Why web3 companies get hacked so often, according to crypto VC Grace Isford • TechCrunch
On the Chain Reaction podcast this week, Lux Capital’s newest investor, Grace Isford, joined us to talk about the opaque but crucial world of web3 infrastructure. At Lux, Isford invests in the companies working behind the scenes to ensure crypto exchanges are secure and reliable enough to avoid being hacked.
Before joining Lux in February, Isford was an investor at Canvas Ventures focused on enterprise software and fintech. A data infrastructure investment she worked on at Canvas revealed to her the opportunity in the web3 space for companies to “share data immutably at scale,” and motivated her pivot to crypto, she said.
“That led me down the rabbit hole and then I ended up investing myself,” Isford said. “I started yield farming, which coincided with my move to New York, where many of my friends are also in the crypto and VC ecosystem.”
Isford says her investment approach in web3 is rooted in what she calls her “circle of competence,” or the area where she can be competitive compared to others in the area.
“NFT investing is quite different from DeFi investing, which is quite different from investing in crypto data infrastructure, and I would argue that any person who says they’re investing in web tree shouldn’t invest in all of that – they should probably pick their sweet spot in their core competencies,” Isford said.
Isford’s own “circle of expertise”, based on her past experience, is in enterprise and fintech infrastructure, so we asked her what she thinks some of the biggest challenges are for web3 infrastructure providers.
Compared to Web 2.0, Isford said, web3 lacks enterprise-level security solutions. Alchemy and Infura are the only two major node service providers in the industry, meaning that most crypto relies on two infrastructure providers to manage their data.
“There seems to be a new security hack reported every week [in web3]”, Isford said, citing the recent Metamask and Ethereum dApp breach stemming from Infura and February’s Wormhole bridge hack.
While a number of startups are working on developing security solutions, Isford said, the technology is “still pretty nascent” when it comes to developer tools, data infrastructure monitoring and storage.
Another major challenge is dealing with fraud and downside risk, Isford added.
“I think [that issue] really keeping a lot of people out of the crypto world right now [because they’re] afraid of losing all their money if they venture too deep into crypto,” Isford said.
Isford is optimistic that through the massive influx of investment into web3 startups over the past year, companies will be able to build more reliable solutions.
“I think TRM Labs, Chainalysis and several other companies in this space have 10x the potential in terms of compliance and monitoring because you just don’t have it at scale yet the way we’ve created these sophisticated AML systems on the financial infrastructure side of web2 world,” Isford said, referring to traditional financial institutions’ anti-money laundering technology.
Better fraud and risk management systems are a precursor to more institutional money flowing into crypto, Isford said. As companies like Fidelity, Goldman Sachs and JP Morgan continue to make strides into crypto, the market will mature, she added.
“I think one of the biggest opportunities in crypto right now is continued security, if you can build more reliable smart contracts at scale … but you can’t have a reliable system if it’s not secure, right? And you can “You can’t run a system securely if you don’t know who’s inside that system, so I think security is probably one of the most important pieces from a prioritization standpoint,” Isford said.