Cobo: Crypto Assets need to rely on "institutional-level security + consumer-level experience" to win user trust

Written by: Lily Z.King

The Point Zero Forum 2025 was successfully held in Zurich, Switzerland from May 5–7, organized by the Swiss State Secretariat for International Financial Matters (SIF) and the Monetary Authority of Singapore (MAS), a non-profit organization established by GFTN. The forum brought together over 2,000 central bank governors, regulators, industry leaders, and technology experts from around the world, dedicated to promoting the sustainability, inclusiveness, innovation, and efficiency of the global financial ecosystem.

Cobo COO Lily Z. King was invited to attend the "Zero Point Forum 2025" and participated as a speaker in a roundtable discussion, sharing our front-line observations on the changes expected by crypto users and their impact on the future of crypto security. We also hope to bring these insights to every Cobo user and reader.

Cryptocurrency users are changing, and what they want is different now.

Over the past eight years, Cobo has had the privilege of being at the forefront of the development of the cryptocurrency industry, witnessing the dramatic changes in user demands, technical architecture, and application scenarios. From users to infrastructure, from custody models to security strategies, the entire industry is undergoing a profound restructuring.

After the FTX incident, users have become more professional and more vigilant.

On the institutional side, users' starting point is "control priority." They are more concerned about whether they have a verifiable security framework, such as SOC 2 and ISO 27001 audit certifications, ongoing KYT/AML monitoring, granular approval mechanisms, and the capability for cold wallets or off-chain custody. Their focus is on whether they can meet compliance requirements, protect asset security, and submit audit reports when necessary.

On the retail side, users prioritize "simplicity first." They hope for a convenient experience similar to using modern financial apps: tap, confirm, and done, and they want to easily recover their assets after changing phones. However, their understanding of security has also improved: a clean interface no longer equates to a trustworthy platform, and people are starting to pay attention to reserve proof, fund availability, and instant access to assets.

Regardless of the type of user, they all begin to pursue: verifiable security + real-time asset control.

From single chain to multi-chain, the technological infrastructure is both diversifying and integrating.

From Bitcoin and Ethereum, we have evolved into today's world of multi-layer and multi-chain coexistence, involving bridging, Rollups, and modular blockchains. This trend of fragmentation demands a unified and compatible underlying architecture across ecosystems.

To cope with this complexity, cutting-edge platforms are turning to a modular hosting architecture:

MPC (Multi-Party Computation) is used for decentralized private key control.

Hot / Warm / Cold wallet layered architecture, used to balance liquidity and security.

The smart contract wallet is used to configure on-chain governance and operational rules.

Only institutional-level security, integrated architecture, and verifiable standards can support a Web3 user experience aimed at the general public.

Evolution of the Application Layer: Not just exchanges, but more new scenarios.

Eight years ago, 90% of our clients were exchanges. Today, this proportion has decreased to 50-60%. New users include DeFi protocols, NFT platforms, DAOs, GameFi and SocialFi projects, as well as payment companies, commercial enterprises, and stablecoin issuers.

The security challenges and compliance requirements brought by each scenario are different: CeFi emphasizes compliance and fund security, DeFi focuses more on smart contract risks and user experience, while Web3 enterprises face challenges of multi-chain interoperability and ambiguous compliance boundaries.

A wallet is no longer just a safe; it is the main entry point to Web3.

Unlike in traditional finance where "bank accounts are the end point," in Web3, wallets are the core interaction entry point for users and serve as the passport to enter the on-chain world.

However, it has also become a key point affecting user experience:

Users need to manage their own private keys.

Accept complex operation interface

Taking on the on-chain risks that traditional finance has long shielded.

This is a threshold for individual users and a resource burden for startups and exchanges. Therefore, we need more infrastructure builders to help platforms "do what they do best" without worrying about security and compliance.

Security vs. Simplicity: The Dynamic Balance between Custody and Self-Custody

The ideal security design is to hide complexity, making protection "invisible" and providing options when the user needs them. For example:

Risk control mechanisms are enabled by default, such as trading limits, withdrawal delays, and whitelist features.

Guided education prompts that help users understand risks without overwhelming information.

Users gradually unlock more permissions instead of being exposed to risks from the beginning.

The essence of custody is not handing over the keys, but rather handing over trust and choice.

Promotion of security mechanisms: rely on design rather than persuasion

Security features such as 2FA, withdrawal delays, and transaction limits are often overlooked by users until a certain attack raises awareness. Data shows that only one-third of users have enabled 2FA across all platforms.

An effective way to drive is not persuasion, but default design:

The security features are enabled by default and integrated into the process.

Provide concise explanations when necessary to enhance user understanding.

Reduce user operational burdens with AI technology, such as automatic identification of malicious contracts, real-time phishing alerts, etc.

Advice to regulators: Focus on outcomes, not processes.

Users do not care about your custody model, but rather whether their assets are safe, accessible, and recoverable. AI technology is redefining all of this—from one-click account opening to risk scoring and real-time fraud alerts, future crypto applications will be increasingly simple and user-friendly, much like banking apps. However, AI is also arming attackers, and regulation must evolve in sync with technology.

Therefore, we call for regulation to be "principle-oriented" instead of "static process-oriented," establishing a regulatory logic centered on outcomes to truly protect user asset safety.

"Regulators should lay a solid foundation, but allow secure and adaptable systems to grow freely on it."

The cryptocurrency industry is transitioning from technological exploration to a phase of mass adoption. Only by building infrastructure that combines "institutional-level security + consumer-level experience" can we win users' trust and achieve true global adoption.

Cobo is an active builder and promoter in this transformation.