Why will modular security layers bring changes to Web3 security?

Early in the morning, I saw @GoPlusSecurity was going to build a modular unified user security layer. As a former Crypto security veteran, my unfinished security vision was rekindled. Crypto's most important "security" direction has always been too "service" driven, and it is always in the embarrassing situation of "sloppy response beforehand and helpless slapping thighs afterwards". How to break the situation? Will a modular security unified network be the best solution? Next, let me talk about my opinion:

1. Security issues are always taken seriously after the incident, which is what we often call the "security awareness" problem. The overall cognition cannot be improved by short-term appeals and shouting. It is destined to be stung by hacker attacks and phishing incidents again and again before it can gradually turn into a kind of vigilance.

Moreover, "security incidents" can only decrease as the industry matures, and they will not disappear. Therefore, security as a "service" will always be needed, but it is always a passive need, which is not conducive to security companies to improve their Crypto ecological niche; 2. Modularization has become a normal development path in the Crypto field, whether it is as large as a middleware network, or layer2, or some independently split DA modules, Execution modules, Settlement modules, and then to the expected Security layer module, they are gradually becoming the key modules that constitute the main elements of Crypto. In the future, the consensus layer, settlement layer, execution layer, DA layer, etc. that originally constitute the chain will be independently encapsulated in a modular way, and embedded in the architecture system of each blockchain with high interoperability. The same is true for the security module layer, which will become an additional capability that is necessary or must be plugged and assembled for each chain;

3. As the overall development of the industry tends to mature, pure B-side hacker attacks are becoming less and less, which is directly related to the continuous security protection work of developers across the industry and the industry code progress driven by the DeFi black case forest. However, the reduction of B-side security incidents does not mean that the overall security disaster will disappear. A large number of phishing attacks have become a new round of security disaster areas. Therefore, a security module layer that is oriented to the C-side and can provide users with "unconscious" security protection must bravely take on the mission;

4. Why should we emphasize "unconsciousness"? Because of the advancement of technology and the maturity of the industry, complex problems must be abstracted to the back-end infra layer to solve, and the gap perceived by front-end users will become smaller and smaller. Based on the modular construction of chain security components, it involves the timely blocking of dangerous and suspicious transactions, the path preview before the transaction is on the chain, the front-end Alert warning before signing, the update of off-chain Oracle information such as phishing websites, KYC anti-money laundering compliance supervision, etc.

Simple in theory, but in reality, it is not easy to fully realize the value of the modular security layer because it is compatible with various chains and different consensuses, and it also needs to match simple Wallet, Dex and other protocols in different environments;

5. If security stays at the "service" layer, an inevitable reality is that there are endless plug-ins, various tools, and even developers, ordinary users, Traders, institutional users, etc. must be equipped with different security solutions. As a result, the competition between security companies is in full swing, and ordinary users do not have an intuitive sense of improvement in security levels.

The security industry also needs a unified security module layer to continuously provide security warnings and experience improvements for C-end users, and to be highly compatible with B-end developers and chains, wallets, protocols and other infra. In the long run, the security awareness and security protection work of C-end and B-end can be improved consistently.

In short, security attack and defense will always be a problem in the Cryptopta field, because it is too close to money, and there will always be hacker organizations hiding in the dark and scanning for security weaknesses to attack.

Essentially, hacker attacks and security protection are both cost confrontations. The goal of protection is to increase the cost of hacker attacks. Fragmented security services are like guerrilla warfare, and the construction of a consistent security chain ecosystem and the united front protection of modular security layers are, in my opinion, the optimal solution to achieve the improvement of Crypto security levels.