Symbiosis of Innovation and Regulation: Industry Experts Provide Guidance on Web3 Payment Security and Compliance

Yuliya
Yuliya

Industry experts from CertiK, SlowMist, and Manquin Law Firm discussed the critical challenges and future of Web3 payment security and compliance at the Wanxiang Blockchain Conference.

  • Key Challenges:

    • Security risks include poor private key management, smart contract vulnerabilities, and the anonymity of on-chain funds facilitating illegal flows.
    • Regulatory uncertainty varies by region, creating a dynamic environment where compliance boundaries are difficult to define.

  • Industry Evolution:

    • Established cross-border payment companies are entering the market with a compliance-first approach, raising professionalism in licensing and security.
    • New risks like on-chain asset freezing by stablecoin issuers or regulators pose threats to institutions.

  • Decentralization and Compliance:

    • Experts argue decentralization and compliance are not mutually exclusive. Technology can embed regulatory rules into code ("compliant code") to support compliance without centralizing control.
    • Regulation aims to protect users; the focus should shift to achieving "intelligent compliance" through dialogue and balanced mechanisms.

  • Practical Advice:

    • For Businesses: Integrate security and compliance early. Use multi-signature wallets, real-time monitoring, emergency response plans, KYC/KYT checks, and on-chain transaction monitoring.
    • For Users: Enhance security awareness, protect private keys, avoid phishing scams, invest rationally, and be cautious with C2C transactions to prevent bank account freezes.
    • For Traditional Companies: Web3 payment adoption is an irreversible trend. Success depends on supporting Web3 scenarios, ensuring regulatory protection for user assets, and managing risks effectively.

Experts predict significant commercial potential for Web3 payments in the next 1-3 years, emphasizing that security and compliance must advance together for mainstream adoption.

Summary

As Web3 accelerates its development, payment security and regulatory compliance are crucial for the industry's mainstream adoption. In a roundtable discussion at the Wanxiang Blockchain Conference, CertiK CTO Li Kang, SlowMist Vice President Sun Xi, Mankiw LLP founder Liu Honglin, and moderator Bi Tongtong, co-founder of PANONY & PANews , engaged in an in-depth discussion on "Building a Secure Web3 Payment Future." Topics covered security risks, regulatory uncertainty, the balance between decentralization and compliance, and entrepreneurial and personal security practices.

Dual challenges: underlying security risks and compliance concerns

What are the biggest challenges facing Web3 payments? Experts agree that security and compliance are two major challenges that must be overcome .

Sun Xi, Vice President of SlowMist, summarized the current situation as "security issues at the bottom and compliance issues at the top." From a security perspective, the main risks include:

  • First, users’ private keys are poorly managed. In the Web3 world, “users are their own banks,” but most people lack sufficient security awareness, leading to leaks of mnemonics or private keys, frequent wallet thefts, and extremely low asset recovery success rates.

  • Secondly, smart contract vulnerabilities are frequently discovered. Emerging payment scenarios such as cross-chain bridges and DeFi protocols have become a key target for attackers. Once exploited, these vulnerabilities often result in huge losses.

  • Third, there are risks posed by the anonymity of funds on the chain. Although blockchain ledgers are open and transparent, the anonymity of addresses facilitates the flow of illegal funds.

On the compliance front, regulatory uncertainty is also weighing on the industry. Different countries and regions have markedly different attitudes toward crypto payments—some actively embrace innovation, others strictly prohibit it, and still others remain on the sidelines. This dynamic environment of "compliant today, crossing red lines tomorrow" makes it difficult for projects to define their own boundaries.

CertiK CTO Li Kang agreed with this and further elaborated on the root causes of regulatory uncertainty from a technical perspective. He pointed out that this uncertainty stems not only from policy changes but also from the complexity of blockchain itself. The difficulty of tracking on-chain fund flows often leads to regulatory misinterpretations and triggers market panic. Furthermore, the cross-regional nature of blockchain means that policy changes in one region can have a ripple effect on globally operating payment companies.

The entry of “regular forces”: industry evolution and new risks

Despite numerous challenges, the enormous potential of Web3 payments is attracting more and more "regular forces" to enter the market. Liu Honglin, founder of Mankiw LLP, observes that the industry is undergoing a significant transformation.

He noted that early crypto payment projects—especially those directly targeting consumer users—were often "very sloppy" in terms of operating qualifications and compliance. However, as Hong Kong and other regions gradually clarified their stablecoin regulatory frameworks, a growing number of leading domestic cross-border payment companies began to enter the market. These new entrants adopted a compliance approach from the outset, demonstrating a professionalism far exceeding that of earlier startup teams in terms of license applications, deployment of on-chain anti-money laundering (AML) tools, and building security systems.

However, new risks have also emerged. On-chain asset freezing is becoming an increasingly serious issue. For example, major stablecoin issuers can freeze assets in specific addresses based on regulatory requirements, and regulators can also request the freezing of on-chain funds through correspondence. This poses a potential threat to institutions holding large amounts of assets. Liu Honglin believes that the resonance between pain points and needs will inevitably create new opportunities, and the Web3 payment sector will usher in enormous commercial potential and value in the next one to three years.

Decentralization and Compliance: Not a Dilemma

When stablecoins have built-in compliance features like blacklists and whitelists, does this deviate from the "spirit of crypto"? Regarding this long-standing debate, experts generally believe that decentralization and compliance are not mutually exclusive, but can be made compatible through technical means.

Sun Xi pointed out that compliance is a matter of rules, while decentralization is a matter of structure. Future Web3 systems should leverage technology to support compliance without compromising user autonomy. For example, regulatory requirements could be embedded directly into the code at the early stages of a project, creating "compliant code" to reduce manual intervention later while preserving the spirit of decentralization. He believes that if this model matures, the focus of future discussions will shift from "whether compliance is necessary" to "how to achieve intelligent compliance."

Li Kang also believes that no decentralized system, including DEXs, can completely circumvent regulatory requirements. While stablecoin blacklisting mechanisms may result in fund freezes, their primary purpose is to prevent illegal activities such as money laundering. The ultimate goal of regulation is to protect users and the market, so the key lies in designing reasonable mechanisms that prevent abuse. The industry should maintain an open dialogue with regulators to find a balance.

Liu Honglin further emphasized, "Decentralization is not the ultimate goal, but a means to an end." In real-world scenarios, users' first reaction to cryptocurrency theft or disputes is still to call the police. He pointed out that regulation doesn't equate to centralization and can also be undertaken by international third-party organizations. To promote blockchain industry adoption and compliance, it's also necessary to lower the user experience barrier. For example, by introducing blacklist and whitelist mechanisms, risk warning systems, and asset risk emergency response mechanisms, users can quickly contact regulators or service providers when issues arise. These measures will help the industry develop more securely.

Practical advice for practitioners and users

Regarding how entrepreneurial teams should layout the payment track, the three guests unanimously agreed that security and compliance must go hand in hand and be embedded in the early stages of system design.

Sun Xi suggested:

  • The wallet system should support multi-signature or MPC mechanism;

  • Deploy a real-time on-chain monitoring and early warning system;

  • Establish an emergency response mechanism to ensure rapid intervention and handling in the event of attacks or abnormal transactions;

In terms of compliance, with the strengthening of global regulatory policies, Know Your Customer (KYC) and Know Your Transaction (KYT) have become essential requirements for projects, rather than optional features. Furthermore, integrating on-chain transaction monitoring systems, such as StraitsX, ensures the legality of transactions and prevents the transfer of fraudulent funds. Sun Xi emphasized that these measures are not only intended to meet compliance requirements, but also to protect the security of users and customer assets.

Li Kang's advice is more direct: "Make more friends who are safe and law-abiding."

Liu Honglin added that while blockchain technology transcends national boundaries, compliance still depends on regulatory requirements in the user's region. Therefore, from a business perspective, compliance issues require attention to technical and institutional security, while also considering relevant government oversight. He noted that when serving clients, businesses should evaluate the licenses required based on target market demand and adjust strategies based on cost-effectiveness. If certain licenses are currently uneconomical, re-planning may be necessary. Compliance work needs to be prioritized and aligned with the input-output ratio, aligning with market strategy and development stage.

Advice for ordinary users:

  • Awareness is the best defense : CertiK CTO Li Kang pointed out that individual users should clearly define their purpose when engaging in on-chain activities. If solely for investment, they can choose channels like exchanges or ETFs, rather than directly holding assets. For those seeking deeper exploration, they are recommended to read open-source security resources such as "The Dark Forest Survival Manual" to understand potential risks. Furthermore, users are advised to establish a network of security professionals and engage with security experts and law firms to enhance their on-chain security awareness and capabilities.

  • Protect your private keys and safeguard your assets : Sun Xi, Vice President of SlowMist, recommends that newcomers get a feel for the trading environment by purchasing a small amount of crypto assets. He specifically reminds users: First, properly keep your private keys, as private keys represent your assets; second, be wary of fake wallet or exchange download links recommended by some domestic search engines to avoid phishing and Trojan attacks; third, avoid following the hype, be rational about investments, and protect your assets.

  • Pay attention to fiat currency account security : Liu Honglin, founder of Mankiw LLP, reminds users to pay attention to fund security. When liquidating crypto assets through consumer-to-consumer (C2C) methods, personal bank accounts may be frozen, so caution is advised. He recommends that newcomers first join Web3 companies, particularly those in the legal compliance or business services sectors, to gain experience and enter the industry with lower risk.

Experts have a clear stance on traditional payment companies still waiting to enter the market . Li Kang believes that payments based on virtual currencies and tokenized assets are already a market reality, and "the question is not whether to participate, but when."

Liu Honglin added that encrypted payment is an irreversible trend in the future, and companies should act decisively after determining the direction without excessive hesitation.

Sun Xi proposed three key criteria for determining success: whether the business scenario supports Web3 adoption, whether user assets are protected by regulatory compliance, and whether risk management and regulatory issues can be addressed promptly. Only by preparing for these three key areas can companies successfully enter and establish themselves in the next-generation payment system.

Share to:

Author: Yuliya

This article represents the views of PANews columnist and does not represent PANews' position or legal liability.

The article and opinions do not constitute investment advice

Image source: Yuliya. Please contact the author for removal if there is infringement.

lawWeb3PaymentpolicySafety
Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANewsCN
Recommended Reading
PA一线PA一线42 minute ago
Web3 community verification platform Me3 completes $3 million in financing, with participation from Outlier Ventures and others
链上观链上观1 hour ago
Written on the eve of the x402 narrative explosion: PING is just an appetizer, the bigger hype is yet to come
PA一线PA一线2 hour ago
Central Bank: Improve the adaptability of financial services to the real economy and steadily advance the development and application of digital RMB
比推BitPush比推BitPush2 hour ago
CZ's pardon is more than just a presidential decree
Web3小律Web3小律6 hour ago
Beyond stablecoin payments, Visa quietly opens the gate to on-chain lending
PA一线PA一线6 hour ago
Research: AI browsers pose a systemic risk of "indirect prompt injection"

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

Pioneer's View: Crypto Celebrity Interviews

Pioneer's View: Crypto Celebrity Interviews

Exclusive interviews with crypto celebrities, sharing unique observations and insights

PAData: Web3 in Data

PAData: Web3 in Data

Data analysis and visual communication of industry hot spots help users understand the meaning and opportunities behind each data.

A complete review of the 1011 encryption storm

A complete review of the 1011 encryption storm

An in-depth review of the epic liquidation events of October 11: from the Trump tariff black swan event to high-leverage margin calls, stablecoin depegging, and market maker liquidity depletion.

AI Agent: The Journey to Web3 Intelligence

AI Agent: The Journey to Web3 Intelligence

The AI Agen innovation wave is sweeping the world. How will it take root in Web3? Let’s embark on this intelligent journey together

Memecoin Supercycle: The hype around attention tokenization

Memecoin Supercycle: The hype around attention tokenization

From joke culture to the trillion-dollar race, Memecoin has become an integral part of the crypto market. In this Memecoin super cycle, how can we seize the opportunity?

Real-time tracking of Bybit attack

Real-time tracking of Bybit attack

Bybit suffered a security incident, and funds worth $1.44 billion were withdrawn. A North Korean hacker group was accused of being the perpetrator.

App内阅读