Web3 mass adoption challenges: User Experience & Security

Blockchain is still a nascent technology, and as such, many problems are associated with user experience (UX), with there being some major problems that need to be addressed that we will discuss in this article. Lack of friendly User Interfaces (UI), language, lack of standardization, complexity, key management, and security are some of these issues.

It’s worth mentioning that infrastructure is a major component in UX, since it provides faster, simpler, and cheaper transactions. However, this is a topic that we discussed at length in a previous article on the Web3 mass adoption challenge series, so we won’t cover this topic here.  

Web3 user interfaces and Language

Despite some notorious exceptions, crypto applications are typically built by technical teams and oftentimes with tech-savvy users in mind, resulting in “Made by developers, for developers” logic.

“Made by developers, for developers”

This usually presents itself, first, in the form of complex language. For a newcomer to the ecosystem, terminologies such as Proof-of-Stake, public/private keys, Gas, Gwei, tx hashes, swap, bridging, and so forth, are intimidating. This creates barriers for users that may get insecure about using a product that they don’t understand and which has a steep learning curve, forcing users to achieve a minimum level of knowledge about terminology before being able to be fully independent.

I challenge you to count how many times the word Wallet appears in this screenshot.
I challenge you to count how many times the word Wallet appears in this screenshot.

Blockchain technology should be incorporated into people's daily lives seamlessly. Most email users don’t know (and don’t need to know) that the email service provider is using an SMTP protocol. The same applies to Crypto; users shouldn’t necessarily need to understand which blockchain is being used, or which route is used in a swap. In this way, just as how email technology reached mass adoption, implementing friendly crypto will decrease the distance between the layperson audience and the technology. 

Beyond the terminology barrier, there are oftentimes confusing user interfaces that don’t make it simple for the user to understand what is happening and to feel secure that they are not making the wrong transaction. For instance, in the process of signing in with Metamask - potentially one of the more expressive entry points for users into self-custody - on two different platforms (Lens and Mirror), the user is faced with dubious information. While warning the user to only sign the transaction if they fully understand the content of the transaction, Metamask provides a message that might not be easily understood by a new user.

Another good example is not making clear how much a transaction will cost, or even the equivalent in fiat that they are transferring. This, coupled with poor positioning of buttons, might be frustrating, ultimately leading to the user not concluding an operation.

Source: https://twitter.com/ybhrdwj/status/1528091062975115264
Source: https://twitter.com/ybhrdwj/status/1528091062975115264

Complexity and Key Management

We believe that most of the complexity of interacting with DeFi comes from the current mindset of web3 product development. Most of the experience of using a Web3 protocol or dApp is dictated by how the smart contract was written. The big problem is that smart contracts usually are not meant to be upgradeable, which means the user experience should be a major design concern from the very beginning.

However, in the Web3 environment, the technology leads the product design, since most of the new developments come from research/technical teams. Usually, UX professionals are involved late in the process, after the smart contract has been written and audited, leaving them with the only option of working with UI, thus, they are not able to fundamentally improve the user experience. 

Here are some examples of it:

  • Despite the existence of some solutions that are used to make token swaps easier/cheaper, sometimes these applications do not support the swap of a token A with a token C, and the user has to make multiple transactions (A to B to C) in order to achieve the desired result. 

  • Sometimes while interacting with one application, such as a game, there is the necessity of giving many permissions and sometimes possessing different wallets in order to interact with different applications/networks (this is a problem of interoperability that we somewhat covered in a previous article).

  • Even in operations inside the same network, transaction fees are usually only payable in the native token, forcing users to swap one of their tokens in balance for the native token.

This scenario results in products that are not user-centered, which have awful onboarding, creating low user retention.

Furthermore, key management is also a big pain, that ends up having serious implications in security. Most users (outside the crypto bubble) are used to the banking experience, in which they have their accounts and have access to their funds through a password, and if they lose/forget it, it can be relatively easily recovered. Usually, when a user wants to have a wallet, they need to not only memorize their password but also have the pain of safeguarding a 12-word seed phrase in order to recover their password if needed. 

As expected, this method is prone to human error, resulting in many quitting the process of creating a wallet, resorting to a Centralized Exchange for custody, or even worse, losing their funds, because they lost their seed phrase.

Fortunately, there are implementations in progress that might make these problems less relevant in the near future. Obviously, this movement is different for each network, with some of them having this problem solved by default. 

Ethereum Network

In Ethereum, those who want to have full custody of their assets are faced with a problem that was laid in the foundation design of the network. By design, in Ethereum, there are two types of accounts.

The first are called Externally Owned Accounts (EOAs), which have the following characteristics:

  1. They are generated using wallet software such as Metamask

  2. They are managed by the Signer, a pair of public and private keys. The public key is the address of a wallet, the information that a third party needs to send tokens to it. It’s equivalent to a bank account number, and the private key is a numeric code, usually encoded as a seed phrase that enables control over a wallet, which is equivalent to the e-mail recovery questions. 

  3. This type of account is “active”, meaning that it can initiate transactions and pay transaction fees in the network, but is limited to basic operations such as sending ETH or interacting with a smart contract. 

The second type is called Contract Accounts (CAs). These are basically smart contracts deployed in the Ethereum Network. The two key things to understand about this account type are: 

  1. Smart contracts can execute complex logic and solve any kind of problem. They can even create another smart contract.

  2. CAs are not controlled by a private key; instead, they are ruled by the logic of the smart contract code. However, they have the limitation of not being an “active” account, so they can only initiate a transaction in response to another (a machine that only generates output if an input is provided) 

The problem here is that from the user perspective, the signer and the account are merged. If someone loses the signer, they lose the account, and if a third party gets access to the signers they can steal the account's funds. So Ethereum’s security relies on the user being able to manage a single secret key safely. There is no room for mistakes.   

In order to solve this problem, the Ethereum community is proposing the concept of Account Abstraction, the decoupling (abstract away) of the signer from the account. This is achieved by merging the benefits of both EOAs and CAs in the Account Contracts: “special-purpose smart contracts that define and manage a user’s Ethereum account (now called a smart account)”.

This new concept brings with it many benefits:

  1. Signature Abstraction: As aforementioned, transactions from EOAs must have a signature generated by the account’s private key. The signature abstraction removes this requirement, allowing users and application developers to define custom rules for authorizing wallets to initiate transactions. For instance, it can allow a third party (a trusted guardian, probably a specialized service) to have a seed phrase that can't initiate transactions but can replace the signer with the user's authorization (the same way banks do). And it can set newer layers of security such as requiring extra steps of validation for transactions that surpass a defined amount (again, as banks do), have multi-party approval, or even defining pre-approvals for some services to “pull” funds from a smart account (interesting applications for recurring payments, such as a subscription service).

  2. Fee Abstraction: Today, in order to execute a transaction, the user must pay a transaction fee (“gas fee” in the ETH network) in ETH in their wallet. However, oftentimes the user has their balance in another type of coin, let's say USDC, that they need to swap for ETH before executing the transaction. With this concept, it’s possible to have a relayer that will pay the ETH fee and receive the equivalent amount of USDC from you.

  3. Transaction Batching: Smart Accounts can process multiple transactions in parallel, thus allowing for combining multiple operations into a single on-chain transaction, significantly reducing transaction costs and the complexity of interacting with dApps (Decentralized Applications).

Source: https://metamask.io/news/latest/account-abstraction-past-present-future/
Source: https://metamask.io/news/latest/account-abstraction-past-present-future/

This concept was deployed in the Ethereum Network in March 2023 with the ERC-4337 (ERC stands for Ethereum Request for Comment), and announced during ETHDenver. It intends to help to improve the UX for Ethereum Network users in the future. However, it still may face some challenges due to implementation complexities in the world in which Ethereum becomes more focused on Layer 2 applications (applications built in blockchains that use the Ethereum Network as a security mechanism). This topic is out of scope here, but a recent Vitalik blog post covers it pretty well. 

Finally, it’s worth mentioning that there are some wallets that have already implemented account abstraction in Layer 2 networks (e.g. Argent X, a wallet running in the Starknet, an Ethereum’s Layer 2 network).


As we have discussed in previous articles, the current boundary conditions lead us to believe that the future of blockchain is multi-chain with high interoperability, and maybe three to four big networks being used based on their specificities. 

In this scenario, Polkadot could be one of these networks. In its core design, Polkadot was thought to be very generic, allowing developers to define how primitives, such as cryptographic signatures and accounts, will behave.   

Many of the ERC-4337’s ideas were implemented in different pallets - modular components or libraries in Polkadot’s framework that encapsulate specific functionalities that can be added to the blockchain. 

Pallets offer multiple tools to manage accounts and identity, e.g. multisigs (a signature process that requires more than one validation), allows for an account to be controlled by multiple public keys, allows for accounts to have user-friendly names and have a verified email (and in fact, many other metadata) attached to it, or even to enable account recovery by establishing a few trusted individuals/organizations that in conjunction have the power to create new keys. These functionalities and others help to make account management easier and can improve security. 

These examples show that building account abstraction in the network is viable. In fact, there are projects like InvArch that already provide multichain multisigs. However, building a true multichain account abstraction solution in Polkadot has some challenges. As aforementioned for Ethereum, most of these functionalities work well for a single-chain environment, but not so well in a multichain environment. 

Source: https://invarch.medium.com/saturn-the-future-of-multi-party-ownership-ac7190f86a7b
Source: https://invarch.medium.com/saturn-the-future-of-multi-party-ownership-ac7190f86a7b

Fortunately, there are already discussions in the Polkadot community about this topic, and advancements are arguably possible in the near future.

Information Asymmetry and Funds Insurance

Due to the information asymmetry, it’s hard, even for crypto natives, to understand the risks associated with interacting with some DeFi applications. Solutions that help investors to make more informed decisions are welcomed. 

Furthermore, it would be paramount for mass adoption to provide users with a higher degree of guarantee that they will have access to their invested funds. There is a lot of fear regarding mismanagement and even more regarding hacks - that, despite having a minimal effect in proportion to the industry market cap, do have a big impact on how the public perceives the technology. 

In the following section, we want to take a deeper look into these aspects. 

Business model audit

The previous bull market and enormous information asymmetry between enthusiasts and developers about the technology and business models have provided the perfect environment for the emergence of projects with, in some cases, questionable principles from founders with questionable ethics. These projects have attracted huge amounts of money that collapsed at the first sign of operating weakness, taking with them dozens of other assets.

Failures in the protocols and smart contracts, fake portals, perverse developers, and founders concentrating a large part of the funds are just some of the variety of reasons that led so many investors to lose money. Moreover, stories of people who have gone through such scams only scare new potential users away from this market. Identifying these techniques and dedicating time and knowledge to run careful analysis before investing is not as easy a task for ordinary people as it is for retail investors. 

In some geographies such as Europe and Brazil, regulation is advancing in order to provide investors more confidence, forcing project teams to submit whitepapers (subject to approval) with the risks involved, or even creating mechanisms of accountability regarding schemes and frauds. We presented an in-depth discussion about this subject in our Regulation Article.

But beyond that, we believe that there are mechanisms in place in CeFi that might be helpful. In this context, crypto risk rating solutions appear as an opportunity. Credit rating agencies, as we know, seek to demonstrate to creditors and debtors how solid a certain entity’s financial health is, taking into account quantitative and qualitative factors to define the level of credit risk (credit rating score). 

With a diversity of assets, bonds, and companies available on the market, investors are often unable to analyze each of them accurately. Thus, risk assessments came as a way to better guide investment decisions. The same is true for digital assets. Crypto ratings can offer investors more knowledge and credibility when it comes to tokens, protocols, and pools... In fact, some agencies (even top-tier ones, such as S&P Global and Moody's), and projects (e.g. Exponential) are already providing risk assessment services for digital assets companies. The problem is that even though some specialized crypto rating solutions have emerged, none have had enough time to build a solid reputation. Time is needed for the Crypto world to mature.

Even though a good risk assessment is not an absolute guarantee of suitability and safety - as seen in the 2008 Financial Crisis - it will help to reduce information asymmetries, enabling investors to make more informed decisions. Also, we do believe in the importance of the existence of not one, but several respected certifiers, whose responsibility will be to assign levels of risk to each class of assets based on basic assumptions, such as tokenomics, governance, maximum leverage, minimum treasury, reputation, and other characteristics inherent to a project’s business model, and that goes well beyond code auditing. 


Unlike fiat currencies in the traditional banking system, there is no protection to stop theft or loss of funds. In Brazil, the Credit Guarantee Fund (FGC) seeks to provide protection to investors insuring up to R$ 250,000 in losses against the security’s issuer bankruptcy. The U.S. Federal Insurance Deposit Corporation (FDIC) also has a similar operation, but no equivalent exists for cryptocurrencies. The fact is that being the owner of your own assets and moving away from centralized authorities demands a high level of personal responsibility.

Criminal abuse of cryptos, risk of private key mismanagement, strong fluctuations in prices, Ponzi scheme operations, hardware loss or damage, failure of the blockchain underlying the asset, and projects with no fundamentals create huge barriers to crypto’s mass adoption. 

Considering crypto’s tricky nature, insurance products may turn out to be great solutions and opportunities. Some exchanges trying to counter the crypto crime wave are insuring the digital funds of investors who are victims of theft or hacks on the platforms. Binance, for example, allocated 10% of its total trading fees to an insurance fund and paid out US$ 40 Million from that fund during a Binance hack. However, insured exchanges have limits to their coverage. Binance wouldn’t be able to recompense all of its users in the case of a significant loss. Some wallets are trying a similar strategy to protect users. Civic, for example, uses the insurance provider Coincover to provide their users with insurance guarantees in case Civic ever goes out of business. Although there is nothing investors can do to avoid massive market downturns, crypto holders can purchase personal wallet protection services in case of hacks, theft, or lost private keys for additional individual insurance. Bitgo, for instance (an American crypto wallet), offers custody and cold wallet storage insured against theft and/or insider misuse of clients’ private keys.

Despite these innovations, crypto insurance solutions have a long way to go before they can offer solid and affordable products. The lack of market history and data to support insurance decisions raise obstacles for insurers wanting to explore this new business line. Also, as stated by a ZenGo article, the main problem with crypto insurance offerings is that there is no single insurance provider that protects against all potential situations. For crypto holders to fully protect all of their crypto assets, they must mix several different plans, which is not only a headache, but it massively increases fees. The market lacks proper insurers, let alone re-insurers. 

Regardless, cyberattacks, human errors, algorithm failures, and wrongdoings are bound to happen and if the industry really aims for credibility and broad adoption, it will have to develop new methods to better protect its users.

Final Thoughts

DeFi solutions are far from speaking fluent customer language. Crypto is already notorious for its UX and Security issues, and interfaces are not yet intuitive and simple, making everything seem like rocket science with the risk of losing keys/assets to the average potential customer. However, the blockchain community focus is steadily shifting. Infrastructure problems are still relevant, however, the community is also paying attention to UX and how to onboard new users and cross the adoption chasm.

Currently, there is a surge of many new voices in the crypto community that are advocating for better product development cycles and flows, placing the user experience at the same level of importance as the technology. On one side, organizations such as Web3UX are producing guidelines for better product development - this effect also manifests in itself in crypto conferences such as those in the Ethereum community (e.g. Devcons, ETH Denver…) - and on the other, the search for mass adoption is naturally moving project development teams in this direction.

In fact, necessity is driving better UX in geographies such as Latin America. Entrepreneurs are embedding blockchain in financial solutions for remittances (e.g. Felix Pago) or even for hedging against inflation. Another good example of the early implementation of this concept is a startup named El Dorado. The company offers money transactions and wealth preservation options for the unbanked population, those who no longer trust the national financial system, and for people in Latin America that don't have easy access to a dollar account. 

El Dorado’s P2P wallet empowers the LATAM population with a friendly “dollar account” by using stablecoins and facilitating the on/off ramp with national payment methods. With no complex addresses and a simple solution that communicates with the local population, it resembles a common digital bank. All the end user needs to know is that it’s a solution that solves their problems.

Users always expect simple and fast interfaces. As a consequence of technological development and a shift in product design, digital apps, banks, and exchange platforms have been constantly improving user experience, and many new startups are making processes more efficient and reducing bureaucracy, with a more convenient approach - Nubank is a good example. Crypto needs to keep up with these expectations. Despite the advances, there are still many operational issues and too much human responsibility related to holding crypto assets and wallets, leading to several concerns that push people away. 

However, we do believe that, with all the attention that the subject has been attracting recently, along with the current efforts from the community in developing not only new frameworks of development but also re-thinking the infrastructure layer in order to provide better UX, there will be a significant improvement in user experience in the next few years.

If you like this content, you can find a deeper discussion about the state of crypto on our Crypto Paper, or if you are an entrepreneur with a Web3 / Fintech / Embedded Finance product, contact us, we are investing!

DISCLAIMER: This material is provided to you for informational purposes only. This is neither an offer to sell nor a solicitation of any offer to buy any securities in any fund managed by Iporanga Ventures (the “company”), nor is it an offer to provide investment advisory services. And the targeted performance contained herein is provided for illustrative purposes only and is not intended to serve as, and must not be relied upon by any person as, a guaranty, an assurance, a prediction of a definitive statement of fact, a probability or as investment advice.

Subscribe to Iporanga
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
This entry has been permanently stored onchain and signed by its creator.