Crypto Frontline

Introduction

On 6 November 2025, at the China International Finance Forum At the Hong Kong Summit, Professor Gu Ronghui, co-founder and CEO of CertiK, participated in a round-table discussion themed “Compliance and Innovation of Digital Asset Trading Platforms”. The conversation took place against the backdrop of rapid developments in Web3 regulation globally and underscored how compliance, security and innovation are becoming increasingly inseparable in the digital-asset ecosystem. The event provided a timely forum for industry leaders, regulators and institutional financial actors to exchange views on how digital asset trading platforms can evolve in a way that is both secure and compliant.

The Changing Landscape Of Digital Asset Regulation

Professor Gu made clear that the regulatory environment for digital assets has shifted from a somewhat abstract debate to a more concrete and implementation-oriented phase. At the forum, he observed that many regulators and traditional financial institutions entering the Web3 field harbour security concerns and often lack a clear understanding of the specific sources of risk. He said:

“Whether it’s regulators or traditional financial institutions, there are always certain concerns when entering the Web3 field. The first reaction is often to worry about security issues, and in many cases, the specific sources of these risks are not well understood.”

This statement highlights two intertwined themes. First, the security dimension — not just the broad concept of “cyber risk” but very specific vectors such as backdoors, abnormal transaction behaviours, insider threats — is front and centre. Second, regulatory and institutional actors are still navigating how to visualise these risks and build frameworks around them.

Regional Dynamics: Differentiation In Regulation

One of the stronger themes from Professor Gu’s remarks was that since 2022, global regulatory responses to blockchain and crypto-assets have shown clear regional differentiation. In his words:

The United States has followed a relatively conservative posture towards blockchain and crypto assets.

Asian markets, specifically Hong Kong and Singapore, have emerged as early adopters of regulatory frameworks and as more welcoming jurisdictions for Web3 innovation.

He further noted that this dynamic may change soon:

“With the passage of the U.S. GENIUS Act this year and the consensus reached between the U.S. Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) in the field of digital asset regulation, it is expected that a systematic regulatory framework will be introduced soon.”

Hence, while Asia may have been at the forefront of institutionalising Web3 regulation, the United States is poised to play catch-up: stakeholders anticipate more comprehensive regulation, possibly aligned or coordinated on a global level by 2026.

This regional differentiation carries important implications: firms and platforms operating globally must navigate multiple regulatory regimes — some progressive, others cautious — and plan for an environment in which harmonisation (or at least coordination) may become more prevalent.

Compliance As A Driver Of Innovation

Another major point stressed by Professor Gu is that compliance is no longer a burden to be borne reluctantly. Rather, it is an integral enabler of innovation in the Web3 space. He stated that for the compliant development of the Web3 industry to take off, technological security must form the foundation; human risk is the most easily overlooked link in the compliance chain.

He gave a potent example: A Hong Kong based stablecoin-related company suffered a US$50 million theft due to an employee implanting a code back-door. The critical point — this was not an external hack, but an internal threat. CertiK’s monitoring system, Skynet, detected the abnormal transaction behaviour, illustrating how a sophisticated security-monitoring infrastructure can fill the gap between traditional regulation and emergent Web3 threat vectors.

Technological Infrastructure: Monitoring, Detection And Governance

Professor Gu described how CertiK has built a set of tools and frameworks to support both enterprise clients and regulators. Among them:

The Skynet monitoring system which can identify abnormal transaction behaviour and suspicious flows in real-time.

A series of Skynet reports (three issued so far) covering stablecoins, real-world assets (RWA) and digital asset trading (DAT) that summarise security issues, potential risks and typical incidents of concern for enterprise and regulatory clients.

Close collaboration with regulators across the United States, the Middle East and Asia to fill in the blind spots of conventional regulation when it comes to Web3-specific risk visibility.

In Professor Gu’s words: CertiK has served over 5,000 enterprise clients and safeguarded assets totalling over US$600 billion. By demonstrating that “technological innovation can not only support compliance requirements but also safeguard industry innovation”, he reinforced the idea that secure infrastructure is foundational to the next phase of digital finance.

The Path Ahead: From Proof-Of-Concept To Real-World Implementation

Looking forward, Professor Gu suggested that as global regulatory frameworks become clearer, blockchain technology will move from “proof-of-concept” to more real-world applications. He cited examples of traditional financial institutions and banks that are already exploring blockchain for internal settlement or process optimization, thereby reducing costs and improving efficiency.

He expects that continued improvements in regulatory policy will drive more compliant and secure blockchain innovations into the real economy, thus injecting new momentum into the sustainable development of the digital-finance industry.

Some key take-aways for what to expect in the next 1-3 years:

More global regulatory coordination and policy alignment, potentially culminating in more harmonised regulation by 2026.

Traditional financial institutions increasingly engage with blockchain and Web3 infrastructure as part of core business operations.

Increased adoption of monitoring, compliance and risk governance tools within Web3 platforms and financial institutions.

The importance of internal actor risks (human risks) becoming increasingly visible and mitigated via technology, rather than external threats alone.

A maturing of the digital asset trading-platform sector from early stage experimentation to accountable, compliant infrastructures.

Implications For Stakeholders

For Regulators

Regulators must continue to adapt: the conversation is no longer just about “should” we regulate digital assets, but “how” we do so effectively. The tools and risk-visibility infrastructures being developed by industry can serve as valuable partners for regulators in detecting and intervening in real-time.

For Traditional Financial Institutions

Banks and other traditional finance actors must recognise that the Web3 space is no longer purely experimental or fringe. To remain competitive, they will need to build expertise in blockchain-based processes, integrate risk-governance frameworks, and embrace collaboration with Web3-native technology providers.

For Digital Asset Platforms and Web3 Firms

For platforms operating in trading, settlement or tokenisation spaces, the message is clear: compliance and security must be integral from the outset. Platforms that ignore emerging regulatory norms or visibility tools risk both reputational and monetary loss. Being proactive about security, transparency and risk-governance will be a differentiator.

For Investors and the Broader Ecosystem

A more mature regulatory regime implies fewer “wild-west” scenarios but also potentially higher costs of compliance. Investors should assess platforms and firms not just on growth metrics but on how well they embed compliance, governance and risk-monitoring. The value of secure, regulated innovation may become more apparent in the years ahead.

Challenges And Considerations

Despite the positive tone, Professor Gu’s commentary implicitly flagged several longstanding challenges. For example:

The human factor remains difficult to manage: internal back-doors, insider threats and human-error vulnerabilities are often under-resourced compared to external hack vectors.

The fragmented nature of global regulation means platforms operating across jurisdictions must navigate multiple sets of requirements, sometimes with conflicting expectations.

The “visibility gap” in Web3—where regulators and institutions may lack clear data on token flows, smart contract events, bridging activity—remains significant, and industry tools are still evolving.

There is a time-lag between regulatory intent and implementation. Even though frameworks may be on the horizon (e.g., in the U.S.), the full regulatory architecture may not be live for some years, leaving a transition period of uncertainty.

Conclusion

The Hong Kong Summit provided a rich platform for dialogue between regulators, industry and technologists. Professor Gu Ronghui’s contributions underscored that in the emerging Web3 and digital asset ecosystem, security and compliance should be viewed not as obstacles to innovation but as enablers. The shift toward global regulatory coordination, the emphasis on real-time risk monitoring, and the evolving role of traditional finance all signal that the industry is entering a more mature phase.