Why web3 companies get hacked so often, according to crypto VC Grace Isford

In this week’s Chain Reaction podcast, Lux Capital’s newest investor, Grace Isford, joined us to talk about the opaque but crucial world of web3 infrastructure. At Lux, Isford invests in the companies that work behind the scenes to make sure crypto exchanges are secure and trustworthy enough to avoid being hacked. Before joining Lux this February, Isford was an investor in Canvas Ventures focused on enterprise software and fintech. A data infrastructure investment she worked on at Canvas revealed to her the opportunity in the web3 space for companies to “immutably share data at scale,” prompting her pivot to cryptocurrencies, she said. “That took me down the rabbit hole, and then I ended up personally investing,” Isford said. “I got into yield farming, which coincided with my move to New York, where a lot of my friends are also in the crypto and venture capital ecosystem.” Isford says her investment approach to web3 is based on what she calls her “circle of competition,” or the area in which she can be competitive compared to others in the space. “Investing in NFT is quite different than investing in DeFi, which is quite different than investing in crypto data infrastructure, and I would say anyone who says they invest in web three shouldn’t invest in all of that, they should probably choose your sweet spot. in their core competency,” Isford said. Isford’s “circle of competence”, based on her previous experience, is in enterprise infrastructure and fintech, so we asked her what she thinks are some of the biggest challenges for web3 infrastructure providers. Compared to web2, Isford said, web3 lacks enterprise-grade security solutions. Alchemy and Infura are the only two major node service providers in the industry, meaning most crypto relies on two infrastructure providers to manage its data. “There seems to be a new security hack reported every week [in web3]Isford said, citing the recent Metamask and Ethereum dApp outage originating from Infura and the February Wormhole Bridge attack. While several startups are working on developing security solutions, Isford said, the technology is “still pretty nascent” when it comes to developer tools, data infrastructure monitoring and storage. Another major challenge is managing fraud and downside risk, Isford added. “I think [that issue] it’s really keeping a lot of people out of the crypto world right now [because they’re] afraid of losing all their money if they venture too far into cryptocurrencies,” Isford said. Isford is optimistic that through the massive inflows of investment in web3 startups in the past year, companies will be able to build more reliable solutions. “I think TRM Labs, Chainalysis and a number of other companies in this space have 10x potential in terms of compliance and monitoring because they don’t have it at scale yet in the same way that we’ve built these sophisticated AML systems on the infrastructure side. in the web2 world,” Isford said, referring to anti-money laundering technology for traditional financial institutions. Better risk and fraud management systems are a precursor to more institutional money flowing into cryptocurrencies, Isford said. As companies such as Fidelity, Goldman Sachs, and JP Morgan continue to advance crypto, the market will mature, he added. “I think one of the biggest opportunities in crypto right now is still security, if you can create more trusted smart contracts at scale… but you can’t have a trusted system if it’s not secure, right? And you can’t run a system securely if you don’t know who’s inside that system, so I think security is probably one of the biggest pieces from a prioritization standpoint,” Isford said.


Table of Contents