If blockchain gaming wants AAA status, then it needs AAA security
Blockchain gaming is coming for the console crown. Forget Xbox and PlayStation, Web3 is creating premier titles, curating ecosystems and wielding distribution and decision-making power. Better yet, gaming sidechains and communities — from Ronin to Avalanche — go one step further to offer much-needed stickiness in asset ownership, personalized identities and vibrant economies.
This level of integration and cohesion is unparalleled in traditional gaming, setting the stage for more immersive experiences and new earning opportunities. But there’s a problem.
Recent hacks highlight blockchain gaming’s growing pains, casting an urgent focus on the need for robust user protection and asset security standards before the sector goes mainstream. This vulnerability stems from several factors like smaller teams moving quickly, relatively nascent technology and increased incentives for hackers during blockchain gaming’s bull run.
Let’s explore why, if blockchain gaming wants AAA status, then it needs AAA security.
Crossing the reputation divide
Hacking attempts, account theft, scams and unauthorized transactions are becoming uncomfortably common in the sector, and Web3 gamers don’t always have the kinds of customer protections that apply to traditional banking and payment systems.
The Gala Games hack serves as a stark example. On May 20, the project “messed up” its internal controls, allowing a hacker to mint five billion of the native token worth more than $200M. While the project identified the hack within an hour and the attacker “only” managed to sell about $20 million before being stopped, the incident tanked GALA’s price by 20%. These are the types of security lapses and user impacts that traditional console makers simply can’t afford.
Additionally, Web3 gaming users need better protections. Ecosystems collect large amounts of data on players, including behavioral details such as financial data, purchasing history and spending thresholds. While this data provides valuable insights for growth, it also introduces significant privacy risks without robust guardrails. Such financial and privacy shortcomings simply aren’t good enough for an industry positioning itself as the future of gaming, something recently echoed by The Consumer Financial Protection Bureau.
Lessons for Web3 from traditional gaming
Here, funnily enough, the Web3 sector can learn from traditional gaming, which counts regulatory and shareholder pressure to uphold certain security standards. Xbox, for example, regularly updates its data collection policy and offers clear channels for reporting impersonation, phishing, theft and more. Assurances like this would go a long way to enhancing trust in this burgeoning sector.
Web3 gaming must make similar trust-building commitments to fulfill its transformative potential. Of course, some will push back, citing concerns about reduced agility, increased development costs, or potential limitations on innovation. But, we shouldn’t have to sacrifice user security for rapid growth. I believe there’s a healthy middle ground to be found – one that balances innovation and security, and recognizes that user trust and asset protection are not just checkboxes but fundamental pillars of a sustainable gaming ecosystem.
Read more from our opinion section: Gaming needs tokenization
One way we can get there is by offering reliable asset recovery processes, especially when serious money is on the line. Another is for projects to best protect themselves and their users by safeguarding private keys, implementing trusted execution environments, and training internal teams on the dangers of phishing, social engineering, and malware.
Another approach is to embrace protocols that prioritize user privacy and comply with regulations while still enabling effective targeting, attribution, and understanding. For example, NFT standards like ERC-7231 let players link multiple gamertags to a single profile, creating an “identity of identities” that helps them share their journey across the metaverse. The best part? Such protocols give users complete ownership and encryption of their data on the blockchain. This way, information is securely stored and only accessible in a manner that respects privacy and follows the rules — a win-win for personalized experiences and data protection.
Work with users, for users
Blockchain gaming must shed its aversion to industry-standard regulations if it hopes to compete with the big leagues. Many crypto projects have long prided themselves on operating outside traditional frameworks, but this stance is becoming increasingly untenable. To truly rival established game developers, our sector needs to adopt best practices and learn from market leaders — all while preserving the core principles of decentralization.
This balance is achievable through innovations like distributed node networks and privacy-preserving technologies such as zero-knowledge proofs. By embracing both security and decentralization, we can bridge the credibility gap and earn our place alongside gaming’s giants.
Indeed, there’s still good reason to be bullish on blockchain gaming and its ability to achieve what traditional web2 gaming cannot — cross-game asset transfer, loyalty through ownership and consistent identity. These are powerful lures for an industry where mobile revenues are slipping and user acquisition costs are heading in the other direction. Traditional gaming is eyeing Web3’s strengths — from accessing loyal, big-spending audiences to seamlessly guiding players through immersive gameplay via incentives and tokens — but remains wary of its security weaknesses.
To truly harness this potential and earn mainstream respect, blockchain gaming must achieve security on par with AAA standards. Only then can the sector deliver on its revolutionary promise, one game at a time.
Leo Li is the Chief Growth Officer of CARV, spearheading operations, strategy, and outreach across departments. At CARV, a modular data layer built for gaming and AI, Leo oversees more than 700 onboarded games and 2.5 million users. His leadership ensures the seamless integration and utilization of CARV’s suite of tools for user acquisition, onboarding, and management. Before joining CARV, Leo held key roles as a publishing producer and operations manager at Electronic Arts, Garena, and Tencent. His extensive background includes the global publishing of popular titles including FIFA Online, Apex Legends Mobile, Arena of Valor and more.