What Is the Biggest Threat to Crypto and Web3?

I recently had the pleasure of presenting at a crypto conference in Japan.

It was at the WebX 2025, where I was on a panel discussing the potential threat facing Web3 as a result of infrastructure limitations. 

What was interesting to me is how many of us — myself included — just "expect" things to work without considering what layers are at play to help make it work.

When people think about the blockchain, most assume it’s just on a computer somewhere. Rarely, if ever, do they stop to consider the various layers involved to make it all happen.

More importantly, they fail to consider the various risks that need to be managed at each layer.

Here's what I learned about the biggest threat to crypto while presenting at WebX.

The Jump From Web2 to Web3

I started my discussion by asking the audience a question: who here knows the difference between Web2 and Web3? 

I expected many would suggest they understand. Of that portion, I suspected many would be bluffing. It was a fun question, but I wanted to know who really knew the difference.

My explanation, albeit simplistic, struck accord. The difference, I pointed out, is about data and who owns it.

In Web2, corporations control and profit from user data, while Web3 was designed to give individuals control through decentralization and self-custody of their own data.

But, coming back to my earlier comment, here's the thing: we just expect it all to work.

Most people, unfortunately, don’t even care much about self-custody.

We just want to switch on our phones or computers, connect our browser to our wallets and or Dapps, and expect things to just happen.

It’s a little like jumping into our automobiles and expecting them to work once we turn on the ignition! 

But the devil is in the details, and for each layer of infrastructure involved in a transaction, you're taking on risk.

Let's break it down, layer by layer.

Centralization Risks At Every Layer

One of the key risks to the crypto movement is widespread centralization.

When the systems we use to interact with crypto are wholly centralized, companies and bad actors have the power to control just about everything we do.

They can blacklist us from financial services, fail to safeguard our funds, conduct widespread surveillance, and — in some cases — even seize our crypto all together.

This risk isn't just present with our wallets, which are our way to connect to the blockchain. Because here's the thing: they aren’t directly connected!

Wallets need to be served up data that comes from a blockchain and mostly served up by various nodes that help provide access to data — mostly RPCs.

But what on Earth is an RPC or a node? And what does any of this look like behind the scenes?

I'll show you.

The Access Layer

Most users and Dapps don’t run their own node. Instead, they connect via Remote Procedure Call (RPC) providers like Infura or Alchemy. This represents a level of risk because of centralisation. 

If Infura blocks access to sanctioned addresses or goes offline (as we saw in 2020), wallets like MetaMask stop working.

In November 2020, Infura went down due to a bug in an Ethereum client. Major exchanges like Binance and Coinbase paused withdrawals because their own infrastructure relied on Infura for state queries. The blockchain was fine, but access was restricted during this period of time.

Users also rely on their chosen RPC’s interpretation of the chain. If the provider filters or delays certain transactions, the user may never even see them.

Incidentally, this is considered the most centralized layer. It doesn’t stop a chain, but it can leave it open for bad actors to manipulate transactions.

The Wallet Layer

MetaMask, owned by ConsenSys, is the default interface for millions. It routes most RPC traffic through Infura by default.

And while MetaMask is a non-custodial and decentralized wallet, even just the fact that it has so much market dominance could lead to potential issues.

That's because billions of blockchain calls flow through a single company’s servers, creating surveillance and metadata aggregation risk. 

In theory, ConsenSys could at some point choose to selectively broadcast transactions. Even if they themselves don't choose to do this, governments could theoretically pressure them to.

The key implication here isn't that MetaMask itself is a threat, but rather that even “trustless” Ethereum wallets still relies on a trusted intermediary to some degree.

The Indexing & Query Layer

Blockchains are terrible databases for querying: you can’t just “search all ERC-20 transfers” without specialized infrastructure.

Companies like The Graph, Dune Analytics, and centralized providers like Alchemy provide indexing APIs.

The risks again are about level of centralization.

If most Dapps query the same indexer, that service can manipulate what is visible (e.g., hiding trades, altering volumes). Whoever controls indexing effectively controls discoverability and analytics of the available data.

The Hosting & Delivery Layer

Most "decentralized” apps like Uniswap frontends and NFT marketplaces are hosted on Amazon Web Services (AWS) or Cloudflare.

Here, we see another layer of risks. Because what happens if regulators or big three-letter agencies request the likes of AWS/Cloudflare to shut down a site or deny service.

Further still, most Web3 apps are often effectively just a website, making them vulnerable to DNS manipulation.

We saw this play out with the Curve Finance DNS hack in 2022, which tricked users into connecting wallets to a malicious site.

Some teams use IPFS or Arweave for decentralized hosting, but front-ends often still rely on AWS or Cloudflare for speed. So the risk remains.

But most people don't even stop to think about this.

The Oracle Layer

Another layer of risk is confirmation of data, whether on-chain or off-chain using oracle services like Chainlink.

Chainlink is purported to be decentralized, but the number of nodes reporting have had questions raised about how decentralized they really are.

If a small group of Chainlink nodes signs off on prices, this collusion could cause significant consequences for users of Dapps that rely on Chainlink to access up-to-date information.

Further still, when an oracle goes down, the entire lending market (e.g., Aave and Compound) may halt.

The Stablecoin Layer

A layer not often discussed, but equally threatening, is the stable coin layer. Whilst technically not infrastructure, stablecoins are currently used as a main bridge into traditional finance.

USDT (Tether) and USDC (Circle) back much of DeFi.

The main risks here is the potential for backlisting or banning by the regulators freezing individual addresses. In August 2022, Circle froze USDC in Tornado Cash-related wallets after OFAC sanctions.

DeFi protocols built on top of USDC/USDT are only as decentralized as those issuers.

Making Web3 Safer

So if each layer of a transaction is rife with issues, how do we overcome these challenges?

Well, some approaches to address systemic risk include the introduction of Decentralized Physical Infrastructure Networks. We see this with projects like Helium or Acurast distribute RPCs and data storage among community-run nodes.

Another potential solution is decentralized Indexing, where The Graph and similar networks incentivize distributed data indexers.

When it comes to hosting challenges, the rise of IPFS + Arweave decentralized hosting providers could be a great solution, provided their gateways don’t rely on Cloudflare.

When it comes to stablecoin risks, on-chain minted, crypto-collateralized stables (e.g., DAI, USDL). Liquid Loans, for instance, provides a decentralized community-owned and backed stablecoin called USDL that provides a great alternative to the centralized versions.

And finally, for oracles, a key solution to prevent having a single-point of failure is to use multiple oracle feeds to minimize capture risk. On PulseChain, Liquid Loans has launched Fetch Oracle, which is a truly decentralized oracle designed to assist in this aim.

When it comes to building a safer Web3 world, there are many paths forward. Fundamentally, however, it's a tug of war between centralisation and decentralisation.

The stablecoin dilemma is a concern because, as we look to extract value, it will mean many will move to use these stables as their bridge out to traditional financial systems. USDL does provide a great alternative, but until we are able to make payments to merchants directly on-chain at more meaningful levels across the wider crypto ecosystem, traditional finance will retain its chokehold regardless of how decentralized infrastructure becomes.