protection through comprehensive scanning. We continuously empower developers and project teams, significantly reducing costs while enhancing the effectiveness and efficiency of Web3 security.
Xueyue@MetatrustLabs
At the product mechanism and code level, we recommend existing applications optimize in the following ways to reduce risk. Taking DeFi applications as an example, the most critical and core aspect lies in whether the economic model behind the application design is sound, particularly focusing on three points:
First, regarding common vulnerabilities such as reentrancy and access control, projects should minimize risks through code audits and use tools that provide real-time alerts to developers during development. Manual audits face numerous challenges, including long turnaround times and slow coordination. Therefore, automated tools that reduce time and cost consumption are crucial.
Second, avoid using liquidity pools as price oracle sources. Our team found in research on historical DeFi attacks that dozens of DeFi-related incidents over the past two years were caused by price manipulation via flash loans. Where feasible, opt for off-chain oracles like Chainlink.
However, even Chainlink’s reliability must be monitored. Off-chain prices inherently lag, and during black swan events, reliance on inaccurate pricing during liquidations or staking could create exploitable profit margins. The Terra/Luna collapse serves as a cautionary tale—we recommend cross-referencing on-chain and off-chain prices and closely monitoring security when large discrepancies or volatility occur.
Third, pay close attention to project economic model design. Many projects develop complex, nested economic logics that introduce security flaws. Attackers may exploit these layers to indirectly manipulate liquidity pools tied to project tokens, creating arbitrage opportunities. Numerous such attacks occurred last year and this year.
Regarding cross-chain bridges, which have drawn significant attention this year due to frequent breaches involving massive funds—often resulting in losses exceeding hundreds of millions of dollars—our investigation reveals two main categories of security issues:
The first includes vulnerabilities related to permission systems—such as signatures or whitelist/blacklist configurations—as seen in Wormhole and Qubit Finance. We recommend robust role-based access controls and thorough pre-launch code reviews by auditors or internal developers.
The second involves logical bugs leading to security failures, as seen in PolyNetwork and NomadBridge. These issues, unlike typical DeFi exploits, stem from human errors and are harder to categorize. Beyond manual audits, we suggest designing functional separation and redundancy for cross-chain bridges, isolating sensitive operations like transfers with additional checks, amount limits, or incorporating off-chain automated approvals and human oversight.
To address these varied security concerns across projects, MetaTrust’s product MetaScan offers full-stack security assurance, automatically and continuously detecting such vulnerabilities—especially those tied to economic models and price manipulation—to reduce exposure to these risks while minimizing the time and communication overhead typical of traditional manual audits.
MetaTrust’s core scanning tool, MetaScan, features four major engines: rapid static code scanning, precise formal verification scanning, supply chain security scanning, and IP analysis scanning, comprehensively covering code security. Integrated with CI/CD pipelines, it continuously secures the software development process, offering developers a closed-loop security support system.
Q2 0xScope: How to Identify, Monitor, and Respond to Market Risks Through On-Chain Data
Luka@0xScope
Hi everyone, I’m Luka, a researcher at 0xScope. I’d like to share some insights from our research during the FTX collapse, illustrating how fully on-chain data can monitor potential project failure risks.
Step one: Understand what risks exist in the market—which projects, entities, or behaviors could trigger chain reactions.
Over the past year, major black swan events fall into several categories.
The first type is project mechanism risk centered on DeFi or public chain projects, such as Ponzi-like structures. Smaller examples include OlympusDAO and its fork projects; a larger case is the May 2022 Terra/Luna collapse. Why call it a Ponzi scheme? Because Luna’s ecosystem relied heavily on Anchor Protocol on Terra, which lured users with a guaranteed 20% APY, encouraging them to swap stablecoins or other tokens into UST. At its peak, Anchor held $10 billion in TVL, exponentially increasing systemic risk.
The second type is operational risk from CeFi institutions—liquidity crises triggered by fund misappropriation. Starting July last year with the Three Arrows Capital collapse, followed by FTX’s implosion in November. Although these firms primarily conducted on-chain token trading and custodied user digital assets, their internal transfers and operations remained opaque. Once users deposit funds, tracking how institutions use the money becomes nearly impossible.
Step two: Understand where specific risks lie—the operational mechanics of the entire ecosystem or entity.
For Ponzi-like projects such as Luna or OlympusDAO, monitoring token liquidity is effective. Such projects’ liquidity mostly resides in on-chain DEXs, where liquidity levels and price movements are transparent and trackable.
For ordinary users, practical approaches involve using accessible tools to directly monitor projects.
For CeFi institutions, monitoring depends on their business type. For lending platforms, there’s typically a deposit address—tracking token flows from this address provides visibility. For centralized exchanges, deposited funds usually consolidate into hot wallets. By aggregating exchange hot wallet addresses, we can roughly assess their asset positions.
The key here is analyzing on-chain addresses of DeFi projects, public chains, and CeFi institutions. After identifying these addresses, analyze them according to each project’s operational model to interpret inflows and outflows. In this area, 0xScope and Watchers hold distinct advantages:
(1) Obtaining institutional on-chain addresses is inherently difficult;
(2) 0xScope uniquely identifies associated addresses from seed addresses using proprietary address clustering algorithms. For instance, given known exchange addresses, we can discover other addresses controlled by the same exchange. With this expanded set, deeper on-chain analysis yields richer intelligence.
Step three: With these prerequisites in place, better risk mitigation becomes possible when crises hit.
We must understand what happens when risk materializes—what are the indicators signaling danger?
For events like Luna, a clear indicator is UST’s liquidity—since Luna revolved around a stablecoin ecosystem, monitoring UST liquidity on major providers like Curve is essential.
For FTX, focus on the total holdings of the FTX on-chain entity (hot wallet cluster), along with overall inflow and outflow patterns. Netflow analysis helps evaluate asset depletion across the platform.
By following these three steps, one can build a comprehensive, on-chain-data-driven risk management framework. Beyond this, leveraging extensive risk address labels and unique address clustering capabilities, 0xScope also offers KYC/AML solutions to reduce the likelihood of malicious activities, expanding risk coverage while significantly improving efficiency.
Mask & FixDAO Pinguis: How to Legally Recover Assets When Losses Occur Due to Market Collapses?
Pinguis@Mask network:
I’m Pinguis, Legal Director at Mask Network and co-founder of FixDAO.
After FTX collapsed, FixDAO witnessed panic spreading across Asian communities. As mentioned in FTX’s first bankruptcy hearing, Asian users constitute a significant portion of global customers. Yet, due to language barriers and jurisdictional distance, they remain underrepresented in legal proceedings and advocacy. Thus, FixDAO assembled a team of elite law firms from Singapore, South Korea, Japan, Hong Kong, Taiwan, mainland China, and the U.S., helping East Asian users secure representation in Delaware bankruptcy court to better protect the interests of small and medium retail investors.
Let’s examine FTX specifically. First, we need to determine the nature of user assets. FTX’s user agreement explicitly states that deposited assets belong 100% to users—they do not transfer ownership to FTX. If honored, this establishes a fiduciary relationship: FTX acts as a crypto custodian for users. Under such terms, even if FTX goes bankrupt, users should theoretically reclaim their assets before bankruptcy proceedings commence—meaning deposits aren’t part of liquidation assets. Unfortunately, FTX failed to uphold this basic principle. By misappropriating user funds, they altered the nature of user assets, turning users into unsecured creditors. Unsecured creditors rank last in bankruptcy repayment priority.
The repayment hierarchy is: (1) claims outside the bankruptcy court’s jurisdiction, (2) secured creditors, (3) unsecured creditors. However, FTX entered a reorganization—not liquidation—process. Instead of selling all assets, FTX negotiates a repayment plan with creditors, who vote on proposals. The creditors’ committee holds immense power, deciding how much is repaid, when, and to whom. Hence, FixDAO’s primary goal is to aggregate sufficient creditor claims to gain a seat on this committee, enabling real-time oversight of the bankruptcy process, timely feedback, voting rights, and maximum protection for Asian users.
Now, let me outline other legal recovery avenues:
First is entering an “alternative state” legally—no party can demand immediate repayment from FTX; instead, all await a coordinated distribution. During this period, any transaction completed by FTX within the 12 months prior to collapse may be reversed daily. The court can review all contracts and transfers during this window to verify legitimacy, preventing FTX from transferring assets pre-bankruptcy. This protects creditors.
Some creditors may voluntarily halt pursuit of FTX, recovering partial funds. Additionally, certain FTX investments might be reclaimed. Courts will scrutinize transaction authenticity—a lengthy but necessary process.
Collectively, these processes aim to answer: How much does FTX actually have? Once total assets and creditor claims are determined, the remaining issue is structuring repayments—this is the essence of the reorganization plan I mentioned.
How to Proactively Identify and Avoid Market Risks in Daily Trading?
Xueyue@Metatrust:
First, many black swan events show early warning signs—such as sharp token price drops or notable news developments, as seen with FTX and Luna. These events inevitably trigger systemic risk. External factor-induced global risks cannot be mitigated through diversification alone. A classic parallel is the subprime mortgage crisis, tightly linked to deteriorating market liquidity and inter-institutional dependencies. DeFi remains vulnerable.
Since DeFi relies on cryptocurrencies as underlying assets, external shocks can negatively impact investor confidence and market liquidity. With volatile crypto prices, many investors sell digital assets to safeguard capital, worsening liquidity and increasing systemic risk.
Therefore, investors should stay alert to news and price movements. At the first sign of trouble, assess personal fund safety and consider converting holdings into less affected native cryptos or stable, secure stablecoins.
Second, in daily interactions with projects, avoid granting permissions carelessly. Prioritize interacting with projects whose source code is public and backed by reputable investors. Also, research project backgrounds and follow official Twitter accounts.
To address such security risks, MetaTrust’s products MetaScore and MetaScout monitor and score on-chain signals and token price crashes, offering investors authoritative, actionable information to avoid harm.
Luka@0xScope:
From an on-chain data perspective in trading, focus on two aspects. For major assets like BTC and ETH, watch macro market trends. For smaller-cap tokens, monitor two things: tokenomics (distribution concentration) and whale movement patterns.
Risk, Innovation, Regulation, and the Future of Web3
Eve@0xScope:
In my view, regulation aims to maintain market stability and protect investor interests—goals aligned with exchange stability and industry health. What are your thoughts on future regulation? How will it affect your operations? Can it truly make markets more stable?
Pinguis@Mask & FixDAO:
Currently, Web3 operates in a state of severely lagging regulatory frameworks. Many see law as the baseline, but if we treat legal compliance as the only boundary, we won’t see a viable future for Web3. We must improve in this area.
Xueyue@Metatrust:
While DeFi offers investment and profit opportunities, it poses significant risks and challenges to regulators. In CeFi, fundraising projects or service providers typically bear legal obligations. DeFi, however, lacks such duties and corresponding rules to compensate investors for non-market-related losses. Thus, the DeFi ecosystem needs standardized behavioral expectations and an enforcement system. Systemic risk is especially critical here.
As for regulation, the key lies in monitoring nodes between projects. One solution could be standardizing interfaces between DeFi projects. Middleware contracts could regulate interactions. Additionally, a blacklist should flag unsafe DeFi projects and restrict calls to prevent capital flow between risky protocols.
Of course, the challenge isn't implementation—it's defining desired outcomes. Strict regulation in decentralized blockchains is unrealistic. Conversely, limited oversight shouldn’t hinder DeFi’s growth. Proper regulation can build user trust, enabling sustainable expansion.
Evelyn@0xScope:
Innovation often brings new forms of risk. We must continuously discern which risks are inherent to valuable innovations, and which can be avoided through more flexible models—then iteratively refine our product logic and operational practices.
Currently, amid unclear regulatory conditions, most institutions rely on self-regulation while awaiting initial stances from lawmakers and regulators. As frontline industry participants, we should actively contribute insights to global legislation and crypto regulatory policies, foster constructive dialogue, and collectively shape a balanced regulatory environment—one that safeguards fundamentals without stifling innovation, truly enabling sustainable industry growth.
In this episode, we took a macro view, exploring how builders maintain stability in crypto financial markets—from product audit logic and exchange risk controls to on-chain data analytics—showcasing how each node in the ecosystem independently absorbs and mitigates market risks. We also introduced FixDAO’s efforts in helping victims recover losses from the FTX collapse. We hope this equips you with a deeper understanding of how crypto market risks emerge, propagate, and can be prevented, and enhances your grasp of the relationship between innovation and regulation. Next time, we’ll offer practical, micro-level guidance on protecting asset security—stay tuned.
To get involved
MetaTrust Labs:Website | Twitter | Builder-first Web3 Security.
Mask Network:Website | Twitter | Discord | Telegram | The Portal to the New, Open Internet.
FixDAO:Website | Twitter | A non-profit DAO for FTX victims.
0xScope Protocol:Website | Twitter | Discord | Telegram | First-ever Web3 Knowledge Graph Protocol
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@ScopeProtocol
