What do Asia Pacific organizations need to be aware of in a cloud-driven Web3 metaverse powered more and more by AI?
Founded in 2018 and valued at US$2 billion today, CertiK has secured over $360 billion of digital assets and detected around 70,000 vulnerabilities in blockchain code. With a market share of more than 70% all audited Web3 projects, CertiK’s clients include Polygon, Binance Smart Chain, and other Web3 leaders.
Post-Token2049 Singapore – part of the global conference series where decision-makers in the global crypto ecosystem connect – we had the chance to catch up with a thought leader in Web3, blockchain and cybersecurity Ronghui Gu, Co-Founder, CertiK, to discuss the potential opportunities and pitfalls facing Asia Pacific organizations in the increasingly AI-driven metaverse.
What challenges are organizations in Asia Pacific facing in an increasingly cloud- and AI-powered metaverse?
Gu: As organizations in Asia Pacific enter the cloud-driven metaverse, the biggest challenge is managing decentralized data while combating AI-driven cyber threats. For instance, the rise of deepfake avatars in virtual meetings poses a serious risk for identity theft and fraud.
We’re seeing vulnerabilities in cloud environments where improper access control can lead to massive breaches. One example of this is the 2020 Marriott data breach, which exposed data of more than 5 million customers and was its second data breach within two years.
Organizations must secure digital assets and protect personal data in these increasingly immersive environments.
What can be done to encourage Asia Pacific digital economies in enhancing cybersecurity among organizations and communities?
Gu: To elevate cybersecurity, we need open communication between governments and Web3 organizations to develop supportive regulatory frameworks, including those that address Web3’s unique security challenges.
Singapore’s 2018 Cybersecurity Act is a prime example of how appropriate frameworks can ensure that organizations adhere to high standards of security. This act mandates cybersecurity requirements for critical information infrastructure, including incident reporting and risk management measures, which can be applied to any company operating within Web3.
Regular training, incentivizing best practices, and fostering innovation in AI-driven threat detection, are critical steps forward. The key is creating a culture where cybersecurity is as vital as financial health.
How do you see deepfake technology, digital payment fraud, and cryptocurrencies impacting Web3?
Gu: We think deepfake attacks will continue to plague the crypto ecosystem due to its decentralized and often anonymous nature. Fraudsters create convincing but fake videos or audio recordings of notable figures in the space to lure people into scams. We also predict that deep fake attacks will expand their scope beyond videos and audio recordings to more sophisticated areas. For instance, if a wallet relies on facial recognition to secure critical information, it must evaluate the robustness of its solution against AI-driven threats.
Digital payment fraud is rampant in decentralized finance, with billions stolen through vulnerabilities in smart contracts, such as the $600 million stolen in the 2021 Poly Network hack. Additionally, the rapid adoption of cryptocurrencies has made ransomware a growing concern, as hackers use untraceable currencies to demand payment.
What are some other key technology trends you have observed in the region, and how do you see these trends developing in 2025?
Gu: In the APAC region, we’re seeing rapid growth in blockchain adoption, particularly within financial services and supply chain management. Another trend is the increasing integration of AI and machine learning in cybersecurity solutions, which boost organizations’ abilities to predict and prevent potential threats.
As we move into 2025, it is likely that there will be greater focus on decentralized identity management, especially with governments in the region piloting digital ID systems. This is already happening in countries like Indonesia, Singapore (with its Singpass system), and Sri Lanka. This will likely drive further investments in security infrastructure to protect against increasingly sophisticated attacks targeting digital assets.