If blockchain gaming wants AAA status, then it needs AAA security

We can earn our place alongside gaming’s giants only by embracing both security and decentralization

OPINION
by Leo Li /
article-image

Midjourney modified by Blockworks

share

Blockchain gaming is coming for the console crown. Forget Xbox and PlayStation, Web3 is creating premier titles, curating ecosystems and wielding distribution and decision-making power. Better yet, gaming sidechains and communities — from Ronin to Avalanche — go one step further to offer much-needed stickiness in asset ownership, personalized identities and vibrant economies. 

This level of integration and cohesion is unparalleled in traditional gaming, setting the stage for more immersive experiences and new earning opportunities. But there’s a problem. 

Recent hacks highlight blockchain gaming’s growing pains, casting an urgent focus on the need for robust user protection and asset security standards before the sector goes mainstream. This vulnerability stems from several factors like smaller teams moving quickly, relatively nascent technology and increased incentives for hackers during blockchain gaming’s bull run. 

Let’s explore why, if blockchain gaming wants AAA status, then it needs AAA security.

Crossing the reputation divide

Newsletter

Subscribe to Blockworks Daily

Hacking attempts, account theft, scams and unauthorized transactions are becoming uncomfortably common in the sector, and Web3 gamers don’t always have the kinds of customer protections that apply to traditional banking and payment systems.

The Gala Games hack serves as a stark example. On May 20, the project “messed up” its internal controls, allowing a hacker to mint five billion of the native token worth more than $200M. While the project identified the hack within an hour and the attacker “only” managed to sell about $20 million before being stopped, the incident tanked GALA’s price by 20%. These are the types of security lapses and user impacts that traditional console makers simply can’t afford.

Additionally, Web3 gaming users need better protections. Ecosystems collect large amounts of data on players, including behavioral details such as financial data, purchasing history and spending thresholds. While this data provides valuable insights for growth, it also introduces significant privacy risks without robust guardrails. Such financial and privacy shortcomings simply aren’t good enough for an industry positioning itself as the future of gaming, something recently echoed by The Consumer Financial Protection Bureau.

Lessons for Web3 from traditional gaming

Here, funnily enough, the Web3 sector can learn from traditional gaming, which counts regulatory and shareholder pressure to uphold certain security standards. Xbox, for example, regularly updates its data collection policy and offers clear channels for reporting impersonation, phishing, theft and more. Assurances like this would go a long way to enhancing trust in this burgeoning sector.

Web3 gaming must make similar trust-building commitments to fulfill its transformative potential. Of course, some will push back, citing concerns about reduced agility, increased development costs, or potential limitations on innovation. But, we shouldn’t have to sacrifice user security for rapid growth. I believe there’s a healthy middle ground to be found – one that balances innovation and security, and recognizes that user trust and asset protection are not just checkboxes but fundamental pillars of a sustainable gaming ecosystem.

Read more from our opinion section: Gaming needs tokenization

One way we can get there is by offering reliable asset recovery processes, especially when serious money is on the line. Another is for projects to best protect themselves and their users by safeguarding private keys, implementing trusted execution environments, and training internal teams on the dangers of phishing, social engineering, and malware.

Another approach is to embrace protocols that prioritize user privacy and comply with regulations while still enabling effective targeting, attribution, and understanding. For example, NFT standards like ERC-7231 let players link multiple gamertags to a single profile, creating an “identity of identities” that helps them share their journey across the metaverse. The best part? Such protocols give users complete ownership and encryption of their data on the blockchain. This way, information is securely stored and only accessible in a manner that respects privacy and follows the rules — a win-win for personalized experiences and data protection.

Work with users, for users

Blockchain gaming must shed its aversion to industry-standard regulations if it hopes to compete with the big leagues. Many crypto projects have long prided themselves on operating outside traditional frameworks, but this stance is becoming increasingly untenable. To truly rival established game developers, our sector needs to adopt best practices and learn from market leaders — all while preserving the core principles of decentralization. 

This balance is achievable through innovations like distributed node networks and privacy-preserving technologies such as zero-knowledge proofs. By embracing both security and decentralization, we can bridge the credibility gap and earn our place alongside gaming’s giants.

Indeed, there’s still good reason to be bullish on blockchain gaming and its ability to achieve what traditional web2 gaming cannot — cross-game asset transfer, loyalty through ownership and consistent identity. These are powerful lures for an industry where mobile revenues are slipping and user acquisition costs are heading in the other direction. Traditional gaming is eyeing Web3’s strengths — from accessing loyal, big-spending audiences to seamlessly guiding players through immersive gameplay via incentives and tokens — but remains wary of its security weaknesses.

To truly harness this potential and earn mainstream respect, blockchain gaming must achieve security on par with AAA standards. Only then can the sector deliver on its revolutionary promise, one game at a time.

Leo Li is the Chief Growth Officer of CARV, spearheading operations, strategy, and outreach across departments. At CARV, a modular data layer built for gaming and AI, Leo oversees more than 700 onboarded games and 2.5 million users. His leadership ensures the seamless integration and utilization of CARV’s suite of tools for user acquisition, onboarding, and management. Before joining CARV, Leo held key roles as a publishing producer and operations manager at Electronic Arts, Garena, and Tencent. His extensive background includes the global publishing of popular titles including FIFA Online, Apex Legends Mobile, Arena of Valor and more.

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Permissionless IV Hackathon

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

learn more

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research Report Templates.png

Research

Hyperliquid: Not Done

Despite ending its points program, Hyperliquid has maintained a dominant market position with 77% of perpetuals DEX volumes, though overall volume has decreased from early 2025. It is the only DEX that has been able to compete with CEX volumes. Hyperliquid's success stems primarily from rapid, relevant token listings and superior UX for users and market makers, particularly its API - which is how market makers interact with the protocol. The controversial oracle price override during the JELLY incident exposed risks in the Hyperliquid Liquidity Pool (HLP), though the team has since implemented risk management adjustments. The HyperEVM is currently underoptimized and lacks necessary precompiles, but represents an important strategic expansion to enable asset issuance and DeFi composability.

by Boccaccio

/

news

article-image

Business

Exclusive: Securitize acquires MG Stover’s Fund Administration business

Securitize announced it acquired a crypto-focused fund administration firm

by Katherine Ross /
article-image

0xResearch NewsletterDeFi

What would it take for ETH to succeed?

ETH’s success hinges on the resource of data availability, particularly how much it sells to L2s

by Donovan Choy /
article-image

BusinessThe Drop

Exclusive: Solayer launches crypto rewards Visa debit card

Solayer’s Emerald Card integrates SolanaID so users can build their “onchain reputation.”

by Kate Irwin /
article-image

DeFiSupply Shock

Crypto Singularity: How Bitcoin redefined value at $1

In 2011, bitcoin blew past the one-dollar event horizon and never looked back

by David Canellis /
article-image

Sponsored

WalletConnect unlocks transferability of WCT token, marking a major step in its decentralization journey

Transferability of WCT brings the onchain economy closer to a more open, permissionless, and community-driven experience

article-image

Empire NewsletterMarkets

USDC’s ‘fueling’ stablecoin market cap rise: Wintermute

Taking a look at the biggest stablecoin players and where they stand

by Katherine Ross /