Virtual Business: The Four Most Serious Threats Lurking in Web3

November 30, 2022

The dark side of the smart, digital and virtual world

More and more companies set out to explore business opportunities in Web3. But virtual worlds are rife with very real dangers, such as rights infringements, trademark violations, cyberattacks, and costly investments gone wrong.

WU Executive Academy Dean Barbara Stöttinger and digital expert Martin Giesswein shed light on the main pitfalls companies should be aware of.

An open hand over which digital symbols float
Opportunities and threats of Web3 - entrepreneurs should be aware of both. Photo © shutterstock - Black Salmon

Holding meetings in the metaverse, offering your product as an NFT, selling services via blockchain: corporations and companies around the world have discovered Web 3 as a new space to do business and are selling their products and services for a pretty buck.

A decentralized version of the world wide web, Web3 is made up of interconnected intelligent databases that draw on machine learning and artificial intelligence. Web3 has become a catch-all term for smart digital and virtual parallel worlds. And blockchain technology is playing a key role in all of this.

Web3 vs. Metaverse

So-called metaverses form a part of Web3: “Users can navigate their avatars through these virtual reality worlds consisting of 3D spaces and landscapes and buy services, digital goods, and experiences on the go. It’s important for companies in Europe not to miss this development,” Martin Giesswein says. On 11 and 13 April 2023, the “Web3 and Metaverse” certificate program (in German) the digital expert has developed in cooperation with the WU Executive Academy for the target group of executives and entrepreneurs will take place for the first time. Business models and opportunities in Web3 will make up a sizeable chunk of the program. “This course will bring executives and entrepreneurs up to speed on current Web3 technologies and send them home with a concise checklist for their activities in Web 3. This is knowledge they will be able to put into practice right away,” Barbara Stöttinger, Dean of the WU Executive Academy, shares about the background of the new training program, which will be offered as part of the “My Leadership Academy.”

Virtual avatars in metaverse in animated conversation
Metaverses are part of Web3 - virtual realities in which users act with their avatars. Photo © shutterstock - naratrip

But Web3 not only comes with a myriad of opportunities, it is also rife with dangers companies should be aware of. On this topic, Martin Giesswein and Barbara Stöttinger have compiled a helpful and hands-on list of tips to keep companies safe:

1. Reputational Damage Due to Infringements

In the Meta group’s Horizon Worlds metaverse, you can meet people, go to concerts together, or have virtual meetings. But these social interactions have been tainted by sexual and other attacks on the avatars of users, particularly female users. If you are thinking about recruiting or organizing customer contact in the metaverse, be aware that attacks of this kind can not only damage your reputation, they may even have legal repercussions.

Our experts’ advice: Just like in real life, companies should ensure orderly conduct at their virtual events and conferences. “Staff members attending an event with their avatars can see to that,” Barbara Stöttinger says. It will also be important to verify the identities of customers and guests at a virtual event or meeting to keep troublemakers at bay. Meta had to learn this lesson the hard way: “Horizon Worlds now requires avatars to keep a minimum distance of 1.2 meters,” Giesswein shares the company’s strategy to avoid virtual harassment.

2. Reputational Damage Due to Trademark Violations

Somebody out to hurt a company’s brand image could also do so by registering its domain; in fact, there are numerous organizations trying to register corporate names and brands on the blockchain’s domains. In case of a domain-related dispute, ICANN will intervene as the responsible authority.

Barbara Stöttinger Portrait

Barbara Stöttinger

  • Dean of the WU Executive Academy

There is no such authority in Web3. If an organization’s domain infringes on my trademark rights, I have nowhere to report this to. There are so-called domain grabbers out there who try to register companies’ brands on the blockchain’s domains. They can’t be held liable as they can‘t be forced to reveal their identities.

Our experts’ advice: So what can companies do? “Check and to see if an entity with an .eth or .blockchain domain extension has already reserved your brand name. If this is not the case, you should move quickly to secure it for yourself. If a domain using your brand name has already been grabbed, you can contact the organization or person behind it via chat to negotiate the terms for a potential transfer,” the expert says. Companies should verify the scope of their trademark protection, “for instance whether only physical versions of the brand or also digital versions are legally protected,” Martin Giesswein says.

3. Cyberattacks

“Comprehensive system and data protection mechanisms are a must also in Web3. Despite the increased security provided through blockchain registration, cybercrime threats encountered in today’s world wide web, such as phishing, cyberattacks, hoaxes, and denial-of-service attacks, also pose serious dangers in Web3. Cybercriminals will just as likely compromise products in Web3, such as an NFT,” Martin Giesswein says. This is what happened to the CEO of LimitBreak, a Web3 gaming firm: criminals managed to hack into his Twitter account and spread a scam link promising a free NFT. Users who clicked on the link and entered the smart contract code provided to download the promised NFT were, in fact, robbed by the criminals, who were able to clear out their victims’ wallets filled with actual NFTs and cryptocurrencies. And while banks can be held liable for the theft of account information based on phishing mails, consumers have nobody to blame but themselves in Web3.

Our experts’ advice: Against this backdrop, Martin Giesswein tells companies to keep the following in mind:

Martin Giesswein Portrait

Martin Giesswein

  • Digital expert

It’s not about whether we will be hacked in the future but whether we have already been hacked and did not notice it.

4. Investments Gone Sour

While it may be tempting to take the leap and invest big bucks into moving services and products to the metaverse, it’s something Barbara Stöttinger explicitly advises against. And Martin Giesswein agrees: “We simply do not know yet what will or will not work in the metaverse.”

Our experts’ advice: To offer some guidance in this uncertain situation, Giesswein and his corporate customers have jointly developed the so-called Web3 Radar: “It identifies and assesses fields in Web3 which are currently interesting for a company’s business or will be in the future. The Web3 Radar allows you to develop prototypes in the metaverse for the fields of interest identified and test them with sample customers. The VR software Spatial even lets you test metaverses free of charge. Should customers then develop a stronger demand for certain services in Web3 in the future, companies will be able to resort to the in-house skills already tested before. This will enable them to quickly develop and scale an offer.”

“A five-point evaluation method that is based on the Web3 Radar, which will also be covered in our Web3 and Metaverse program, will enable companies to tailor a step-by-step plan for their business activities in Web3,” Stöttinger adds.  


As more people start using Web3, we will also hear more about its dark sides. After all, one thing is true in real life and the WWW: technology is never good or bad; it’s simply what we make of it.

Update for Leaders

Join 15,000 + professionals and get monthly updates on leadership and management topics. Learn something new every month. 

Share this