Exclusive Interview with Trust Wallet CISO Eve Lam: Wallet Trust is Not Based on Slogans, but on Independent Audits to Protect User Assets

In an exclusive interview with Trust Wallet's Chief Information Security Officer (CISO) Eve Lam, she shared how she brings the rigor of TradFi into the Web3 world. (Background: CZ's retweet sparked a 40% surge in Trust Wallet Token TWT; aiming for a billion Web3 users era) (Additional context: What is Trust Wallet's “Wallet as a Service” WaaS, its pros and cons, and can it become mainstream in the future?) In the crypto assets market, trust is a scarcer asset than coin prices. As hacking attacks and regulatory pressures become the norm, how is the security of wallets, which serve as the last line of defense for users' assets, ensured? We are pleased to interview Eve Lam, Trust Wallet's CISO, a veteran with 12 years of experience at Wall Street's TradFi giant Morgan Stanley, who reveals how she incorporates the stringency of TradFi into the Web3 world and how Trust Wallet builds a verifiable fortress of trust for over 200 million users worldwide through AI, open source strategies, and international standards compliance. From Wall Street to Web3, the transition of the security chief. Blockchain Trends: First, we are very curious about your background. Before you entered Web3, you had a wealth of experience in Web2. What prompted you to step into this new field? Eve Lam: Of course, I am Eve Lam, currently the CISO of Trust Wallet. In the three years since I joined Binance and Trust Wallet, I've focused on bridging TradFi and the decentralized world. Prior to this, I worked for 12 years at Morgan Stanley in New York as the head of cybersecurity architecture, so I am very familiar with the security space of Web2. About four years ago, I developed a strong belief in crypto assets and had the opportunity to join Binance. Frankly, at that time, I was quite unfamiliar with Web3 security, but after joining Trust Wallet, I learned from top cybersecurity experts every day, handled numerous security incidents and hacking attacks, and learned how to protect our users from countless scams, even helping them recover funds. This is my daily work now. The core of Web3 security: “Trust” should not just be a slogan. Blockchain Trends: As CISO of Trust Wallet, how do you view the importance of Web3 security becoming a key issue by 2025? Eve Lam: “Trust Wallet prioritizes security because our customers use our wallet based on trust. If it's not safe, their funds will be at risk, and they should not use any unsafe wallets.” I believe security manifests in two main aspects. First is protecting users, especially newbies. Trust Wallet attracts a large number of new users with its simple and user-friendly interface, but they are also the most vulnerable to scams. Web3 is full of traps, from honeypot tokens to various phishing scams. To address this, we developed a feature called “Security Scanner,” which acts as a co-pilot. When users attempt to interact with suspicious addresses or contracts, the system will pop up a warning: “Hey, please do not send funds to strangers or scammers.” Our goal is to allow all users, whether crypto veterans or newbies, to explore Web3 opportunities freely in a secure environment. “We don't use 'trust me, bro'”, three lines of defense reinforce the moat. Blockchain Trends: Besides protecting users from external threats, how does Trust Wallet ensure its own security? Recently, it seems that other industry participants have suffered from hacking attacks. Eve Lam: Yes, protecting the system itself is our second line of defense. Just a few days ago, we heard about a peer's source code being tampered with by hackers, affecting users. To prevent such situations, we have implemented extremely strict measures. Trust Wallet undergoes an average of 40 security audits per year conducted by top global security experts and “white hat hackers” who repeatedly examine our source code to ensure there are no exploitable vulnerabilities. Finally, and most importantly, we actively embrace regulatory standards. Although the DeFi space is not yet fully regulated, we have proactively deployed and obtained two international certifications: ISO 27001 (Information Security Management) and ISO 27701 (Privacy Information Management). This means that Trust Wallet's operational processes have reached internationally recognized highest standards in terms of both security and privacy protection. Blockchain Trends: This seems uncommon in the industry; why does Trust Wallet choose a more difficult but compliant path? Eve Lam: The trust we want to build is verifiable. That’s why we did three key things: First, we made our source code open source so that anyone with concerns about our system can inspect it themselves and prove we have no hidden backdoors. Second, we hired independent ISO auditors to verify our operational practices, proving we honestly prioritize our users' security and privacy. “In Web3, many non-custodial wallet players just say 'trust me, bro.' But we adopt a zero-trust principle; we don’t just verbally say we are trustworthy but hire multiple independent auditing agencies from Europe, America, and Asia to issue reports confirming that Trust Wallet is trustworthy.” Third-party proof is far more powerful than our own propaganda. Of course, we will also say we are good, but we prefer to let experts from all over the world endorse us. AI as an invisible bodyguard: paper trading, early warning risks. Blockchain Trends: You mentioned using AI-driven security solutions, such as real-time threat detection; how does this work specifically? Eve Lam: AI mostly operates behind the scenes, and users usually do not notice it. When users are about to connect their wallet to a phishing website or malicious DApp and prepare to sign a transaction, our AI will activate. It will “simulate” the result of executing this transaction, and if it detects any malicious or suspicious behavior, such as funds being transferred to known scam addresses, the system will immediately issue a warning to the user. The importance of AI lies in the fact that scam techniques are extremely complex, and it is difficult to judge the quality of a smart contract just by viewing it. We work with multiple security providers to establish a vast “threat intelligence network.” AI can learn the patterns of scammers from the behavior of hundreds of millions of users (not just Trust Wallet users) and provide risk ratings, such as “highly dangerous,” “medium risk,” or “safe.” It’s like a collective immune system where we share intelligence to combat hackers together. A new chapter for RWA: buying “NVIDIA stock” in the wallet. Blockchain Trends: Trust Wallet recently launched the Real World Asset (RWA) feature, allowing users to directly access tokenized stocks or ETFs within the app. What does this release mean for connecting TradFi and Web3?