August 25th – August 31th
PERSPECTIVES by Eric F. Risley
The crypto industry has an existential problem that remains unsolved: a lack of real or perceived security. Without that confidence, trust is tentative and easily lost.
Ensuring security is multifaceted and never-ending. In the early days of crypto, loss of funds was often dismissed as a “cost of doing business,” which downplayed its importance. We are likely beyond that mindset; however, crime remains rampant and continues to grow.
The irony is that arguably the most capable security businesses, those that built the security infrastructure for the modern, web-accessible world of financial services and payments (call them Web2 security vendors), have not yet taken crypto security seriously. They often view it as a niche market, too small to prioritize. That will change, but in the meantime dozens of companies are building to tackle this existential problem.
Kerberus’s recent acquisition of Pocket Universe underscores this need and trend.
Web2 users became accustomed to security being built in: antivirus shipped with the operating system, browsers flagged suspicious sites, and logins pushed people toward two-factor authentication (2FA) or passkeys. Kerberus’s acquisition of Pocket Universe is a similar moment for Web3. Instead of asking people to simulate every transaction and hope they notice red flags, wallets will now catch risky signatures and malicious behavior before they go on-chain. Security starts happening automatically, within normal wallet and payment flows.
The deal size may be small, but it is strategically important. Security in Web3 will not remain a sidecar app or optional plug-in. It is becoming part of the core experience. Consumer security tools on their own do not scale or monetize well in crypto. But if protections are baked directly into wallets, bridges, on- and off-ramps, and stablecoin rails, incentives align. Everyone wins: fraud drops, friction is reduced, and consumers as well as large players like banks and insurers can build trust. See our M&A Alert here.
With wallet-drainer scams and social engineering getting sharper every month, these proactive, pre-signature defenses are not just nice to have; they are required. They do not replace on-chain analytics, but they complete the picture. Expect more M&A as point solutions consolidate, increased pressure from institutional diligence, and a raised floor across the space.
In Web3, “secure by default” is about to become table stakes.