Web3 wallet and Accomplice Security: Exploring Asset Protection Mechanisms from a Hardware Perspective

At the global Web3 and AI summit Proof of Talk 2025, a roundtable forum focusing on "Web3 wallet and accomplice security" attracted widespread attention. The forum explored how to build a more secure and scalable Web3 asset protection mechanism from the underlying perspective of hardware and system software.

The guests participating in the discussion include executives and founders from several well-known technology companies. They engaged in in-depth discussions on topics such as the pain points of Web3 user security, advanced custody architecture, and the challenges and breakthroughs of the open-source ecosystem.

The forum host pointed out in the opening: "The security of private key custody and Web3 wallets heavily relies on the security of devices and hardware, but discussions about the underlying systems and hardware security are not common." He emphasized that current discussions on Web3 security often focus on on-chain protocols and smart contracts, while the decisive role of underlying hardware and system architecture is often overlooked.

An expert from a large technology company shared the technical architecture of his team's high-security digital asset custody, including partitioning and cold storage signing processes based on EAL5+, and specifically introduced how the offline signing orchestrator system supports bank-level custody services.

Another guest at the conference addressed the issue from a practical standpoint, pointing out through examples that the existing custody models, "delegated custody" and "self-custody," expose systemic risks. He further introduced a solution based on "distributed custody" and MPC-TSS technology, emphasizing the application value of flexible and scalable signature structures for both enterprise and individual users.

The founder of an innovative company started by discussing the practical challenges of open-source technology, sharing his team's practical experience in multi-terminal computing and local security isolation, and calling on the industry to think more systematically about the openness and trustworthiness of the underlying architecture while ensuring user experience.

Another expert, drawing on years of experience in hardware security modules (HSM) and key management, analyzed the key bottlenecks and response strategies in current hardware custody solutions. He stated that the hardware trust boundary is crucial when building a global digital asset infrastructure.

In discussions about the future forms of Web3 wallets, guests generally believe that composable and modular multi-signature architectures will become the mainstream trend, with balancing user experience and security as the core challenge. The host added: "Financial enterprises have become accustomed to using dedicated hardware (such as HSM) for private key and signature management; relevant security evaluations, such as EAL and FIPS, are also widely accepted by regulatory agencies. However, these evaluations are not specifically designed to verify the security of blockchain signature implementations, so the level of security protection these systems provide for digital assets still requires auditing by professional blockchain security companies." He pointed out that "custody" is essentially an architectural design issue, rather than a single technological stack. An ideal custody solution should effectively prevent operational errors through system mechanisms while ensuring users have a reasonable degree of operational freedom.

In addition, regarding the role of open-source software in Web3 hosting, the guests expressed a cautious yet optimistic attitude. One guest pointed out the legal gaps and market barriers faced by open-source chip design, calling for the industry to make further advancements in security and transparency. Another expert also discussed how to achieve module-level open-source isolation without sacrificing performance, starting from the perspective of operating system-level security.

At the end of the forum, the host concluded: "The underlying technology of private key custody and wallets is still evolving, and we look forward to providing verifiable and user-trusted security solutions through collaboration in the future."

The roundtable forum aims to promote the establishment and development of Web3 security standards from a systematic and structured perspective. In the context of increasingly clear regulations and increasingly complex technologies, industry insiders hope to collaborate with global cybersecurity practitioners to provide cross-layer collaborative security solutions for developers, enterprises, and regulatory agencies.