Right now, my X feed is full of people who are giving up on Web3 gaming. I get it. Over $12 billion of venture capital funding has gone into it since 2020 and they haven’t seen the sort of breakout success that many expected. Even the best games haven’t reached anything close to mainstream scale. Token prices are down. Studios are shutting down. And everyone is exhausted.

But measuring Web3 gaming by token prices alone is like calling the internet a failure because of the dot-com crash — it ignores how far the technology has come and where it’s headed. It’s missing the real story.

At its core, Web3 gaming is about giving players real ownership — not just of the in-game items that they buy and earn, but also their identities and achievements. In traditional games, players invest time, effort and money into digital assets that ultimately belong to the publisher. Web3 changes that. By putting assets on-chain, players can truly own what they earn—whether that’s tradable items like weapons or land, or non-transferable badges of reputation, guild history, or verifiable skill. It’s not just about buying and selling stuff — it’s about agency, persistence, and getting proper recognition for what you’ve built and what is really yours in the ecosystem.

The concept isn’t new. Players have wanted more control over their in-game assets for years. Look at the massive markets for CS:GO skins or World of Warcraft gold. But until now, those economies have been fragmented, restricted, or at risk of being shut down if a centralized publisher decides to shut it down or change the rules. Web3 makes these economies open, interoperable, player-owned and player-driven.

Ownership has always been the foundation of Web3 gaming, and play-to-earn was an experimental model that showed the potential for open and permissionless virtual economies on blockchain. Now, the industry is evolving with a stronger focus on sustainable economies and better tokenomics, deeper gameplay, and long-term player engagement.

But if you’re comparing Web3 gaming to Web2 gaming, you’ll be disappointed. Traditional gaming has had decades to fine-tune game design, build massive player bases, and develop business models that work, while Web3 gaming is still in its experimental phase. Sure, billions of dollars of investment can speed things up, but throwing money at a brand new category doesn’t magically buy it a track record or instantly create new games that people love.

I’ve been making games for over 20 years and I have seen every major shift get dismissed before it took over. Nobody believed mobile gaming could compete with PCs or consoles until it became bigger than both. Free-to-play was called a scam until it made more money and reached more players than ever before. Esports was a joke until stadiums sold out and prize pools hit millions. Digital skins were “worthless” before they became a multi-billion dollar market.

And now, Web3 gaming is at that same inflection point.

When I first heard about blockchain in 2018, everyone I knew in FinTech was talking about it. So of course I thought it was boring and I ignored it. It wasn’t until I learned about CryptoKitties that I actually took notice. When I saw people collecting, trading and actually owning these cute on-chain cats, that’s when I got excited because I knew they weren’t like other in-game assets. CryptoKitties were digital things that no one could take away from you. As someone who’s spent their life grinding in games, and their career convincing others to grind the same — without really getting anything for it — that idea of digital ownership gave me a whole new way to think.

So I went all-in on blockchain games. But 2018 and 2019 were really tough times. Pretty much no one else cared back then. There was no support, no real funding, no clear idea of what these games could be beyond speculation, and (outside of a handful of believers) there was very little conviction. The market was in a deep bear cycle, and many teams either gave up or ran out of money before they could launch. Still, some of us kept building. We stayed lean, experimented, and learned everything the hard way. It feels similarly bad now, but not as bad as it was then. Looking back, I’m so glad we didn’t pack it in when success was just around the corner.

When Axie Infinity broke through in 2021, everything changed. Web3 founders like Jeffrey “Jihoz” Zirlin of Sky Mavis, Yat Siu of Animoca Brands, Sebastien Borget of The Sandbox, and me, went from being called crazy to visionary overnight. Suddenly, we were speaking on the main stage at conferences where we used to watch in the audience. We made news headlines and “Most Influential” lists. Investors who ignored our emails were asking how much they could put in. My email inbox filled up with fundraising decks pitching the next YGG.

Then in 2022, the market crashed, and just as quickly, we went back to being crazy. But that never really bothered me because crazy people are the ones who make big things happen.

Now, everyone’s asking: When is the next big Web3 game? The answer is this: good games take time. And if you look past the red candles to take notice of what exists already today, you’ll see we how much progress we’ve made since our industry was seeded in 2018:

• In 2020, Axie Infinity had fewer than 500 daily players. Today, Ronin — the blockchain it built — has millions of active users, with 17 new games launched, and 134% growth in NFT trading volume in 2024 compared to 2023. It’s also gone permissionless, which means there will be more games, faster development, stronger network effects, and unpredictably big breakthroughs. Some of the biggest innovations in gaming like modding, free-to-play and esports came from unexpected places. By lowering the barrier to entry, a permissionless Ronin invites the kind of experimentation that could lead to the next Axie-scale success.

• Pixels, a farming game on Ronin, hit a peak of 1.3 million daily active users (DAUs) and is holding strong now with around 250,000 DAUs even with its token down 96%. Players are spending more than they cash out, buying land, upgrading assets, and actually putting money back into the game, fueling the economy instead of extracting from it. This is how virtual economies should work, with real demand and strong retention. Most importantly, it is an indication that the play-to-earn model can work if done right.

• Parallel, a trading card game (TCG) on Ethereum, just hosted a world championship in Las Vegas at the HyperX Arena — a venue that has hosted some of the biggest esports competitions from “League of Legends All-Stars” to “Street Fighter V’s Capcom Cup.” This was a prestigious event that saw some of the world’s best TCG players crossover from traditional titles like Hearthstone to become some of the first Web3 esports legends.

These are just a few examples, but they show the kind of traction we’re seeing: better infrastructure, growing communities, more sustainable virtual economies, digital ownership.

Those who FUD Web3 gaming today don’t understand it. They missed CryptoKitties in 2018, Axie in 2020, YGG in 2021, and they’ll miss the next wave too because they’re measuring the wrong metrics. Web3 is growing and innovating faster than any other sector in gaming. It’s not time to quit. It’s time to double down. Let them call us whatever they want: crazy, delusional. Visionary, pioneering. It doesn’t change what we do. We’ve been here before. Stay the path.

The recent security breach for around $1.5 billion at Bybit, the world’s second-largest cryptocurrency exchange by trading volume, sent ripples through the digital asset community. With $20 billion in customer assets under custody, Bybit faced a significant challenge when an attacker exploited security controls during a routine transfer from an offline “cold” wallet to a “warm” wallet used for daily trading.

Initial reports suggest the vulnerability involved a home-grown Web3 implementation using Gnosis Safe — a multi-signature wallet that uses off-chain scaling techniques, contains a centralized upgradable architecture, and a user interface for signing. Malicious code deployed using the upgradable architecture made what looked like a routine transfer actually an altered contract. The incident triggered around 350,000 withdrawal requests as users rushed to secure their funds.

While considerable in absolute terms, this breach — estimated at less than 0.01% of the total cryptocurrency market capitalization — demonstrates how what once would have been an existential crisis has become a manageable operational incident. Bybit’s prompt assurance that all unrecovered funds will be covered through its reserves or partner loans further exemplifies its maturation.

Since the inception of cryptocurrencies, human error — not technical flaws in blockchain protocols — has consistently been the primary vulnerability. Our research examining over a decade of major cryptocurrency breaches shows that human factors have always dominated. In 2024 alone, approximately $2.2 billion was stolen.

What’s striking is that these breaches continue to occur for similar reasons: organizations fail to secure systems because they won’t explicitly acknowledge responsibility for them, or rely on custom-built solutions that preserve the illusion that their requirements are uniquely different from established security frameworks. This pattern of reinventing security approaches rather than adapting proven methodologies perpetuates vulnerabilities.

While blockchain and cryptographic technologies have proven cryptographically robust, the weakest link in security is not the technology but the human element interfacing with it. This pattern has remained remarkably consistent from cryptocurrency’s earliest days to today’s sophisticated institutional environments, and echoes cybersecurity concerns in other — more traditional — domains.

These human errors include mismanagement of private keys, where losing, mishandling, or exposing private keys compromises security. Social engineering attacks remain a major threat as hackers manipulate victims into divulging sensitive data through phishing, impersonation, and deception.

Human-Centric Security Solutions

Purely technical solutions cannot solve what is fundamentally a human problem. While the industry has invested billions in technological security measures, comparatively little has been invested in addressing the human factors that consistently enable breaches.

A barrier to effective security is the reluctance to acknowledge ownership and responsibility for vulnerable systems. Organizations that fail to clearly delineate what they control — or insist their environment is too unique for established security principles to apply — create blind spots that attackers readily exploit.

This reflects what security expert Bruce Schneier has termed a law of security: systems designed in isolation by teams convinced of their uniqueness almost invariably contain critical vulnerabilities that established security practices would have addressed. The cryptocurrency sector has repeatedly fallen into this trap, often rebuilding security frameworks from scratch rather than adapting proven approaches from traditional finance and information security.

A paradigm shift toward human-centric security design is essential. Ironically, while traditional finance evolved from single-factor (password) to multi-factor authentication (MFA), early cryptocurrency simplified security back to single-factor authentication through private keys or seed phrases under the veil of security through encryption alone. This oversimplification was dangerous, leading to the industry’s speedrunning of various vulnerabilities and exploits. Billions of dollars of losses later, we arrive at the more sophisticated security approaches that traditional finance has settled on.

Modern solutions and regulatory technology should acknowledge that human error is inevitable and design systems that remain secure despite these errors rather than assuming perfect human compliance with security protocols. Importantly, the technology does not change fundamental incentives. Implementing it comes with direct costs, and avoiding it risks reputational damage.

Security mechanisms must evolve beyond merely protecting technical systems to anticipating human mistakes and being resilient against common pitfalls. Static credentials, such as passwords and authentication tokens, are insufficient against attackers who exploit predictable human behavior. Security systems should integrate behavioral anomaly detection to flag suspicious activities.

Private keys stored in a single, easily accessible location pose a major security risk. Splitting key storage between offline and online environments mitigates full-key compromise. For instance, storing part of a key on a hardware security module while keeping another part offline enhances security by requiring multiple verifications for full access — reintroducing multi-factor authentication principles to cryptocurrency security.

Actionable Steps for a Human-Centric Security Approach

A comprehensive human-centric security framework must address cryptocurrency vulnerabilities at multiple levels, with coordinated approaches across the ecosystem rather than isolated solutions.

For individual users, hardware wallet solutions remain the best standard. However, many users prefer convenience over security responsibility, so the second-best is for exchanges to implement practices from traditional finance: default (but adjustable) waiting periods for large transfers, tiered account systems with different authorization levels, and context-sensitive security education that activates at critical decision points.

Exchanges and institutions must shift from assuming perfect user compliance to designing systems that anticipate human error. This begins with explicitly acknowledging which components and processes they control and are therefore responsible for securing.

Denial or ambiguity about responsibility boundaries directly undermines security efforts. Once this accountability is established, organizations should implement behavioral analytics to detect anomalous patterns, require multi-party authorization for high-value transfers, and deploy automatic “circuit breakers” that limit potential damage if compromised.

In addition, the complexity of Web3 tools creates large attack surfaces. Simplifying and adopting established security patterns would reduce vulnerabilities without sacrificing functionality.

At the industry level, regulators and leaders can establish standardized human factors requirements in security certifications, but there are tradeoffs between innovation and safety. The Bybit incident exemplifies how the cryptocurrency ecosystem has evolved from its fragile early days to a more resilient financial infrastructure. While security breaches continue — and likely always will — their nature has changed from existential threats that could destroy confidence in cryptocurrency as a concept to operational challenges that require ongoing engineering solutions.

The future of cryptosecurity lies not in pursuing the impossible goal of eliminating all human error but in designing systems that remain secure despite inevitable human mistakes. This requires first acknowledging what aspects of the system fall under an organization’s responsibility rather than maintaining ambiguity that leads to security gaps.

By acknowledging human limitations and building systems that accommodate them, the cryptocurrency ecosystem can continue evolving from speculative curiosity to robust financial infrastructure rather than assuming perfect compliance with security protocols.

The key to effective cryptosecurity in this maturing market lies not in more complex technical solutions but in more thoughtful human-centric design. By prioritizing security architectures that account for behavioral realities and human limitations, we can build a more resilient digital financial ecosystem that continues to function securely when — not if — human errors occur.

A new proposal submitted to the U.S. Securities and Exchange Commission’s (SEC) newly-established Crypto Task Force by a Maximilian Staudinger makes the case for XRP as a “strategic financial asset” for the United States (using some very questionable math and logic).

I’m here to tell you that XRP is not a strategic asset and that the logic in this proposal is dubious at best.

In the proposal, Staudinger states that $5 trillion is locked up in U.S. Nostro accounts (accounts that banks use for cross-border payments). And he claims that if certain regulatory conditions were created — including the SEC classifying XRP as a payment network, the U.S. Department of Justice (DoJ) providing legal clearance for banks to use XRP, and the Federal Reserve mandating that banks use XRP as a liquidity solution — then 30% of this capital ($1.5 trillion) would be freed up for the U.S. government to buy 25 million bitcoin at $60,000 per bitcoin.

So, let’s break down why this makes little sense.

First, Nostro accounts are simply bank accounts that U.S. banks hold in foreign countries. I’m not sure what sort of logic includes these domestic banks turning over the U.S. dollars that XRP would theoretically replace to the Federal government so that these dollars could then be used to acquire bitcoin on behalf of the government.

Second, the proposal doesn’t offer details on how these domestic banks would obtain the XRP that would replace the dollars. It only seems logical that they’d have to purchase the XRP, leading to XRP absorbing this $1.5 trillion, not bitcoin. Even if Ripple, XRP’s issuer, wanted to simply give these banks XRP to use, this still wouldn’t work, as it only holds about $100 billion in XRP — far short of $1.5 trillion.

Third, even if bitcoin’s price were to dip to $60,000, the price would begin increasing immediately as the U.S. government began purchasing the 25 million bitcoin.

Lastly, there’s a hard cap of 21 million bitcoin (and approximately 4 million have been lost), which is a well-known fact in the Bitcoin or crypto space. Therefore, it’s quite silly to suggest that the U.S. government could buy 25 million bitcoin. If the author were even a half-serious person, he might have suggested that the government buy 15 million bitcoin at $100,000 per bitcoin (though the math still wouldn’t work out).

Given how faulty the logic behind this proposal is, it’s difficult to consider XRP a strategic asset. Plus, why would the U.S. government do so when two thirds of the supply is still in the hands of the organization that issued the asset? It doesn’t make much sense.

Bitcoin, on the other hand, is a globally distributed asset that many around the world use as both money and a store of value. Plus, the Bitcoin network is governed by tens of thousands of nodes and is virtually impenetrable, thanks to the approximately 0.4% of the world’s energy that protects it. (The XRP network is governed by 828 nodes and isn’t protected by any amount of energy.) Theses factors make bitcoin a logical reserve asset, which is how the U.S. government now officially classifies it.

So, hopefully, the SEC already understands what I’ve outlined in this piece and doesn’t spend much time even considering Mr. Staudinger’s proposal.

This article is a Take. Opinions expressed are entirely the author’s and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.