Or Ezra

Or Ezra

Security-curious backend dev

Why Backend Devs Should Care About Web3 (Even if You Hate Buzzwords)

If you roll your eyes every time someone says blockchain or Web3 - you’re not alone.
Between the hype coins, NFTs of rocks, and “get rich quick” pitches, it’s easy to dismiss the whole thing as noise.

But here’s the twist: behind the buzzwords, there’s actually a serious shift happening in how we design backend systems. And it’s one that security-curious backend devs (like us) should at least understand.

The Pain Points in Web2

Web2 gave us scalable cloud apps, social networks, SaaS everything, and the APIs we love to hate. But it also left us with a few huge pain points:

Centralization

  • One company controls the database.
  • One outage = half the internet down (looking at you, AWS us-east-1 👀).
  • One breach = millions of records gone.

Trust (the bad kind)

We don’t actually trust Google, Facebook, or Amazon because of cryptography.
We trust them because… well, we don’t really have a choice. Our data, identities, and logins live under their roof.

Data Ownership

When you “upload” a file or “create” an account, you don’t own that data - you rent it under their terms of service.
They can revoke access, monetize it, or even delete it.

Security Trade-offs

Yes, we’ve got HTTPS, OAuth, JWTs, and a zoo of acronyms.
But at the end of the day, we’re still pointing everything to centralized trust anchors. Keys to the kingdom remain in one vault.

Why Web3 Matters

Web3 tries to fix these pain points, using cryptography and distributed systems as the foundation:

  • Decentralization → no single point of failure, no single admin who can pull the plug.
  • Ownership baked in → users hold private keys, not just passwords stored in a corporate DB.
  • Smart contracts → backend logic that runs on shared infrastructure, enforceable without a trusted intermediary.
  • Transparency → blockchains as open, append-only audit logs for everyone.

And yes, also a transparent way to lose your money if you forget your private key 🫠.

A Quick Technical Glimpse

At a high level, the shift looks like this:

  • Web2 → Your API calls go to your server → your DB → your business logic.
  • Web3 → Your API calls interact with a blockchain → smart contract = the business logic → blockchain = the database.

In Web2, a POST /order call might insert a row into PostgreSQL, and you trust that your DB transaction log will keep things consistent.
In Web3, the same action could mean submitting a transaction to Ethereum, where the logic is encoded in a smart contract. The blockchain acts as both the transaction log and the database - but replicated across thousands of nodes.

Web2 VS Web3

Consensus instead of COMMIT;

In Web2, once your DB confirms COMMIT;, you assume the row is saved. That trust comes from the database engine and the fact that you control it.

In Web3, a transaction is only “final” after enough nodes agree on it (consensus).
Different blockchains implement this differently:

  • Proof of Work (PoW) → security through computational difficulty.
  • Proof of Stake (PoS) → security through economic incentives.
  • Byzantine Fault Tolerant (BFT) variants → focus on low-latency agreement within smaller validator sets.

All of these replace the implicit “trust the DBA” with “trust the protocol + majority of validators.”

Why It Feels Different

  • Latency & cost → writing to Ethereum may take ~12s and cost gas, vs milliseconds and free (to you) in PostgreSQL.
  • Determinism → smart contract code must be fully deterministic, since every node re-executes it. No API calls to Stripe mid-function 😉.
  • Immutability → there’s no “UPDATE users SET balance=0 WHERE id=123;” rollback. Once the transaction is on-chain, it’s permanent.

Why It Feels the Same

  • Both use transaction logs to ensure order and consistency.
  • Both rely on protocols, replication, and cryptography (yes, your TLS certs and DB WAL files are cryptographic in nature).
  • Both force you to think about failure scenarios and trust boundaries.

For backend and security engineers, this is still familiar territory: protocols, encryption, distributed systems. Just applied in a way where you don’t control the database - and that’s the whole point.

But Isn’t This Slower and More Expensive?

At this point you might be thinking:
“Cool buzzwords, but why would anyone trade millisecond latency for 12-second confirmations, or free DB writes for gas fees?”

Fair question.

The Trade-off

Web3 doesn’t try to replace your entire backend stack. It focuses on the part where trust, ownership, and transparency are critical.
Think of it like this:

  • Use PostgreSQL when you need speed and flexibility.
  • Use a blockchain when you need trust without a central admin and tamper-proof history.

Real-life Patterns

That’s why most real-world apps are hybrid:

  • Off-chain → Fast user interactions, analytics, storage of big data.
  • On-chain → Critical events, ownership, and value transfers (the stuff where trust really matters).

Scaling Beyond Layer 1

To make it practical, the ecosystem is building:

  • Layer 2 networks (e.g., Optimism, zkSync) → bundle transactions off-chain, settle them on-chain in batches.
  • Sidechains & rollups → balance performance with security guarantees.
  • Bridges & interoperability protocols → allow apps to choose the right mix of chains.

So no, you won’t be running your recommendation engine or real-time metrics dashboard fully on-chain.
But for the parts where trust and decentralization are the difference between “your users own it” and “your company owns it,” Web3 is designed to work in practice.

Hybrid Architecture

Wrapping Up

Web3 isn’t about throwing away everything we know from Web2.
It’s about adding a new tool to the backend toolbox - one designed for trust, transparency, and ownership in places where centralization is a liability.

Yes, it’s slower. Yes, it’s more expensive. And no, you wouldn’t use it for every endpoint in your app.
But for the critical pieces - identity, value transfer, shared state - Web3 gives us guarantees that a single company database never could.

For backend and security engineers, this isn’t science fiction. It’s protocols, consensus, and cryptography applied at internet scale. And understanding it now means you’ll be ready when parts of your stack inevitably start to look more decentralized.

What’s Next

This was just the appetizer. In upcoming posts, we’ll dive into:

  • Consensus algorithms and performance trade-offs
  • Smart contract security pitfalls (spoiler: they’re brutal)
  • Wallets & authentication without passwords

So stay tuned - this rabbit hole is both fascinating and, yes, full of cryptography.