by Thomas Zraunig Chief Information Security Officer @ 21X
Redefining Trust: The Security and Regulatory Foundation of On-Chain Markets
The history of capital markets is, at its core, a history of trust. For centuries, this trust has been built on a foundation of rigorous regulation and massive investment in security. Banking is as stable as it is today not by chance, but because the industry raised the bar collectively through standardized oversight and resilient infrastructure.
However, as we enter 2026, we are witnessing the next evolution: The transition from traditional capital markets to fully on-chain market infrastructure. At 21X, we believe that for this “new world” to reach its potential, it must adopt the same uncompromising commitment to security and regulatory certainty that defined the old one. When we took tothe stage at the New York Stock Exchange for #HalbornACCESS, our message was clear: Information Security is no longer a back-office function – it is the primary architect of market trust.
The Hybrid Mandate: Integrating Web2 and Web3 Security
Building trust in the era of digital assets requires a sophisticated “hybrid” approach. We cannot rely solely on the novelty of blockchain, nor can we ignore the hard-won lessons of traditional cybersecurity.
At 21X, we operate at the intersection of Web2 and Web3 security.
- Web3 Integrity: We leverage the deterministic nature of public blockchains like Polygon and Stellar to provide immutable transparency. Here, security is a key component in the protocol smart contracts which ensures that settlement is atomic and counterparty risk is eliminated by code.
- Web2 Discipline: Simultaneously, we maintain institutional-grade Web2 defenses. Protecting the perimeter, securing private keys, and managing the human element through Managed EDR and continuous SOC monitoring (via partners like NCC Group) remain critical.
Trust is built when these two worlds meet. It is not enough to have a secure smart contract if the interface or the administrative credentials are vulnerable. By securing the entire stack, we provide a “hardened” gateway for institutional participation.
Regulatory Certainty: Raising the Industry Bar
The stability of the global banking system is a direct result of enforced standards. We believe the digital asset industry must follow this path to achieve mainstream legitimacy. Regulatory Resilience is the bridge between innovation and institutional trust.
As the first fully regulated DLT-native exchange under the EU’s DLT Regime, 21X is built on the requirements of DORA (Digital Operational Resilience Act) and other industry standards. DORA ensures that our operational resilience is tested, reported, and held to the same standards as the world’s largest banks.
By raising the bars and embracing these standards, we aren’t just complying with the law, we are helping stabilize the entire ecosystem. Just as banking became a pillar of society through regulation, on-chain finance will earn its place through a transparent, audit-ready commitment to oversight.
The Evolution of Market Participant Awareness
In the traditional world, we spent decades educating users on the fundamentals of secure behavior – the importance of complex passwords, the necessity of Multi-Factor Authentication (MFA), and the dangers of phishing. As we move to on-chain infrastructure, the technology changes, but the requirement for vigilant, informed behavior remains the same.
At 21X, we view education as a core security pillar. Awareness is no longer just about protecting a login, it is about understanding the responsibilities that come with self-sovereignty and programmable assets. Just as the industry once taught the public to value “locked” browser icons and MFA prompts, we must now lead the way in educating market participants on secure key management, wallet hygiene, and protocol verification. By collectively raising the bar as an entire industry, we ensure that the “new world” of finance is not only technically secure but populated by participants who are as resilient as the infrastructure they use.
When our CISO, Thomas Zraunig, spoke at the Halborn Access conference at the NYSE on January 23rd, the topic focus was on this collective responsibility. At 21X, we are not just building an exchange; we are doing our part to set the standards for a new industry. Trust is being redefined not by abandoning the rules, but by automating them. We are building the infrastructure of tomorrow where security is a protocol, settlement is a certainty, and the “new world” of finance is finally ready for the global stage.
