If blockchain gaming wants AAA status, then it needs AAA security

We can earn our place alongside gaming’s giants only by embracing both security and decentralization

by Leo Li /

Midjourney modified by Blockworks


Blockchain gaming is coming for the console crown. Forget Xbox and PlayStation, Web3 is creating premier titles, curating ecosystems and wielding distribution and decision-making power. Better yet, gaming sidechains and communities — from Ronin to Avalanche — go one step further to offer much-needed stickiness in asset ownership, personalized identities and vibrant economies. 

This level of integration and cohesion is unparalleled in traditional gaming, setting the stage for more immersive experiences and new earning opportunities. But there’s a problem. 

Recent hacks highlight blockchain gaming’s growing pains, casting an urgent focus on the need for robust user protection and asset security standards before the sector goes mainstream. This vulnerability stems from several factors like smaller teams moving quickly, relatively nascent technology and increased incentives for hackers during blockchain gaming’s bull run. 

Let’s explore why, if blockchain gaming wants AAA status, then it needs AAA security.

Crossing the reputation divide

Hacking attempts, account theft, scams and unauthorized transactions are becoming uncomfortably common in the sector, and Web3 gamers don’t always have the kinds of customer protections that apply to traditional banking and payment systems.

The Gala Games hack serves as a stark example. On May 20, the project “messed up” its internal controls, allowing a hacker to mint five billion of the native token worth more than $200M. While the project identified the hack within an hour and the attacker “only” managed to sell about $20 million before being stopped, the incident tanked GALA’s price by 20%. These are the types of security lapses and user impacts that traditional console makers simply can’t afford.

Additionally, Web3 gaming users need better protections. Ecosystems collect large amounts of data on players, including behavioral details such as financial data, purchasing history and spending thresholds. While this data provides valuable insights for growth, it also introduces significant privacy risks without robust guardrails. Such financial and privacy shortcomings simply aren’t good enough for an industry positioning itself as the future of gaming, something recently echoed by The Consumer Financial Protection Bureau.

Lessons for Web3 from traditional gaming

Here, funnily enough, the Web3 sector can learn from traditional gaming, which counts regulatory and shareholder pressure to uphold certain security standards. Xbox, for example, regularly updates its data collection policy and offers clear channels for reporting impersonation, phishing, theft and more. Assurances like this would go a long way to enhancing trust in this burgeoning sector.

Web3 gaming must make similar trust-building commitments to fulfill its transformative potential. Of course, some will push back, citing concerns about reduced agility, increased development costs, or potential limitations on innovation. But, we shouldn’t have to sacrifice user security for rapid growth. I believe there’s a healthy middle ground to be found – one that balances innovation and security, and recognizes that user trust and asset protection are not just checkboxes but fundamental pillars of a sustainable gaming ecosystem.

Read more from our opinion section: Gaming needs tokenization

One way we can get there is by offering reliable asset recovery processes, especially when serious money is on the line. Another is for projects to best protect themselves and their users by safeguarding private keys, implementing trusted execution environments, and training internal teams on the dangers of phishing, social engineering, and malware.

Another approach is to embrace protocols that prioritize user privacy and comply with regulations while still enabling effective targeting, attribution, and understanding. For example, NFT standards like ERC-7231 let players link multiple gamertags to a single profile, creating an “identity of identities” that helps them share their journey across the metaverse. The best part? Such protocols give users complete ownership and encryption of their data on the blockchain. This way, information is securely stored and only accessible in a manner that respects privacy and follows the rules — a win-win for personalized experiences and data protection.

Work with users, for users

Blockchain gaming must shed its aversion to industry-standard regulations if it hopes to compete with the big leagues. Many crypto projects have long prided themselves on operating outside traditional frameworks, but this stance is becoming increasingly untenable. To truly rival established game developers, our sector needs to adopt best practices and learn from market leaders — all while preserving the core principles of decentralization. 

This balance is achievable through innovations like distributed node networks and privacy-preserving technologies such as zero-knowledge proofs. By embracing both security and decentralization, we can bridge the credibility gap and earn our place alongside gaming’s giants.

Indeed, there’s still good reason to be bullish on blockchain gaming and its ability to achieve what traditional web2 gaming cannot — cross-game asset transfer, loyalty through ownership and consistent identity. These are powerful lures for an industry where mobile revenues are slipping and user acquisition costs are heading in the other direction. Traditional gaming is eyeing Web3’s strengths — from accessing loyal, big-spending audiences to seamlessly guiding players through immersive gameplay via incentives and tokens — but remains wary of its security weaknesses.

To truly harness this potential and earn mainstream respect, blockchain gaming must achieve security on par with AAA standards. Only then can the sector deliver on its revolutionary promise, one game at a time.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research



Aerodrome is a "MetaDEX" that combines elements of various DEX primitives such as Uniswap V2 and V3, Curve, Convex, and Votium. Since its launch on Base, it has become the largest protocol by TVL with more than $495M in value locked, doubling Uniswap's Base deployment.


And a look into the newest name on the Trump ticket: Sen. JD Vance


Plus, Imran Khan’s intriguing experiment on the speeds of crypto onramps


The SEC has signaled a timeline to issuers that could lead to a July 23 launch for the ETH funds, people close to the process told Blockworks


PayPal has unequivocally made a name for itself as a crypto adopter among fintech giants


Also, a look into how the highly-debated SAB 121 could end up shaking out for crypto custodians


Vance, an Ohio Republican, is largely seen as crypto-friendly