Only by building infrastructure with "institutional-level security + consumer-level experience" can we win users' trust and achieve true global adoption.

Written by: Lily Z. King

"In the current landscape where the number of crypto users has surpassed 650 million and the market is rapidly evolving, security is no longer just about defense; it is at the core of the experience."

The "Point Zero Forum 2025" was successfully held from May 5 to 7 in Zurich, Switzerland, organized by the Swiss State Secretariat for International Finance (SIF) and the Monetary Authority of Singapore (MAS) through the non-profit organization GFTN. The forum brought together over 2,000 central bank governors, regulators, industry leaders, and technology experts from around the world, dedicated to promoting sustainability, inclusivity, innovation, and efficiency in the global financial ecosystem.

Cobo COO Lily Z. King was invited to attend the "Point Zero Forum 2025" and participated as a speaker in a roundtable discussion, sharing our frontline observations on the changes in crypto user expectations and their impact on the future of crypto security. We also hope to bring these insights to every Cobo user and reader.

Crypto users are changing, and what they want is different

Over the past eight years, Cobo has been fortunate to be at the forefront of the crypto industry's development, witnessing dramatic changes in user needs, technological architecture, and application scenarios. From users to infrastructure, from custody models to security strategies, the entire industry is undergoing a profound reconstruction.

After the FTX incident, users have become more professional and vigilant.

On the institutional side, users prioritize "control." They are more concerned about whether they have a verifiable security architecture, such as SOC 2 and ISO 27001 audit certifications, continuous KYT/AML monitoring, granular approval mechanisms, and the ability to use cold wallets or off-chain custody. Their focus is on whether they can meet compliance requirements, protect asset security, and submit audit reports when necessary.

On the retail side, users pursue "simplicity." They want the convenience of using modern financial apps: a few clicks, confirmation, and done, and they also want to easily recover their assets after changing phones. However, their understanding of security has also improved: a clean interface no longer equates to a trustworthy platform; people are starting to pay attention to proof of reserves, fund availability, and instant access to assets.

Regardless of the type of user, there is a growing pursuit of: verifiable security + real-time asset control.

From single-chain to multi-chain, technological infrastructure is both diversifying and integrating

From Bitcoin and Ethereum, we have evolved into today's world of multi-layered, multi-chain coexistence, involving bridging, Rollup, and modular blockchains. This fragmentation trend requires a unified and compatible underlying architecture across ecosystems.

To address this complexity, leading platforms are turning to modular custody architectures:

• MPC (Multi-Party Computation) for decentralized private key control
• Layered architecture of hot/warm/cold wallets to balance liquidity and security
• Smart contract wallets for configuring on-chain governance and operational rules

Only with institutional-level security, integrated architecture, and verifiable standards can we support a Web3 user experience aimed at the general public.

Application layer evolution: not just exchanges, but more new scenarios

Eight years ago, 90% of our clients were exchanges. Today, that proportion has dropped to 50-60%. New users include DeFi protocols, NFT platforms, DAOs, GameFi, and SocialFi projects, as well as payment companies, trading enterprises, and stablecoin issuers.

Each scenario brings different security challenges and compliance requirements: CeFi emphasizes compliance and fund security, DeFi focuses more on smart contract risks and user experience, while Web3 enterprises face challenges of multi-chain interoperability and blurred compliance boundaries.

Wallets are no longer just safes; they are the main entry point to Web3

Unlike traditional finance where "bank accounts are the endpoint," in Web3, wallets are the core interaction entry point for users, serving as a passport to the on-chain world.

However, they have also become a key point affecting user experience:

• Users need to manage their private keys themselves
• Accept complex operational interfaces
• Bear on-chain risks that traditional finance has long shielded from them

This poses a barrier for individual users and a resource burden for startups and exchanges. Therefore, we need more infrastructure builders to help platforms "do what they are good at" without worrying about security and compliance.

Security vs. simplicity: a dynamic balance between custody and autonomy

The ideal security design hides complexity, making protection "exist without feeling," while providing choices when users need them. For example:

• Default activation of risk control mechanisms, such as transaction limits, withdrawal delays, and whitelist functions
• Guided educational prompts to help users understand risks without overwhelming them with information
• Users gradually unlocking more permissions instead of being exposed to risks from the start

The essence of custody is not handing over the keys but rather handing over trust and choice.

Promotion of security mechanisms: relying on design rather than persuasion

Security features such as 2FA, withdrawal delays, and transaction limits are often overlooked by users until an attack occurs. Data shows that only one-third of users have enabled 2FA across all platforms.

An effective way to promote is not through persuasion but through default design:

• Default activation of security features, embedded in the process
• Providing simple explanations when necessary to enhance user understanding
• Using AI technology to reduce user operational burdens, such as automatically identifying malicious contracts and real-time phishing alerts

Advice to regulators: focus on outcomes, not processes

Users do not care about your custody model; they care about whether their assets are safe, accessible, and recoverable. AI technology is redefining all of this—from one-click account opening to risk scoring and real-time fraud alerts, future crypto applications will become increasingly simple and user-friendly, much like banking apps. However, AI is also arming attackers, and regulation must evolve in sync with technology.

Therefore, we call for regulation to be "principle-oriented" rather than "static process-oriented," establishing regulatory logic centered on outcomes to truly protect user asset security.

"Regulators should lay a solid foundation but allow secure, adaptable systems to grow freely on it."

The crypto industry is transitioning from technological exploration to a phase of mass adoption. Only by building infrastructure with "institutional-level security + consumer-level experience" can we win users' trust and achieve true global adoption.

Cobo is an active builder and promoter in this transformation.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。