Cobo: Crypto Assets need to win user trust through "institutional-grade security + consumer-grade experience".

Only by building infrastructure that combines "institutional-level security + consumer-level experience" can we win users' trust and achieve true global adoption.

Written by: Lily Z.King

"As the scale of crypto users surpasses 650 million and the market rapidly evolves, security is no longer just about defense; it is at the core of the experience."

The Point Zero Forum 2025 was successfully held from May 5 to 7 in Zurich, Switzerland, organized by the non-profit organization GFTN established by the Swiss State Secretariat for International Finance (SIF) and the Monetary Authority of Singapore (MAS). The forum gathered over 2,000 central bank governors, regulators, industry leaders, and technology experts from around the world, dedicated to promoting the sustainability, inclusiveness, innovation, and efficiency of the global financial ecosystem.

Cobo COO Lily Z. King was invited to attend the "Zero Point Forum 2025" and participated as a speaker in a roundtable discussion, sharing our front-line observations on the changes expected by cryptocurrency users and their impact on the future of crypto security. We also hope to bring these insights to every Cobo user and reader.

Crypto users are changing, and so are their desires.

Over the past eight years, Cobo has had the privilege of being at the forefront of the development of the cryptocurrency industry, witnessing the dramatic changes in user demands, technological architecture, and application scenarios. From users to infrastructure, from custody models to security strategies, the entire industry is undergoing a profound reconstruction.

After the FTX incident, users have become more professional and more vigilant.

On the institutional side, users start from the perspective of "control priority." They are more concerned about having a verifiable security architecture, such as SOC 2 and ISO 27001 audit certifications, continuous KYT/AML monitoring, fine-grained approval mechanisms, and the capability for cold wallets or off-chain custody. Their focus is on whether compliance requirements can be met, asset security can be protected, and audit reports can be submitted when necessary.

On the retail side, users prioritize "simplicity first." They want the convenience of using a modern financial app: click, confirm, done, and they also want to easily recover their assets after changing phones. However, their understanding of security has also improved: a clean interface no longer equates to a trustworthy platform, and people are starting to pay attention to reserve proof, fund availability, and instant access to assets.

Regardless of the type of user, they all begin to pursue: verifiable security + real-time asset control.

From Single Chain to Multi-Chain, the Technological Infrastructure is Both Differentiating and Merging

From Bitcoin and Ethereum, we have evolved into today's world of multi-layered and multi-chain coexistence, which involves bridging, Rollup, and modular blockchains. This trend of fragmentation requires a unified and compatible underlying architecture across ecosystems.

To address this complexity, cutting-edge platforms are turning to a modular hosting architecture:

• MPC (Multi-Party Computation) is used for decentralized private key control.
• Hot / Warm / Cold wallet layered architecture, used to balance liquidity and security
• Smart contract wallet for configuring on-chain governance and operational rules

Only with institutional-level security, integrated architecture, and verifiable standards can we support a Web3 user experience aimed at the general public.

Evolution of the Application Layer: Not Just Exchanges, but More New Scenarios

Eight years ago, 90% of our clients were exchanges. Today, this proportion has dropped to 50-60%. New users include DeFi protocols, NFT platforms, DAOs, GameFi and SocialFi projects, as well as payment companies, trading businesses, and stablecoin issuers.

The security challenges and compliance requirements brought by each scenario are different: CeFi emphasizes compliance and fund security, DeFi focuses more on smart contract risks and user experience, while Web3 enterprises face challenges of multi-chain interoperability and blurred compliance boundaries.

Wallets are no longer just safes; they are the main entry point to Web3.

Unlike traditional finance where "bank accounts are the endpoint," in Web3, wallets serve as the core entry point for users and are the passport to the on-chain world.

However, it has also become a key point affecting user experience:

• Users need to manage their own private keys.
• Accept complex operation interface
• Undertake the on-chain risks that traditional finance has long shielded.

This is a barrier for individual users and a resource burden for startups and exchanges. Therefore, we need more infrastructure builders to help platforms "do what they are good at" without worrying about security and compliance.

Security vs Simplicity: The Dynamic Balance Between Custodial and Self-Custodial

The ideal security design is to hide complexity, make protection "exist without feeling," and provide choices when users need them. For example:

• Risk control mechanisms are enabled by default, such as trading limits, withdrawal delays, and whitelist features.
• Guided educational prompts to help users understand risks without overwhelming information.
• Users gradually unlock more permissions, rather than being exposed to risks from the beginning.

The essence of custody is not to hand over the keys, but to hand over trust and the right to choose.

Promotion of Security Mechanisms: Rely on Design, Not Persuasion

Security features such as 2FA, withdrawal delays, and trading limits are often overlooked by users until an attack occurs, at which point they are taken seriously. Data shows that only one-third of users have enabled 2FA across all platforms.

The effective way to promote is not persuasion, but default design:

• Security features are enabled by default and integrated into the process.
• Provide concise explanations when necessary to enhance user understanding
• Use AI technology to reduce the operational burden on users, such as automatically identifying malicious contracts and real-time phishing alerts.

Recommendations for Regulators: Focus on Outcomes, Not Processes

Users do not care about your custody model; they are concerned about whether their assets are safe, accessible, and recoverable. AI technology is redefining all of this—from one-click account opening to risk scoring and real-time fraud alerts. Future crypto applications will become increasingly simple and user-friendly, resembling banking apps. However, AI is also arming attackers, and regulation must evolve in sync with technology.

Therefore, we call for regulation to be guided by "principle-oriented" rather than "static process-oriented", establishing a regulatory logic centered on outcomes to truly protect user asset safety.

"Regulators should lay a solid foundation, but allow safe and adaptable systems to grow freely on it."

The cryptocurrency industry is transitioning from technological exploration to a phase of mass adoption. Only by building infrastructure with "institutional-grade security + consumer-grade experience" can we earn users' trust and achieve true global adoption.

Cobo is an active builder and promoter in this transformation.