As part of the research we've performed into the web3 ecosystem, we've established that there are many concerns and problems. This spurred a series of questions we wanted to answer: What are all of the problems? What is fact vs emotion vs opinion? How can we properly understand and consider these issues to make informed decisions about what we are and aren't comfortable engaging in? How can we act ethically and pragmatically in the face of these challenges?
The end result of asking ourselves these questions and answering them is a comprehensive, ethical, pragmatic decision framework for web3 that looks at the good, bad and ugly to drive fact-based engagement and decisions.
We are sharing this framework in the hope we can assist companies and individuals answer similar questions. We have comprehensively identified the issues in the web3 space and also our thoughts on how to apply an ethical, pragmatic approach to address each of them.
We have split up this framework into a set of categories we believe need to be considered:
- Environment and energy
- Criminal activity
- Legals, regulation and support systems
- Diversity, inclusion and accessibility
- User experience
- Security and privacy
- Crypto speculation and pyramid schemes
- Value and technology complexity
- Decentralisation and trust
- Speed and cost
Environment and energy
It's undeniable that a key challenge in this space is the impact from the sheer energy use, including opportunity cost given we are under a global energy shortage. This includes the environmental impact of the carbon produced from that energy use and the impact of the e-waste generated by the amount of computing hardware that is being (ab)used and discarded. And all of this when we are already struggling to reign in carbon emissions and heading towards catastrophic global warming of over 2°C.
The amount of hardware being purchased for crypto related activities has partly contributed to a global chip shortage (particularly GPUs) and hard disk shortage that has had far reaching impacts to many other industries.
For our initial projects we've been using Algorand, which has been designed from the ground up to be a sustainable Blockchain via low energy use and (more than) offsetting the energy that is used.
We (MakerX) are taking a stance of not engaging in any project that uses Bitcoin or Ethereum (at least while it remains Proof-of-Work) despite their popularity, given the significant environmental/energy impact they have.
A common criticism of web3 is that the anonymous and unregulated (more on that below) nature of crypto networks makes it easy for crime to occur. This has lead to many examples of criminal activity including:
- Market manipulation (including wash trading, pump and dumps): #1, #2, #3, #4, #5, #6
- Fraud (including scams, grifting, rug pulls): #1, #2, #3, #4, #5, #6, #7
- Tax avoidance: #1, #2
- Theft: #1, #2, #3, #4, #5, #6, #7, #8, #9
- Money laundering: #1, #2, #3, #4, #5
- Ransomware and rogue state funding and sanction avoidance: #1, #2, #3, #4, #5
In saying that, there are two key aspects to consider here:
Cross-cutting regulatory and government
It's clear that governments around the world are starting to wake up to the fact that there needs to be regulatory support to limit criminal activity and there are already plenty of examples of people facing criminal charges for activities they conducted using crypto technology, which demonstrates that current laws can apply to the web3 world. Law firms are also starting to look into this space.
Interestingly, the fact that Blockchains are transparent and immutable helps to offset the anonymous nature that can be used to hide criminal behaviour since companies like Chainalysis can analyse the data on Blockchains to identify criminal activity and advise governments. This focus means over time, the technology to catch criminals should be better at catching them. It's fair to say though that not everyone agrees this is possible.
Chainalysis data suggests that while the absolute amount of criminal activity is increasing, the relative proportion of total activity that is criminal is declining as the popularity of Blockchains increases. This correlates to the non-crypto world where criminal activity also occurs (e.g. offshore bank accounts, money laundering, etc.).
Making crime harder within individual communities
While most of us won't be able to impact the regulatory and government aspects of this ecosystem, we can impact the specific projects that we work on and lead by example to establish norms that make criminal activity harder and/or more obvious. There are a number of things you could do such as:
* Educate your users on how to avoid scams and act securely
* Avoid projects with signs that indicate questionable activity such as founders not identifying themselves, etc.
* Follow industry best practices where possible like Know Your Customer (KYC) and Anti-Money Laundering (AML) (see also)
* Make the authenticity behind your projects clear – e.g. show you have the rights to sell artwork, identify the people behind the project.
Legals, regulation and support systems
A related challenge in the web3 space is a general lack of regulation. While sometimes that can allow for easier innovation and more simplicity, the ability to augment the technology with well-known systems that ensure people are protected and supported is of benefit to the broad adoption of this technology (and helps fight some of the criminal aspects mentioned above).
Examples of problems this causes includes:
- The global nature of crypto allows people to easily skip regulatory oversight where it does exist and exploit this to take advantage of people: #1, #2
- People have assets stolen or have disputes about the result of transactions without clear recourse or support to resolve disputes: #1, #2
- There is mixture of flagrant disregard for and lack of understanding of copyright and/or intellectual property law, particularly when it comes to NFTs: #1, #2, #3, #4, #5, #6, #7, #8, #9, #10
- It's often not made clear what someone is actually buying when purchasing an NFT; people may assume they are buying ownership of the underlying asset/artwork/etc., but in actual fact it may just be a license to use it and not the actual ownership: #1, #2
- There are a lot of misleading sales and marketing tactics being used in this space and a lack of regulatory control to prevent or address it (who regulates it if it's global in nature?)
- Governments have vague policy statements and have been slow to react, which further buoys criminal activity given crypto can be a grey area: #1
Interestingly though, while the concept of ownership is baked directly into Blockchains and decentralisation advocates will often say that what's in the Blockchain should be absolute there are examples that have occurred where ownership in the Blockchain has been overruled because it conflicted with the law. Critics of web3 often argue this proves that the "goal of decentralisation" thus isn't even possible (more on that below though).
Cross-cutting regulatory and government
There is a seemingly increasing amount of regulatory and legal focus on web3 as the popularity of it grows. There are so many examples of legal proceedings, regulatory changes / guidance / intervention / proposals (#1, #2, #3, #4, #5, #6) and legal thought leadership starting to emerge and in anecdotally increasing amounts.
An interesting concept to consider is the potential evolution of dispute resolution approaches that leverage Blockchain technology, for which there is a combination of thinking, research and a number of solutions starting to emerge: #1, #2, #3, #4, #5.
Being careful and considerate within individual communities
Some additional considerations for the projects you work on:
* Don't skip legal and regulatory advice; just because you are creating a web3 solution doesn't mean you can skip this
* Even if there aren't regulatory constraints yet in the space you are operating in, consider what regulations exist in a similar space outside of web3 and whether it's worthwhile proactively adopting anything, especially where it provides protections for your users (or yourself!)
* Be careful to understand the copyright and intellectual property rights of the content that you and your users contribute and educate your users on this
* Consider providing dispute resolution (e.g. Aragon or Kleros) where relevant to protect your users and/or yourself
* Be explicit about what rights are being transferred (or not) and what specifically people are buying if there is any asset purchasing as part of your solution
* Don't use misleading or high pressure sales and marketing tactics
* Consider employing automated and/or manual processes to help prevent or lessen illegal activity
Diversity, inclusion and accessibility
This isn't a crypto specific problem, but it's always an important factor for deliberate consideration when building any technology since it's so often something that is missed, and web3 isn't immune.
Part of the consideration here is the inclusiveness of the community/ies that you participate in. One issue cited in the web3 space is that the defensiveness from the pro web3 camp is turning people away and causing important questions to not get asked and answered.
Another important consideration is accessibility, in terms of how confusing it is for new users to participate in this space (particularly if there are technology or financial literacy gaps), and whether broad accessibility of wallets, Blockchain interfaces and dApps has been built in.
Cryptocurrencies and their underlying technology hold out the promise of democratizing finance by making digital payments and other financial products and services easily accessible to the masses. But because of existing inequalities in digital access and financial literacy, they could end up worsening inequality. In particular, any financial risks arising from investing in cryptocurrencies and related products might end up falling especially heavily on naïve retail investors.
Eswar Prasad, Economist
* Have a code of conduct for any communities you build and enforce it
* Cultivate a culture of openness, support, inclusion and respectful discourse
* Create clear, easy to find and consume guidance for your users for how they can engage safely and securely
* Take opportunities to educate users and improve their technology, financial, security, etc. literacy (as relevant)
* Follow industry best practice for accessibility such as WCAG, whocanuse, axe, etc.
* Test your solution for accessibility. Even better engage people with disabilities to give direct feedback
* Consider the potential social (in)equity impacts your project may have
It's fair to say that on the social inequity front there are varying opinions as well as various efforts to use web3 technology to make a positive difference. (#1, #2, #3, #4)
The user experience (UX) of web3 leaves a lot to be desired (#1, #2, #3, #4, #5, #6, #7, #8). A combination of confusing new terminology, generally poor UX in wallets and web3 apps, and highly technical concepts that you need to understand (like safely storing a private key – via an 11-25 word mnemonic no less) combine to confuse even savvy users.
Include a step in your design process where you actively explore the potential negative uses and consequences of your product (and do so for a range of different audience groups).
Actively analyse how your product might make life harder for people who already experience barriers to using technology.
Security and privacy
While poor user experience is a huge problem in itself, and certainly will be a barrier to mainstream adoption there is another even more serious side-effect than reducing accessibility and increasing confusion of users: it's a security nightmare. It's very easy to either mishandle your private key, get scammed/phished (and as mentioned above there are many scams around), hacked, and/or take an accidental incorrect action and then lose things of value. Of course, once that happens, Blockchains are immutable so you can't hit undo, and there are currently a lack of support systems to get recourse. (#1, #2, #3, #4, #5, #6, #7)
The security problem with web3 extends beyond just the user experience challenges. The programmability that is being used to add more interesting functionality – smart contracts – are not that "smart". They are often very low level and complex to program against, so mistakes are easy and not obvious. Combined with a general lack of evolved smart contract software engineering practices, the fact that they are immutable (unless you take steps to combat that), and there is a global shortage of security reviewers, means that vulnerabilities in smart contracts are commonly found and exploited. Again, when this happens it's usually not possible to reverse since the Blockchains are immutable. (#1, #2, #3, #4, #5, #6, #7, #8, #9, #10, #11, #12, #13)
Another related consideration is privacy. While Blockchains are "anonymous" (a wallet address is a random string), as you start transacting that might produce signal data that allows you to be identified (everything that happens on the Blockchain is public and visible). Services exist that give you a DNS-like experience so your wallet can be identified explicitly (which, for instance, makes it easier to send money to you). While there are anonymisation and privacy coin services to protect the privacy of your wallet, that that adds yet another user experience issue – if you make one wrong mistake and perform a transaction that could identify yourself there is no way to reverse it and from that moment onwards every transaction you made in the past can then be scrutinised.
The fact that Blockchains are transparent and immutable are really great for many applications, but quite clearly there are some use cases that these properties create a real privacy problem. Immutability also faces the issue of GDPR compliance, unwanted air drops and doxing (the bad kind), revenge porn and child abuse etc. (#1, #2, #3, #4, #5, #6, #7, #8, #9, #10, #11, #12, #13, #14)
* Consider investing in the techniques that highly regulated industries like space and medical devices use such as formal verification and model-based testing.
* Engage professional smart contract verification services (noting that they are in high demand so you will likely need to book months in advance).
* Where relevant, publish the result of security audits publicly so users can see it.
* Consider adding a bug bounty program so white hat hackers are incentivised to help you find and close vulnerabilities.
Educate your users on security and craft your user experience so it helps users fall into a security pit of success.
Choose the things that you store on-chain carefully: keep privacy front-of-mind. Use standards like GDPR for guidance and make the implications of on-chain interactions and a user's privacy clear so they can make informed decisions.
Blockchain choice is an important consideration too. Some Blockchains allow users to preserve privacy by default (so called privacy coins), this could be good or bad depending on what makes sense for your solution. Some blockchains disallow unwanted airdrops (such as Algorand, which requires users to opt-in to receive an asset).
Where relevant, consider putting in place content moderation that takes place before content is irrevocably added to a Blockchain.
Cryptocurrency speculation and pyramid schemes
It's fair to say a lot of the focus and discussion (positive and negative) in the web3 space centres around the underlying cryptocurrencies and the significant financial gains that people have made as their price increases. That same focus is now shifting to NFTs as they become popular, and there are many stories of people making significant profits.
There are a number of key criticisms related to this:
- A lot of the popularity in crypto is put down to existing people in the space creating attention to justify (and grow the price of) the underlying cryptocurrencies so they can continue to make money (#1, #2, #3, #4)
- As people get into the space they then potentially lose out if the original people cash out (dropping the price) unless they get others in (i.e. that it's all a pyramid scheme and/or ponzi scheme) (#1, #2, #3, #4, #5, #6, #7, #8, #9)
- It's another case of the rich getting richer and the poor and underprivileged getting poorer, which is ironic given some of the hype of cryptocurrencies is about helping the unbanked get access to financial products when they otherwise would struggle to (#1, #2, #3, #4, #5, #6, #7, #8, #9, #10, #11, #12, #13, #14, #15, #16, #17, #18, #19)
- A majority of the transactions that occur for the cryptocurrencies are speculation rather than real value (#1, #2, #3, #4, #5, #6, #7)
It's fair to say the early use of crypto has been largely speculative and that the early growth of crypto has been fueled by people jumping on the bandwagon of get rich quick success stories. As this technology becomes more mainstream (which we are in the middle of right now) the focus on utility will naturally increase. We are seeing plenty of examples of serious corporate companies start to explore utility (and we have found plenty of examples of valuable uses of it). Throw into the mix the fact there are Blockchains and/or cryptocurrencies being designed from the ground up for specific utility such as Filecoin (decentralised file storage), Algorand (DeFi), Gitcoin (funding open source), ClimateTrade (carbon offsetting) and it starts to change the focus of the ecosystem.
As the focus shifts towards utility it's also fair to say the proportion of speculation is decreasing and/or likely to decrease overall. This is an area that it would be great to see more data and analytics work done on.
Switching perspective from general to specific, our suggestion is to be clear on your motives when engaging in this space and evaluate for your project whether it succeeds because of speculation or because of utility. Not everyone is in this space for the speculation (we aren't!) and you don't have to participate in this space with the intent of accumulating cryptocurrency to speculate on it's value increasing.
You can also incorporate this into your criteria for Blockchain choice and spend time in the community surrounding a Blockchain to understand if the focus is on speculation or utility. While it's unlikely you can avoid any speculation at all, the same is true of traditional non-crypto markets.
Some people even argue that the speculative nature of Blockchains is a good thing, since it brings architectural properties that are useful. (#1, #2)
Value and technology complexity
A logical follow-on from the discussion about speculation is a discussion about utility / value. An oft-cited criticism of web3 is that there is a lack of value being generated and it's yet another example of technology for the sake of technology. An argument that will often be thrown in is that Bitcoin has been around for 13 years and hasn't found a real world application so any argument that it's "early days" is moot. (#1, #2, #3, #4, #5, #6, #7, #8, #9, #10)
NFTs often get criticised for this, with people arguing the only reason they increase in price is through artificial scarcity rather than real value and utility. Especially, where they are a link to an image that you don't even get copyright license transferal so you don't really own anything outside of some metadata pointing to an image, which is easy to copy and may point to storage that may not exist in the future. (#1, #2, #3, #4, #5, #6, #7, #8, #9, #10, #11, #12, #13)
The "tech for the sake of tech" argument is often expanded to say that Blockchains increase the complexity for things that you can implement on existing (e.g. "web2") technology and there is nothing that can be done on web3 that couldn't be done without web3 technology. Or, that technology alone can't fix the problems that Blockchains are purported to solve. (#1, #2, #3, #4, #5, #6, #7)
Part of this technology complexity includes things like the need to run network nodes, the complexity of managing private keys, etc. as well as the fact that to expose a dApp you need web2 technology anyway such as DNS and cloud (web) servers. Then there's the complexity of cross-chain and Layer 1 vs Layer 2 etc.. (#1, #2)
Our thoughts here are to take an approach where you:
* Use the right tool for the job: Don't blindly try and make everything decentralised "just because", do it because and, importantly, where it makes sense. Use non-web3 technology for the places where it doesn't – there is nothing wrong with this; at the end of the day the outcome is more important than the tech.
* Be clear on what "value" means for your project: Educate yourself and your users on what that value is, particularly if people are purchasing something like NFTs or coins.
NFTs can represent much more than a dodgy link to an image file – example use cases include art (yes, including profile pictures (pfps), but also music and collectibles), gaming, tradeable memberships and access tickets, soulbound certificates, redeemables, identity (and recording verification thereof), financial assets (including collateralisation and fractionalisation), legal agreements, retail, bounties / incentivisation, content management, social / crowd investing and activism, loyalty / cohort / R&D participation, authenticity / receipts / intellectual property licensing, car logbooks and historical artifacts.
Even when an NFT is just an image, there's nothing stopping you making it have real utility and immutable integrity, let alone being creative and finding ways for them to do some good.
There are also unique things that weren't easily possible that web3 technology is enabling such as our venture, the Data History Museum where we digitally capture the intrinsic properties of a historic artifact (causality and originality) in a verifiably authentic digital form to capture knowledge of significant terrestrial, cosmic and human events. There are other great examples of useful things web3 is helping to drive.
Avoid unnecessary technical complexity: for instance you can avoid running your own Blockchain nodes by using the numerous SaaS providers that will run production grade nodes for you and give you an API key. That's not admitting defeat, it's just being pragmatic, plus you still benefit from low switching cost to move to a different provider as long as they are not adding custom functionality on top of the underlying Blockchain. Similarly, if you don't want your users to have to wear the burden of managing private keys there are plenty of services starting to evolve that help you bridge traditional authentication with custodial (hosted) wallets. Clearly, you need to make trust and security evaluations against such services, but that's no different than any time you purchase a SaaS product.
The technical complexity of Blockchain is also spawning a huge investment in developer friendly tools and frameworks with numerous examples starting to emerge so it's likely the complexity will reduce over time (hell, there's even no code tools already) in the same way cloud computing has gotten easier over time.
As always, with any architectural decision there are trade-offs to be made, so make deliberate decisions and evaluate options, pros and cons to make the right choice for your project. Consider: security, user experience, decentralised vs not, complexity, cost, functionality and reliability.
On the "everything that can be done in web3 can be done in web2" point an interesting software engineering analogy to consider might be saying "everything you can do with microservices you can do with a monolith". That's obviously not a nuanced enough argument – some things really suit a distributed microservices architecture, but it can absolutely be taken too far and monoliths can work really well too! To us this, again, comes down to use the right tool for the job on a per-feature basis.
Lastly, consider how much the Blockchain / web3 aspects even matter? At the end of the day, we should always focus on value / usefulness and let that speak for itself rather than focusing on the technology.
Decentralisation and trust
An interesting talking point of critics centres around the interplay of decentralisation and trust.
Decentralization is used as somewhat of a stand-in, or maybe more precisely a precondition, to fairness and/or equality. Centralized systems are seen as not only untrustworthy and corrupt but also as a danger to Freedom because they allow removing or blocking content for whatever reason. The Third Web (tante.cc)
- Full decentralisation doesn't make sense: we will always want to have centralised support mechanisms (e.g. for theft protection)
- The tech is almost always not fully decentralised anyway: most of the time centralised cloud and DNS providers are used for web3 solutions, let alone centralised Blockchain node providers like Infura
- The Proof-of-Stake consensus model that addresses the energy problems with Proof-of-Work can be vulnerable to centralised governance and manipulation and sybil attacks
- It's been shown multiple times that traditional law can and does override what's stored on the Blockchain
- Most people don't have the technology background that enables them to make informed decisions about the smart contract code they are interacting with, so they are trusting what they are told about said smart contract – this is also a user experience and security issue with Blockchain solutions
- You still need to trust the people that create and operate the smart contracts so it's not actually trustless
- Whenever the smart contract and/or token you are interacting with is not immutable (sometimes they are, sometimes they aren't) you are trusting that they stay intact
- When purchasing an NFT for its uniqueness you are trusting that someone doesn't create a duplicate of that NFT and there is thus always an element of trust with the project you are purchasing the NFT from
- Any time you need data that is off-chain to make an on-chain decision you are relying / trusting an Oracle provider to accurately reflect that data on-chain
Finally, there is the notion that technology alone will transform our world into a decentralised utopia, but the reality is that isn't possible because human behaviour and economics is always a key factor in such a change: technology is "just" the enabler. (#1, #2, #3, #4)
Sometimes decentralisation is a desirable architectural property (such as for peer-to-peer direct value exchanges and content creator ownership). Other times trustless digital exchanges are desirable (supply chain is a good example). That doesn't mean that you need to pursue decentralisation and trustlessness to be incorporated into every single aspect of the business model (or even every single feature within the technology implementation).
Use it for the aspects that make sense: incorporate centralised mechanisms that make sense such as support services and do the usual things that engender trust in a platform like publicly identifying the people and company behind it.
As the broader industry changes discussed above are made, some of the cross-cutting challenges in this space should start to get resolved, particularly establishment of clearer regulatory frameworks and support systems.
With respect to Proof-of-Stake algorithm weaknesses, there is much work being done across various Blockchain networks to address security concerns of the consensus algorithm. (#1, #2, #3, #4, #5)
Remember that the tech isn't the end all and be all, it's just part of the overall business model and you need to line all of it up. Repeating the point from the previous section: At the end of the day, we should always focus on value / usefulness and let that speak for itself rather than focusing on the technology.
Speed and cost
What does slow and expensive mean? It's hard to find accurate sources for specific numbers, but lets try and compare to VISA and Paypal which are both good analogies for a global payment system: (#1, #2, #3, #4, #5, #6, #7)
|Transactions per second (i.e. bandwidth)||3–7||15–25||1,700 (average)–24,000 (peak)||193|
|Transaction confirmation time (i.e. latency)||40 mins||5 mins||seconds||seconds|
|Transactions processing fee (also known as gas fee)||variable based on traffic and size of transaction ~$2-$65(#2)||variable based on traffic and size of transaction ~$2-$70||variable based on the transaction amount, usually 1-3.5% and usually charged to the merchant||variable based on the transaction amount, usually 1.9-3.5% and charged to the merchant|
This means that in general, Bitcoin and Ethereum are orders of magnitude slower than traditional payment approaches in both bandwidth and latency and for small transactions and any transaction where a traditional payment would result in a merchant charging the transaction fee back, much more expensive.
A related concept to consider is the Blockchain Trilemma (originally coined by Ethereum co-founder Vitalek Buterin), which is kind of like the CAP theorem of Blockchain. It talks about how there is a trade-off between security, decentralisation and scalability, that makes it hard to scale a Blockchain if you want to keep it secure and have real decentralisation. (#1, #2, #3, #4, #5, #6).
Furthermore, from a speed perspective it's worth understanding the difference between raw transactions per second (which gives an indication of the overall scalability of the blockchain) vs confirmation time (the latency that affects an individual user/transaction) vs finality (how long you need to wait to know that your transaction is permanent).
If you are building an application that needs low cost and /or high speed then there are a number of architectural options available, most notably selecting a high performance Blockchain network. For instance, consider the properties of some of the most prominent chains:
* Algorand (Pure Proof-of-Stake) - up to 1,200 tps (with plans to get to 45,000 tps), 4.5s confirmation time with instant finality (and plans to get 2.5s confirmation time) and a fixed transaction fee of 0.0001 ALGOs (roughly the same amount in $USD)
* Avalanche (Proof-of-Stake) - 4,500 tps per subnet with infinite horizontal scalability with <2s to confirm a transaction with instant finality and a dynamic transaction fee ~$0.07-$0.20 that varies based on congestion
* Cardano (Proof-of-Stake) - 250 tps, 20s confirmation with 5-10 minute finality and an average transaction fee of 0.16 ADA (roughly the same amout in $USD) that scales with data size of transaction
* Cosmos (Bonded Proof-of-Stake) - 4,000 - 10,000 tps (horizontally scalable), 7s confirmation with instant finality and $0.01 transaction fee
* Dfinity aka the Internet Computer (Threshold Relay) - 11,500 tps but can scale to unlimited tps, 45ms confirmation with 2s finality and a fixed transaction fee of 0.0001 ICP (~ $0.002)
* Neo (Delegated Byzantine Fault Tolerance) - 5,000 tps, 15 second confirmation time with instant finality and a complex gas fee arrangement that should be free for most transactions
* Polygon (Layer 2 Proof-of-Stake on Ethereum) - 7,200 tps (theoretical, usually 1,000 tps) with ~2s transaction confirmation with finality via Ethereum (so 5+ mins) and a dynamic transaction fee that is typically $0.01 - $0.5 that varies based on congestion
* Ripple XRP (XRP Ledger Consensus Protocol) - 1,500 tps, with confirmation time of 3-5s with instant finality and a fixed transaction fee of $0.0003760
* Solana (Proof-of-History) - up to 65,000 tps, 400ms confirmation time, 1.6s finality (4 blocks) and an average transaction fee of $0.00025 (scaling with congestion) with a promise it will always be less than $0.01
Another consideration is the volatility of building applications on public blockchains. There are a number of aspects that can potentially reduce confidence in the ability to create a stable, predictable service such as:
- Unpredictable price of underlying crypto tokens/coins, which sometimes have wild fluctuations due to the speculative focus and/or market manipulation (#1, #2, #3, #4)
- The impending impact of greater regulation on the Blockchain ecosystems (#1, #2)
- The fact that liquidity markets keep getting hacked and/or have unstable implementations and present a risky platform to build financial services against (#1, #2, #3, #4, #5, #6, #7)
- The worry about how reliable the various stablecoins are, which are critical infrastructure allowing the conversation of cryptocurrency to fiat ("real") money (#1, #2, #3, #4, #5, #6, #7)
Understanding the current and potential future regulatory constraints that might apply to your project is important. It's worthwhile being proactive to avoid a nasty surprise in the future.
Given the impact that a run on Stablecoins would have, particularly as the size and impact of the crypto ecosystem increases, it's logical that there may be an effort to introduce regulation of that segment, which could potentially reduce their volatility.
If you're curious to explore other sources about the problems with web3 there is a reasonably comprehensive GitHub repository that is collating articles: GitHub - life-itself/web3: Making sense of web3 & crypto. It's also being transformed into a website with a well structured arrangement of terms and claims.