Metaverse & Web 3.0 Cybersecurity Risks

The “metaverse” has been making headlines ever since Facebook co-founder and CEO Mark Zuckerberg decided to rebrand his company in October 2021. Rather than focusing on the current iteration of the internet, Zuckerberg is interested in Web 3.0 applications.

The metaverse is the concept of a virtual space where people can interact digitally using avatars. As such, Facebook became Meta, while many large tech companies took their lead as they announced plans to revolutionize industries such as gaming, despite pushback from their target audience.

In essence, the metaverse uses blockchain technology in the form of smart contracts and NFTs (non-fungible tokens), with one idea being a pay-to-earn model. In reading, you’ll see why things like a reliable VPN and safe online practices are crucial to navigating these new waters.

Here’s everything you need to know about the metaverse and Web 3.0, along with the various cybersecurity risks associated with the supposed successor to the internet as we know it.

What are the Metaverse and Web 3.0?

These words have been circulating everywhere online as of late, but where did they come from and what do they mean? Let’s break it down.

The Metaverse

What is metaverse? American novelist Neal Stephenson originally envisioned a virtual reality-based successor to the internet in his 1992 science-fiction novel “Snow Crash”, coining the term.

As Facebook rebranded to Meta following a range of damaging stories throughout 2021, they gave an explanation as to what they hope to achieve with the Metaverse:

“The metaverse will feel like a hybrid of today’s online social experiences, sometimes expanded into three dimensions or projected into the physical world. It will let you share immersive experiences with other people even when you can’t be together — and do things together you couldn’t do in the physical world. It’s the next evolution in a long line of social technologies, and it’s ushering in a new chapter for our company.”

An example would be seeing a virtual concert in 3D, or watching sports from a virtual seat in the stadium. Another possibility would be trying on clothes in a digital store, or working from home. As it’s still in the concept stage, the possibilities are endless.

Web 3.0

Web 3.0 works similarly, with the phrase being coined by Ethereum co-founder Gavin Wood in 2014. Built on decentralized platforms, Web 3.0 hopes to power the next wave of internet applications and services, forming the metaverse as we know it. They plan to do so using distributed ledger technology, the most common of which are blockchains.

Along with the use of avatarsvirtual reality, and augmented reality, Web 3.0 apps will be able to store data without it being centralized, which could solve problems we face with current systems in terms of online privacy.

A popular example of an early Web 3.0 app would be Siri, Apple’s voice-controlled AI assistant. It uses technologies like machine learning, natural language generation, and natural language processing to improve results over time.

A potential example of metaverse/Web 3.0 apps and services would be live museum exhibits, online games, or anything with the potential to use 3D graphics. Improved machine learning should lead to tailored results, improving the overall user experience.

What Spurred the Sudden Popularity in the Metaverse?

Much of the publicity stems from Facebook’s rebrand, as anyone interested in tech began to scramble to understand what the metaverse actually means in terms of practical usage.

One theory would be that Facebook was under a lot of pressure at the time, for everything from their role in the 2016 US presidential elections, to harming the mental health of teenagers, as Instagram was accused of “worsening body image issues and suicidal thoughts”.

Then there’s Covid-19, and the spread of misinformation about the virus on the platform that led US President Joe Biden to say that Facebook was “killing people”. Yikes.

He later clarified that his “hope is that Facebook, instead of taking it personally, that somehow I’m saying Facebook is killing people, that they would do something about the misinformation, the outrageous misinformation about the vaccine.” In other words, there is still a ton of pressure on the company right now, be it political or public.

Users appear to be wising up to their methods of using persuasive technologies, while Apple has limited the amount of tracking they can do on iOS, which also hurts their bottom line.

What caused the sudden popularity of metaverse solutions? Probably money, and the pursuit of profit as companies aim to improve user retention.

Risks of the Metaverse and Web 3.0

What are the cybersecurity risks associated with the metaverse and Web 3.0 apps and services? Quite a bit – and much of it is uncharted territory.



One of the more obvious drawbacks of a decentralized system is that criminals will take advantage of the setup. It happens with the current iteration of the internet and is more likely to happen if there’s no regulation within the sector.

There’s not much protection within the cryptocurrency sphere, which is intrinsically tied to the metaverse. After all, if you lose your password (or give it away mistakenly), the money is essentially gone forever. For example, over $2.2 million worth of NFTs were stolen from the New York-based art collector and gallerist, Todd Kramer, in what was reported to have been a phishing scam in January 2022.

Research by Chainalysis found that, “scams were once again the largest form of cryptocurrency-based crime by transaction volume, with over $7.7 billion worth of cryptocurrency taken from victims worldwide.”

The 2021 figure represents a rise of 81% compared to 2020.



If the idea is to create a virtual avatar that can be used across a range of sites and services, it highlights issues relating to online privacy, and the amount of data companies will be able to collect. This includes anything from medical data, to smaller tidbits that may have been missed with current apps and services.

In Meta’s most recent earnings call, Zuckerberg confirmed that “ads are going to continue being an important part of the strategy across the social media parts of what we do, and it will probably be a meaningful part of the metaverse, too.”

They’re probably salivating at the prospect of scooping up user data at unprecedented levels, especially as Facebook’s business model is based on using personal data to sell targeted advertising.

Then there are issues relating to cybersecurity, especially if criminals are able to get their hands on extremely sensitive user data used for the Metaverse. Historically, data leaks do happen, and one weak link could expose a lot of your info. Hence, the ever-present need for a secure VPN to protect your information online.


Lack of decentralization

Depending on your thoughts, the current iteration of the internet is more “free” than a system built using the global consensus found with a blockchain like Ethereum.

Then there’s the fact that large tech companies are leading the charge, and have a vested interest in molding the metaverse to suit their objectives. Will you still have the same level of anonymity seen with Web 2.0?


Technical limitations

One issue is that the current crop of Web 3.0 applications isn’t very good.

Of course, it’s fair to expect some limitations given the tech is in its infancy, but are we ready for virtual reality or the “evolution of social technologies”? Do we have the computational power to do so, and how will it look in practice?

Will VR make some people sick? I personally struggle to get on with many virtual reality platforms, a point which is also made by the originator of the metaverse term:

“I mean, VR has got some inherent limitations around movement. And the fact that, in many scenarios, there’s going to be a mismatch between what your inner ear’s telling you and what your eyes are telling you, which leads to motion sickness. People have tried to find ways to ameliorate that, but basically, when you’re doing any kind of complicated VR experience, you need to come to grips with that problem somehow, or else all of your users are going to end up being sick.”

Then there are financial limitations, insofar that the technology isn’t ready for mass-market, or is likely to be prohibitively expensive for the average user.



We already spend too much time online, staring at screens all day. It’s typical of the digital age, in which almost everything is within reach, or accessible with a few taps of a smartphone.

As a concept, mindfulness focuses on the ability to live in the moment, focusing on senses and feelings to reduce stress. The idea of plugging into virtual reality obviously comes with a range of potential issues in terms of the mental health of users.

Problematic social media usage is one, along with the prospect of users retreating into echo chambers with others who share similar views.



Will it be possible to moderate metaverse content, especially in a climate of rampant misinformation? According to Meta executive Andrew Bosworth, it’s a user issue rather than down to the platforms to police.

In an interview with Axios on HBO in December 2021, Bosworth said:

“Individual humans are the ones who choose to believe or not believe a thing, they are the ones who choose to share or not share a thing.”

He went on to explain that it’s “their choice. They are allowed to do that. You have an issue with those people… [not]… with Facebook. You can’t put that on me.”

Final Thoughts

Personally, the likes of Zuckerberg pushing for a nebulous “Metaverse” makes me want to stay as far away as possible. The same goes for services like Facebook and Instagram, which are designed to obtain as much user data.

In the interest of fairness, Meta spokesperson Jennifer Martinez said the company is “not going to build, own, or run the metaverse on its own. We are starting conversations about our vision for the metaverse early before some of the technologies even exist. Many of the things we’re envisioning will only be fully realized in five to 10 years. We’re discussing it now to help ensure that any terms of use, privacy controls, or safety features are appropriate to the new technologies and effective in keeping people safe. This won’t be the job of any one company alone. It will require collaboration across industries and with experts, governments, and regulators to get it right.”

It’s also slightly worrying that large tech companies, like Google, are pushing for an evolution to Web3 so strongly, arguably since they would like a bigger piece of the pie in terms of NFTs and other saleable content.

I’ve been wrong in the past when it comes to the future of tech, so I’m keeping an open mind with the metaverse, even if it does seem like the latest buzzword favored by marketers, advertisers, and so-called “tech leaders”.

As for potential cybersecurity risks, they appear to be numerous, especially due to a lack of regulation or recourse if you happen to be one of the unlucky ones. Your best bet is to build up your own toolkit of cybersecurity tools to help protect your privacy online. A secure VPN is the easiest place to start.

Comments are closed.