Securing Web3 Communities: An Interview With Marcus Naughton of Chatsight

I recently spoke with Marcus Naughton, CEO of Chatsight—a cyber-security firm focused on protecting web3 and Web2 communities against cyber-attacks, scams, and bots. 

Join us as we discuss why web3 communities are being compromised, how this is hampering the domain’s progress, and viable solutions that exist for the industry moving forward. 

Hi Marcus. Thank you for joining us today. Please tell us your story and how you built Chatsight. 

Hi! I am Marcus Naughton, the CEO of Chatsight. Thank you for having me on board. 

My interest in Computer Science began pretty early—I started coding at the age of eight or so.  I graduated with an LLB (with Economics) from the University of Limerick in 2019, and throughout my undergrad course, I experimented with numerous AI/NLP projects. That year, I also became the national winner of the Red Bull Basement competition. 

After my graduation, I wanted to venture into entrepreneurship — and luckily, got selected by Entrepreneur First. I began working on Chatsight initially as a Content Moderation platform for early-stage social networks, that soon grew into providing an agnostic set of security tools for online communities. We got attention close to our launch which allowed us to secure investment for Chatsight. 

When web3 became more of a fleshed out concept and started to have more traction - we expanded our vision to include a future where we provide security tooling to future on-chain social networks.

Okay! Before we dive deeper, can you please explain web3 simply, for the uninitiated? Give us an insight into significant developments and how they are transforming the internet as we know it. 

Sure. web3 envisions a new version of the internet powered by the blockchain. So, unlike now, when big-tech companies have somewhat monopolized the internet, web3 will be decentralized and community-centric. At a reach, you can see Discord as a litmus test for how web3 community-run platforms will operate - given the bare minimum and looking to cultivate a foundation from there. Discord is a centralized platform, and this is acknowledged - but it serves as an interesting experiment nonetheless.

SIngular entities won't normally own or govern web3 applications (though a decent proportion do, and this is mediated through direct democratic processes like on-chain voting) nor will they run on centralized servers. Instead, these apps will be deployed over globally-distributed peer-to-peer networks—like Bitcoin or Ethereum, for example—with community-driven governance. So basically, users will own and manage web3, and these users can be from anywhere in the world. Users provide their identity in a decentralized way, allowing them to prove their ownership and identity in a way that builds upon concepts like OAuth (in principle, not in execution or technology.)

Long story short, web3 is the internet’s next phase and it will be decentralized, trustless, permissionless, and verifiable. But I must caution, that this is an optimistic view of the implementation of web3 - many still think that external influences like venture capital, DAO management teams, and the alike may harm the development of this paradigm. We’ll need to adjust our mental model about how to overcome these obstacles.

As for developments, there’s been a lot going on lately. We have indeed covered much ground. Cryptocurrencies, NFTs, and DAOs are all key elements of web3. We have all seen how they grew over the last two years or so. Plus, there’s been a steady rise in traction for categories like Play-to-Earn (P2E), which is another significant area of progress. And I believe there’s certainly more to come.

Thanks for such great insights. Now, a budding industry like this must be prone to cyber-attacks, which you in fact mentioned. Please tell us more about how hackers are exploiting web3 communities and how this is hampering the domain’s progress. 

Yes, that’s right. web3 is pretty young and its infrastructure is still work-in-progress. As is the education available to casual users on security best practices. So, of course, there are shortcomings, some of which are quite severe. The most common ones, however, range between Phishing and Smart-Contract Vulnerabilities (of which entire companies are built on securing against them for their clients). These two pillars of attacks are the main sources of detraction (not to mention liquidity management by DeFi) - undermining adoption.

In 2021 alone, DeFi protocols lost over $10 billion to cyber-attacks and thefts. We are all also aware of Poly Network’s $600 million hack. Even crypto.com admitted losing over $35 million to attackers in early-2022. 

Then, very recently, hackers breached the gaming-focused Ronin Network, stealing $600 million worth of cryptocurrencies. Such breaches often leave new users with distrust. But evidently, we’ve seen that this distrust is with the organizations running their products on the blockchain, versus the blockchain itself. Though, it goes without saying that some chains and projects are fundamentally unable to support their users.

Extreme concentrations of criticism targeted from web2 users to web3 can fan the flames caused by these security issues, often aggravating the problem and serving to further bolster anthesis about web3.

That’s concerning, indeed. But Chatsight solves these problems. Please explain how it protects communities and protocols in web3.

Yes. Chatsight is a content moderation system and anti-scam solutions provider that combats phishing attacks and scams using Artificial Intelligence. A lot of interesting technology has been developed in the last few years, and the advances brought forward by Transformer architectures - allow us to engage with user content more flexibly.

Our KYU screening tool helps web3 protocols verify community members and identify bots when they still rely on web2 platforms like Discord and Telegram. Moreover, there are features like cross-platform identity resolution, anti-exploit controls, and AI URL Filtering. 

Using our tools, web3 communities can have a much better chance of defending against attacks that are all too prevalent today. That’s also how we empower them to achieve optimal security. We grow with web3 communities, so that the information we build, can also immediately be put to future action once we achieve a world in which social communities operate on-chain.

Interesting! But many people believe that web3 is utopian and unattainable. Do you think it’s still too early to get excited about web3 or, for that matter, denounce it completely? 

Well, I, for one, don’t think web3 is unattainable - we already have some of its key elements ready and thriving. What we lack at the present moment is how to engage casual users, and create usage habits with those who are not already deeply invested. How do we create value in their everyday lives? What prevents an engagement loop from forming - do companies like Apple limit us encapsulating web3 to the average consumer? These are questions that won’t really go away.

It took us almost fifteen years to go from the non-interactive, static Web1 to the interactive Web2 that we use today. web3’s evolution will also take time, of course, because it has an even more ambitious vision. 

Blockchain’s emergence made network decentralization not only possible but also practical - with that introduced a new type of power dynamics, turning the tide in favor of builders and end-users. This is evidently, and will most likely be infamously illustrated by a DAO voting to squeeze out an investor - forcing them to take a massive loss. This really will be remembered as a cautionary tale - not for choosing to invest in web3, but for not adding value - and value that is respected.

Lastly, from an investor’s perspective, do you think it’s the right time to invest in web3? 

Some investors might be interested to see how existing paradigms may need to be reimagined (like payrolls, HR, and administration) into web3 - creating a large open field for people to build upon - if they haven’t already started building (they have.)

Investors should obviously never see this as investment advice. They need to do the equivalent of going to a grocery store and asking people buying a product if they find value in its purchase or use - that is to say, going to native web3 projects and fighting through the hype and smokescreens to find people truly making products that people look forward to using. Spend some crypto on projects, get a sense of what you get - what you feel as the end-user - and be a part of the growth of projects you want to invest within. Practice stronger due diligence on deals - it is evident that some investors are caught out by the hype. Web3 companies will if they can, avoid having legal entities in a world so heavily connected to fiat - so be prepared for that future too.

The watershed moment for investors leaving web3 investments on autopilot is beginning to arrive - and a failure to educate yourself and become involved - will leave you without allocation in favor of those who have taken the time to educate themselves and add value, before investment.