SlowMist x Web3: Wrapping Up a Successful Hong Kong Chapter
The 2025 Hong Kong Web3 Festival was held as scheduled, bringing together developers, investors, regulators, and tech pioneers from around the world to explore cutting-edge topics such as blockchain, DeFi, crypto compliance, AI, and the integration of Web3. Inspired by the four seasons — spring, summer, autumn, and winter — each stage creatively incorporated traditional Chinese cultural imagery, symbolizing the resilience and cyclicality of the blockchain industry. This also reflected the profound connection between the Web3 spirit and Eastern philosophy, showcasing the beauty of the fusion between technology and the humanities.
Hacking Time Recap
On the afternoon of April 8, the security-themed forum “Hacking Time: Web3 Security and Compliance,” hosted by SlowMist, was held at Stage Three. The event attracted a large audience interested in Web3 security and compliance topics.
The forum was opened by 23pds, Partner & CISO of SlowMist, who warmly welcomed all the guests and attendees. He then delivered a keynote speech titled “Cyber Tempest: Rebuilding the Firewall in 180 Days.” In his talk, 23pds introduced SlowMist’s expertise and technical service system in the blockchain security field, which includes comprehensive services such as security auditing, security monitoring, incident response, and anti-money laundering. He emphasized how SlowMist helps Web3 projects counter complex attack threats stemming from both Web2 and Web3 environments.
Using multiple real-world attack cases, he illustrated the evolution of cyber threats and highlighted MistEye, a proprietary security monitoring system developed by SlowMist. MistEye is designed for proactive risk management, capable of issuing early warnings and implementing defense measures before an attack occurs. Additionally, 23pds shared SlowMist’s successful experiences in incident response and asset recovery, and explained the crucial role of red and blue team collaboration in enhancing security defenses.
Next, Cos, the Founder of SlowMist, delivered a speech in which he shared the story and security philosophy of SlowMist. He expressed special thanks to the partners within the InMist threat intelligence collaboration network for their contributions and called on more like-minded individuals to join the InMist network to jointly build a secure blockchain ecosystem.
During his remarks, Cos announced that following the release of the Blockchain Dark Forest Selfguard Handbook and Web3 Project Security Handbook, SlowMist would soon open-source a new operations manual focused on on-chain tracking and attribution analysis, aiming to cultivate more on-chain detectives within the industry. He also revealed plans to launch a Web3 phishing simulation platform, co-developed by DeFiHackLabs, ScamSniffer, and SlowMist. This platform will offer users simulated phishing scenarios and hands-on defense training. Cos emphasized that SlowMist will always uphold hacker culture, stay open and committed to sharing, and continue to build strong relationships across the community.
Neilson.lei, CTO of RigSec, delivered a talk titled “Institutional Wallet Practices for Compliance and Security,” in which he outlined the compliance and security challenges currently faced by institutions in managing crypto assets. He also shared RigSec’s proposed self-custody wallet solution, highlighting the importance of the co-evolution of technology and regulation.
Ben Cheung, Senior Inspector of the Cyber Security and Technology Crime Bureau (CSTCB) of the Hong Kong Police Force (HKPF), provided an in-depth analysis of common phishing, fraud, and attack incidents within the current Web3 ecosystem through a series of concrete cases. He also presented the latest anti-money laundering (AML) strategies, supported by relevant data.
Nearly halfway through the forum, a highly informative roundtable discussion took place. The roundtable was hosted by Chloe, Marketing Director of Foresight News, and featured five experts from various fields: Keywolf, Partner & CPO of SlowMist; Tony Chen, Co-Founder & CTO of TokenPocket; Rex Zhang, COO of Onelnfinity; Jacquline Qiao, Partner at JunHe Law Firm; and Lin Yang, Founding Partner of Aquarius Capital.
During the roundtable discussion, the host posed a series of questions tailored to each guest’s area of expertise.
Keywolf, drawing from SlowMist’s extensive experience in on-chain security, analyzed the challenges faced by AML and provided examples of the on-chain anti-money laundering process.
Tony, from the perspective of a wallet provider, shared how TokenPocket mitigates common security risks such as private key leakage, phishing attacks, and malicious contract authorizations.
Rex Zhang explored the core challenges the crypto industry faces in promoting insurance mechanisms, providing an in-depth analysis of the unique aspects of Crypto insurance in risk assessment, compared to traditional insurance.
Jacquline Qiao focused on user privacy and compliance regulation, emphasizing the need to balance KYC/AML requirements while safeguarding users’ financial freedom and legal rights.
Lin Yang, from an asset management perspective, analyzed the current trends in Web3 asset management, delving into the main challenges in the compliance development of Crypto asset management and the key elements that institutions should focus on.
Lastly, in light of the increasingly complex international regulatory environment, the guests jointly discussed the current and future regulatory trends for Web3.
In the second half of the forum, Kong, the head of SlowMist’s Smart Contract Auditing Team, delivered a presentation titled “A Deep Dive into EIP-7702 with Best Practices.” In his talk, he provided a thorough analysis of Ethereum proposal EIP-7702, focusing on its potential and challenges in empowering externally owned accounts (EOA) with smart contract functionality. The presentation covered the implementation mechanism of EIP-7702, potential security risks, and corresponding best practices, including private key management, multi-chain replay attack prevention, and compatibility issues with existing infrastructure.
Kong specifically pointed out that when re-delegating accounts or authorizing them to potentially malicious contracts, users may face risks such as phishing attacks, and therefore should exercise extra caution. He also emphasized the importance of wallet service providers enhancing security protections and raising user security awareness when supporting EIP-7702 transactions.
Rebound, the Head of Security at TenArmor, focused his presentation on the ongoing threats faced by smart contracts in DeFi. He emphasized, “While audits are important, early detection and rapid response are even more crucial.” Through real-world case studies, he introduced TenArmor’s attack detection methods and provided security protection recommendations for projects, covering everything from development to operations.
Main Venue Recap
At the main forum, Dr. Xiao Feng, Chairman of Wanxiang Blockchain, delivered a keynote speech titled “Public Chain: A New Generation of Financial Infrastructure.” He pointed out that blockchain will build a new global governance system for financial markets, enabling large-scale collaboration.
Hong Kong’s Financial Secretary, Paul Chan Mo-po, also delivered significant news: the legislation for Hong Kong’s stablecoins is about to be passed, which will establish relevant compliance licenses for over-the-counter trading and custody services. Additionally, he announced plans to release the second statement on the development of virtual assets within the year.
Furthermore, representatives from the Hong Kong Securities and Futures Commission (SFC) and the Legislative Council also delivered speeches on topics such as spot ETF staking, stablecoin legislation, and token issuance regulation, providing clearer policy guidance for the compliant development of Web3.
In Venue 3, Keywolf, Partner & CPO of SlowMist, delivered a keynote speech titled “Challenges of Crypto AML: Specificities and Complexities in the Asia-Pacific Region.” He focused on analyzing the unique and complex aspects of crypto asset anti-money laundering (AML) in the Asia-Pacific region. Drawing on SlowMist’s extensive practical experience in blockchain security and AML, Keywolf engaged with the audience to explore solutions for enhancing the security and compliance of Web3 projects.
Blue, Partner & CTO of SlowMist, also attended the roundtable discussion in Venue 3. Along with other guests, he explored how to secure on-chain assets and shared strategies for asset tracking and response methods in the event of crypto asset theft, using real-world case studies. Additionally, he analyzed the current security threats within the Web3 ecosystem and, together with the guests and audience, discussed best practices for enhancing protection capabilities, contributing to the creation of a safer and more reliable blockchain environment.
Exciting Moments
As the platinum sponsor and Side Event sponsor of the 2025 Hong Kong Web3 Festival, SlowMist set up an interactive experience zone at booth D05, showcasing SlowMist’s latest research achievements and innovative solutions in blockchain security technology. This attracted numerous attendees interested in industry security to engage in discussions. During the event, Dr. Xiao Feng, Chairman of Wanxiang Blockchain, and Chairman & CEO of HashKey Group, also visited the booth to exchange ideas and provide guidance.
Meanwhile, the “Hacking Time: Web3 Security and Compliance” sub-forum hosted by us was packed with attendees, with all seats taken and many audience members standing throughout the entire agenda. It became one of the most popular events of the festival, highlighting the industry’s strong focus on security topics.
Final Thoughts
The 2025 Hong Kong Web3 Festival, spanning four days, concluded successfully. From the cutting-edge discussions at the main forum to the in-depth workshops at the sub-forums, and the technical showcases at the interactive experience zone, the event demonstrated the infinite vitality and potential of the Web3 ecosystem. This conference not only brought deep intellectual exchanges and collaboration opportunities to the industry but also further propelled the global deployment and development of Web3 technologies. SlowMist will continue to embrace an open approach and work hand-in-hand with global industry professionals to co-create a trustworthy, transparent, and sustainable Web3 security ecosystem. We thank all the guests and attendees who participated in the discussions and the security forum. We look forward to meeting you again next time!
Ps. Some of the presentation slides are now available. If you’re interested, please visit https://ht.slowmist.io/.
About SlowMist
SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, Crypto.com, etc.
SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, MistEye (Security Monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, RC², TianJi Partners, IPIP, etc. Our extensive work in cryptocurrency crime investigations has been cited by international organizations and government bodies, including the United Nations Security Council and the United Nations Office on Drugs and Crime.
By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.
