Empowering the Next Chapter of Web3: Alibaba Cloud at Consensus Hong Kong0

Against the stunning backdrop of Victoria Harbour, Consensus Hong Kong brought together a diverse and dynamic community of Web3 enthusiasts from February 19 to 20. This esteemed event provided a platform for forward-thinking individuals to convene, collaborate, and chart the course for the industry's future growth. Alibaba Cloud seized the opportunity to demonstrate its cloud and AI solutions designed to meet the unique needs of the industry. The company's innovative offerings and industry expertise captured the attention of attendees and leaders alike, reaffirming its commitment to empowering the community and driving progress in the digital landscape.

Alibaba Cloud's "Exploring Next-Gen Web3 Technology" meetup, held in the afternoon of the first day, was a resounding success. The event provided a platform for attendees to engage in exchange and discussion on the latest Web3 trends, regulatory compliance, and innovative technical solutions.

Xiao Yu, General Manager of Alibaba Cloud's Fintech Unit, hosted the meetup. Paul Li, President of the Hong Kong Fintech Industry Association, delivered the opening remarks, highlighting the rapid evolution of the Web3 industry in Hong Kong. He noted two key transformations shaping the industry: a shift from non-regulated model to more compliance-driven regulated models, and an expansion from serving primarily Web3 native investors to mass adoption. Paul emphasized that this accelerated growth requires robust technological infrastructure, with cloud migration serving as a pivotal step in unlocking new development opportunities.

Lennix Lai, Global Chief Commercial Officer of OKX—a global top-tier digital asset exchange—shared a real-world example of how they are staying ahead of the curve. He demonstrated how the company's cloud-based Web3 DEX infrastructure platform, leveraging Alibaba Cloud's advanced technologies, is ensuring institutional-grade trading velocity, and the security and availability of user assets.

The subsequent keynote address was delivered by Zhao Qingyuan, Chief Solution Architect of the Fintech Unit at Alibaba Cloud. As the technical leader of the company’s dedicated Web3 technical team, Zhao underscored the stringent requirements of Web3: security, stability, low latency, global accessibility, and robust data analysis capabilities—all essential for global user protection and service reliability. He explained how Alibaba Cloud provides optimal solutions to these challenges, leveraging its cutting-edge technical capabilities, AI technologies, and global infrastructure to empower Web3 innovation.

Zhao began by outlining Alibaba Cloud's end-to-end Web3 solutions tailored for Web3 customers like OKX. These solutions span a wide range of scenarios, including trading system management, big data analytics and management, global acceleration, and security. Engineered with industry-leading capabilities, these solutions empower Web3 enterprises to thrive in today's fast-paced markets. For example, Alibaba Cloud's 10x Burst capability and elastic scaling of up to 10,000 pods per minute enable Web3 enterprises to efficiently process large volumes of transaction data, while maintaining agility in response to workload fluctuations.

Zhao also highlighted the transformative power of AI. As a trailblazer in innovation, Alibaba Cloud is at the forefront of AI advancement. He explained that Alibaba Cloud has developed and open-sourced many versions of Tongyi models, including large language models (LLMs), multimodal models, and scenario-optimized models , to foster widespread AI adoption. Alibaba Cloud also offers comprehensive support for AI development projects throughout their lifecycle, including training, fine-tuning, and inference. Leveraging Alibaba Cloud's one-stop GenAI platform, developers can build intelligent applications using many of today's mainstream models, unlocking new avenues for Web3 innovation and growth.

Underpinning these capabilities is Alibaba Cloud's robust global infrastructure, encompassing 3,200 POPs in 87 zones across 29 regions. With this vast infrastructure, they can provide performant and reliable services to users worldwide, ensuring a seamless and globally-consistent experience.

The meetup also delved into the critical importance of technological compliance, with Tom Jenkins, Head of Risk Consulting at KPMG Hong Kong, offering expert guidance on the requirements for obtaining a virtual asset trading platform license in Hong Kong. Anson Lam, Regional Security Compliance and Privacy Lead at Alibaba Cloud, followed up by explaining the cloud technology compliance requirements and highlighting how Alibaba Cloud empowers Web3 customers with its robust security and compliance capabilities. Alibaba Cloud's impressive portfolio of over 140 international professional certifications and compliance qualifications serves as a testament to its commitment to supporting customers in their global business expansion.

In addition to providing industry insights, the event also fostered a dynamic environment that encouraged open communication, exploration, and community engagement. The Alibaba Cloud booth was bustling with dynamic interactions and in-depth discussions. The OpenTalk sessions were a highlight, during which Alibaba Cloud technical experts shared the latest technological advancements and best practice case studies.

Positioned at the forefront of technological innovation, Alibaba Cloud is strategically poised to redefine the Web3 ecosystem through its robust global infrastructure, advanced technological capabilities, rigorous compliance frameworks, and seasoned technical support professionals, aiming to co-create transformative digital landscapes with industry partners.

Dogecoin (DOGE), the world's largest meme cryptocurrency by market value, seems headed toward a repeat of the bullish "golden cross" technical pattern that presaged the early 2021 surge.

DOGE, which has a market cap of about $22 billion, has demonstrated remarkable performance this year, with a price surge of over 70% and significantly outpacing the near 50% increase in bitcoin (BTC), the largest cryptocurrency, according to CoinDesk data.

• One more line here.
• And another for testing purposes.

The recent security breach for around $1.5 billion at Bybit, the world's second-largest cryptocurrency exchange by trading volume, sent ripples through the digital asset community. With $20 billion in customer assets under custody, Bybit faced a significant challenge when an attacker exploited security controls during a routine transfer from an offline "cold" wallet to a "warm" wallet used for daily trading.

Initial reports suggest the vulnerability involved a home-grown Web3 implementation using Gnosis Safe — a multi-signature wallet that uses off-chain scaling techniques, contains a centralized upgradable architecture, and a user interface for signing. Malicious code deployed using the upgradable architecture made what looked like a routine transfer actually an altered contract. The incident triggered around 350,000 withdrawal requests as users rushed to secure their funds.

While considerable in absolute terms, this breach — estimated at less than 0.01% of the total cryptocurrency market capitalization — demonstrates how what once would have been an existential crisis has become a manageable operational incident. Bybit's prompt assurance that all unrecovered funds will be covered through its reserves or partner loans further exemplifies its maturation.

Since the inception of cryptocurrencies, human error — not technical flaws in blockchain protocols — has consistently been the primary vulnerability. Our research examining over a decade of major cryptocurrency breaches shows that human factors have always dominated. In 2024 alone, approximately $2.2 billion was stolen.

What's striking is that these breaches continue to occur for similar reasons: organizations fail to secure systems because they won't explicitly acknowledge responsibility for them, or rely on custom-built solutions that preserve the illusion that their requirements are uniquely different from established security frameworks. This pattern of reinventing security approaches rather than adapting proven methodologies perpetuates vulnerabilities.

While blockchain and cryptographic technologies have proven cryptographically robust, the weakest link in security is not the technology but the human element interfacing with it. This pattern has remained remarkably consistent from cryptocurrency's earliest days to today's sophisticated institutional environments, and echoes cybersecurity concerns in other — more traditional — domains.

These human errors include mismanagement of private keys, where losing, mishandling, or exposing private keys compromises security. Social engineering attacks remain a major threat as hackers manipulate victims into divulging sensitive data through phishing, impersonation, and deception.

Human-Centric Security Solutions

Purely technical solutions cannot solve what is fundamentally a human problem. While the industry has invested billions in technological security measures, comparatively little has been invested in addressing the human factors that consistently enable breaches.

A barrier to effective security is the reluctance to acknowledge ownership and responsibility for vulnerable systems. Organizations that fail to clearly delineate what they control — or insist their environment is too unique for established security principles to apply — create blind spots that attackers readily exploit.

This reflects what security expert Bruce Schneier has termed a law of security: systems designed in isolation by teams convinced of their uniqueness almost invariably contain critical vulnerabilities that established security practices would have addressed. The cryptocurrency sector has repeatedly fallen into this trap, often rebuilding security frameworks from scratch rather than adapting proven approaches from traditional finance and information security.

A paradigm shift toward human-centric security design is essential. Ironically, while traditional finance evolved from single-factor (password) to multi-factor authentication (MFA), early cryptocurrency simplified security back to single-factor authentication through private keys or seed phrases under the veil of security through encryption alone. This oversimplification was dangerous, leading to the industry's speedrunning of various vulnerabilities and exploits. Billions of dollars of losses later, we arrive at the more sophisticated security approaches that traditional finance has settled on.

Modern solutions and regulatory technology should acknowledge that human error is inevitable and design systems that remain secure despite these errors rather than assuming perfect human compliance with security protocols. Importantly, the technology does not change fundamental incentives. Implementing it comes with direct costs, and avoiding it risks reputational damage.

Security mechanisms must evolve beyond merely protecting technical systems to anticipating human mistakes and being resilient against common pitfalls. Static credentials, such as passwords and authentication tokens, are insufficient against attackers who exploit predictable human behavior. Security systems should integrate behavioral anomaly detection to flag suspicious activities.

Private keys stored in a single, easily accessible location pose a major security risk. Splitting key storage between offline and online environments mitigates full-key compromise. For instance, storing part of a key on a hardware security module while keeping another part offline enhances security by requiring multiple verifications for full access — reintroducing multi-factor authentication principles to cryptocurrency security.

Actionable Steps for a Human-Centric Security Approach

A comprehensive human-centric security framework must address cryptocurrency vulnerabilities at multiple levels, with coordinated approaches across the ecosystem rather than isolated solutions.

For individual users, hardware wallet solutions remain the best standard. However, many users prefer convenience over security responsibility, so the second-best is for exchanges to implement practices from traditional finance: default (but adjustable) waiting periods for large transfers, tiered account systems with different authorization levels, and context-sensitive security education that activates at critical decision points.

Exchanges and institutions must shift from assuming perfect user compliance to designing systems that anticipate human error. This begins with explicitly acknowledging which components and processes they control and are therefore responsible for securing.

Denial or ambiguity about responsibility boundaries directly undermines security efforts. Once this accountability is established, organizations should implement behavioral analytics to detect anomalous patterns, require multi-party authorization for high-value transfers, and deploy automatic "circuit breakers" that limit potential damage if compromised.

In addition, the complexity of Web3 tools creates large attack surfaces. Simplifying and adopting established security patterns would reduce vulnerabilities without sacrificing functionality.

At the industry level, regulators and leaders can establish standardized human factors requirements in security certifications, but there are tradeoffs between innovation and safety. The Bybit incident exemplifies how the cryptocurrency ecosystem has evolved from its fragile early days to a more resilient financial infrastructure. While security breaches continue — and likely always will — their nature has changed from existential threats that could destroy confidence in cryptocurrency as a concept to operational challenges that require ongoing engineering solutions.

The future of cryptosecurity lies not in pursuing the impossible goal of eliminating all human error but in designing systems that remain secure despite inevitable human mistakes. This requires first acknowledging what aspects of the system fall under an organization's responsibility rather than maintaining ambiguity that leads to security gaps.

By acknowledging human limitations and building systems that accommodate them, the cryptocurrency ecosystem can continue evolving from speculative curiosity to robust financial infrastructure rather than assuming perfect compliance with security protocols.

The key to effective cryptosecurity in this maturing market lies not in more complex technical solutions but in more thoughtful human-centric design. By prioritizing security architectures that account for behavioral realities and human limitations, we can build a more resilient digital financial ecosystem that continues to function securely when — not if — human errors occur.