Early in the morning, I saw @GoPlusSecurity planning to build a modular unified user security layer. As a former crypto security veteran, my unfulfilled security vision has been reignited. The most important "security" direction in the crypto world has always been too service-driven, always in the awkward situation of "hastily responding beforehand, regretting afterwards." How can we break this pattern? Will a modular security unified network be the best solution? Next, let me share my thoughts:

1) Security issues are always only valued after an incident occurs, which is what we often refer to as the "security awareness" issue. It cannot be improved through short-term appeals and shouts, and is destined to gradually transform into a sense of alertness only after being stung by repeated hacker attacks and phishing incidents.

Moreover, "security incidents" will only decrease as the industry matures, but they will not disappear. Therefore, security as a "service" will always be needed, but it will always be passively needed, which is not conducive to security companies improving their position in the crypto ecosystem.

2) Modularization has become a common development path in the crypto field, whether it's a middleware network, layer 2, or some independently split DA modules, Execution modules, Settlement modules, and the anticipated Security security layer module, all are gradually becoming key components of the crypto ecosystem.

In the future, the consensus layer, settlement layer, execution layer, DA layer, etc., which originally constituted the chain, will be independently encapsulated in a modular manner and embedded with high interoperability into the architecture systems of various blockchains. The security module layer will also become an essential or must-have plug-and-play additional capability for each chain.

3) As the industry as a whole matures, pure B-end hacker attacks are decreasing, which is directly related to the continuous security protection efforts of the entire industry's developers and the industry's code progress driven by the DeFi black forest. However, the decrease in B-end security incidents does not mean that the overall security threat will disappear. A large number of phishing attacks have become a new focus of security. Therefore, a security module layer that is oriented towards the C-end and can provide users with "unconscious" security protection must take on this mission.

4) Why emphasize "unconscious"? Because with technological advancement and industry maturity, complex problems must be abstracted to the backend infra layer to be solved, and the gap perceived by front-end users must become smaller. Based on the modular construction of chain security components, it involves timely blocking of dangerous and suspicious transactions, pre-execution path simulation before transactions are put on the chain, front-end alert warnings before signing, updates of off-chain Oracle information such as phishing websites, KYC anti-money laundering compliance supervision, and so on.

In theory, it's simple, but in practice, it's not easy to fully unleash the value of the modular security layer, as it needs to be compatible with various chains, different consensuses, and also needs to match the rudimentary wallets, DEX protocols, etc., in different environments.

5) If security remains at the "service" layer, an inevitable reality is the endless stream of plugins, various tools, and even different security solutions for developers, ordinary users, traders, institutional users, etc. As a result, the competition between security companies is fierce, and ordinary users do not have a tangible sense of improvement in security levels.

The security industry also needs a unified security module layer to continuously provide security warnings and improve user experience for C-end users, while being highly compatible with B-end developers and infrastructures such as chains, wallets, and protocols. In the long run, the security awareness and security protection efforts of both C-end and B-end can be consistently improved.

In conclusion, security attacks and defense will always be a difficult problem in the crypto field because it's too close to the money, and there will always be hacker organizations lurking in the dark, constantly scanning for weak security environments to attack.

Fundamentally, both hacker attacks and security protection are battles of cost. Protecting the target must increase the cost of hacker attacks. Fragmented security services are like guerrilla warfare, while a unified security chain ecosystem construction and a unified front-line defense of modular security layers, in my opinion, is currently the best solution to improve the security level of the crypto world.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。