TECHNO-BARBARISM
Crime vs. Mass Adoption of Blockhain Technology
Foreword
I am going to make some people angry by writing this. I go into it knowing that, and I am still going to do it anyways. Why?
One of the things I have observed in my many years in the crypto space is that ideology often trumps reality. Projects that have no plausible way of working continue trundling along as zombies for indefinite periods of time. Beliefs about how systems work or what end users want which are completely unfettered from reality drift endlessly on vibes.
A constant drumbeat of "replace the banks" and "number go up" provides a new coat of paint over past failures, only increasingly tired each time, like the negligent property manager of a 100 year old apartment building in New York putting yet one more coat of the thick white paint over all the wear and tear of the latest past tenant without actually fixing anything.
Normally I ignore this, thinking that time will heal all wounds and eventually the economic realities of multi-billion dollars valuations for chains with minimal user adoption will bring order to the current chaos. Markets are definitely not efficient in the short-term, but over the long-term they tend to find their way there, albeit often on winding and unpredictably strange paths.
Today, however, I cannot. Why? Because we are facing the sort of threat that actually could disrupt the industry, not in the good way, but in the regulatory capture that kills the technology in its infancy sort of way, or worse, total anarchy that leads to a crippling loss of trust.
Cypherpunk Utopia
I have a lot of sympathy for the original vision of crypto.
For those of you who were too young to really follow what was going on, 2008 was when the mask was torn off with regard to traditional finance. In the years leading up to the great credit crisis, banks were seen as unassailable paragons of the modern economy. Overbearing mothers wanted their children to be investment bankers, preferably at Goldman Sachs but some of the lesser lights like Lehman Brothers or Deutsche Bank would do if that was all that was within reach. It had, perhaps, eclipsed doctor as the best profession for their ambitions they expressed through their children.
Why? These firms were flying high. Profits were at record highs, glowing puff pieces were being written about the obviously eternal and enduring power of the new markets for property, and housing prices were going to go up, up, and away to the moon. Maybe literally, given we needed more fuel for subprime mortgages; I am sure someone considered securitizing property on the moon and lending against it with no credit checks.
Then the wheels came off. More specifically, the wheels shot off the car like they'd each been fired out of a cannon at the same time the windows shattered, the engine caught fire, the roof ripped off to fly backwards into the distance, and the seat belts disintegrated into dust.
Everyone panicked. There were articles about the end of capitalism. There were protests of abjectly insane would-be hippies invading private parks in lower Manhattan to be angry about an internally inconsistent laundry list of gripes that ranged from completely justified (public bailouts of banks while executives rode off into the sunset with golden parachutes) to absolutely ridiculous (being mad at the very concept of money instead of… using the barter system, I guess?) to just plain silly (too many flavors of ice cream). For those of you who want to argue with me about this, I lived a few blocks from Zuccotti park and actually went and talked to the protestors.
However, the main enduring legacy was that people lost faith that the banks knew what the hell they were doing and that the government knew how to regulate them. We got the infamous article by Matt Taibbi calling Goldman Sachs a vampire squid, we got endless proposals for reform of a system that nobody quite understood how it worked culminating in the vast tome that is Dodd-Frank. The era of the big swinging dick Wall Street trader or the impeccably dressed master of the universe dealmaking banker was over, and the era of the timid, eternally whipped by regulators risk manager had begun.
Some people, however, were not interested in reform of the banking system. They were interested in replacing it. It is not a coincidence that Bitcoin emerged directly after the financial crisis, and the ethos of the earliest crypto adopters was deeply influenced by the banking crisis.
It was a plan to reject the past system and replace it with something new. Sound money, controlled by individuals, transparent, and not subject to the whims of central bankers or the opaque and compromised machinery of the banks.
The other part, though, was a rejection of the government as part of the system. This was bearer money. Censorship resistant, as it was called. The only people who could send money were the people who controlled the private keys, and there was no sovereign entity that could force a decentralized ledger to obey its rulings and expropriate them. Nor could governments print that money. The United States could not show up to the blockchain and demand they print another 21 million bitcoin so they could give it away to rich bankers in bailouts.
I find these to be laudable goals, and in many ways I support the thinking behind them. Governments should not be printing huge amounts of money to hand to politically favored groups while financially repressing the common man. It should not be possible to simply expropriate assets because a government decides to grab them. The current anti-financial crime dragnet actually does facilitate financial crime while serving both as a tool of political oppression and debunking the most vulnerable members of our society. And a lot of those banks totally didn't know what they were doing and were not regulated properly.
I also have a lot of friends who hold these ideals and buy into this system. Hell, the guy responsible for getting me teaching, Omid Malekan, would be an exemplar of this school of thought.
Thus, I think it is often a surprise to many in crypto that I have some very deep problems with the current system and believe the original cypherpunk ideals are impossible to achieve in the real world. The devil, you see, is in the details.
Rule of Law
Every system has rules. Without rules, you devolve into cartoon fights that look like a cloud with shoes, hats, and limbs flying out.
“"It is not wisdom but authority that makes a law"”
— HOBBES
Crypto is no different; here, you will commonly here the refrain "code is law", but what it really boils down to is that code enforces a social contract and consensus, which can be changed and has been changed over time, though for some chains the rate of change is certainly declining over time. When was the last major hard fork, after all?
One of the original principles of these rules, within crypto, is that people should not have their property expropriated by outside forces and instead should use self-custody to have control of their own money.
Which makes it somewhat ironic that the North Koreans just expropriated roughly $1.4B of funds from customers of ByBit and the response of the crypto community is a lot of pontificating on X and hand-wringing about how standing up to such brazen aggression by a nation state would be a violation of the core principles of crypto, which include that nation states should not be able to expropriate people.
After all, if you roll this back, aren't you showing you can expropriate people, so it's better to let those people be expropriated instead to prove they can't be expropriated?
Sounds kind of crazy when you zoom out and look at this from a first principles perspective, doesn't it?
This is the inherent contradiction of many forms of anarchist and libertarian thought: a system where nobody should have the power to enforce the rules usually ends up in a head on collision with the fact that rules can always be enforced with a sufficient amount of, well, force. Thus, those systems do not end up as egalitarian, individualist systems. Instead, they end up being controlled by whichever warlord has the most guns, bombs, or in this case, hackers, and the willingness and ability to use them.
We are witnessing that exact situation play out right now in crypto, where the unwillingness of the community to utilize force is instead giving the initiative to those who are willing to exploit that system with force.
Techno-Barbarians
In approximately 1000 AD, the Vikings had been the scourge of England for hundreds of years, and would continue to be for a little while (eventually even taking over briefly under Cnut). They raided the coasts, they pillaged villages, they stole, and they took those living on the isles as slaves, often to be traded in the greater European and Mediterranean / Arabic slave trade of the time.
The response of the English to this was at times muscular, such as when Alfred kicked them off the island by kicking their ass thoroughly, or something less than muscular, such as when the four major Anglo-Saxon kingdoms of the time were busy with their disorganized and poisonous political rivalries and could not mount an effective defense. Perhaps the best example of the latter was Aethelred the Unready, who ultimately fumbled away the Anglo-Saxon dynasty to the Vikings (though it was nearly saved by his son, Edmund Ironsides, despite the best efforts of Aethelred to undermine that too). During his reign, he was notorious for paying Vikings to stop raiding English towns and the coasts. Unsurprisingly, when the Vikings realized they could show up, cause trouble, damage infrastructure, and then get paid to leave (along with all the stuff they had already stolen), this made the problem much worse for England as opposed to better. It became a money piñata for the Vikings, creating unsustainable systemic risk, and meanwhile, Aethelred was too busy being an ass and the nobility squabbling with each other to coalesce around fighting a greater threat that eventually overwhelmed them.
Sound familiar?
The Lazarus group and North Korea have become, essentially, a modern version of crypto Vikings. They have been systematically pillaging the ecosystem, with exploits from the Ronin Bridge hack to the ByBit hack, and the response of the ecosystem, much like Aethelred in England, has been… to fight about leadership at the Ethereum Foundation or scam people with memecoins while completely ignoring the much larger problem of ever-increasing levels of outright theft and economic warfare against crypto.
For institutional stakeholders, this represents an unacceptable security paradigm.
Meanwhile, you have the code equivalent of Viking longboats filled with hackers sailing the waters of the blockchain and absolutely no effective defensive measures against their increasingly bold exploits.
To understand why this is such a problem, one must understand the nature of these groups. I often see people conflating all scammers, hackers, and bad actors in the crypto space into a single monolithic group where they just want the cash and care about the big score. There is the belief that somehow if these people grab a ton of money, they will vanish onto a boat with a bunch of half-naked women and ride off into the sunset, like the mythical pirates of yore.
There is some truth to this with some crypto hackers. There are plenty of examples of big scores where someone cashes in and essentially vanishes. The problem is that the Lazarus group is not this. A better understanding of them is that they are a corporation, looking to grow. Each large win increases their budget, increases their resources, and allows them to grow stronger. They are not going to retire on a beach. They are going to hack harder. Every win that the ecosystem tolerates also encourages this behavior, just like medieval England turning into a punching bag full of money for the Vikings.
The problem is only going to get bigger for all market participants, including institutional players.
Offense vs. Defense
The most common refrain from the crypto community isn't that this should be allowed, but rather that there is nothing they can do about it and people should improve their operational security.
I consider this to be perhaps the single best demonstration of the crypto utopianism at the heart of the problem. The Lazarus group now has an extra $1.4B in their budget, somewhere between hundreds and thousands of clearly competent hackers working for them who were able to exploit one of the major crypto exchanges, and you're going to tell an asset manager with twenty employees that they should "harden their systems" against these guys? Or maybe a non-technical user like my wife/mother, who still keeps her seed phrase stored in plaintext on her laptop, to do that?
This is deranged behavior. It is a perversion of the idea that someone should take individual responsibility for their actions, as if someone could rationally understand that in the current framework, owning crypto appears to mean you might have to confront the full force of the technological capabilities of a nation state on your own (and right now, you're lucky it's North Korea, imagine China or the United States getting in on this game), there is a pretty obvious decision if one is individually responsible:
Don't use or own crypto.
After all, infosec is not something that happens once. It is not a fire and forget thing where once you secure your system, it stays secure. If you know any professionals who work in this space, they understand it is a constant arms race on both sides as systems evolve, new complexity and vulnerabilities are introduced, new tools are created to defend, track, and monitor, and after all of that, it's still going to be an intern clicking on an obvious phishing link because they are drunk after hitting on a girl at lunch and trying to be cool that compromises your system.
The punch line is that perfect security is not possible, and so long as you have a mutli-tentacled leviathan like Lazarus roaming under the waters, cargo will be lost in transit and ports will be plundered and sacked.
conquest
Good news : England did effectively eject the Vikings and restore some degree of stability. The bad news is that this was not done by the English, nor was it because the Vikings just gave up. It was because the Normans showed up and took the whole damn thing over.
That's right. The lesson of that conflict is, hilariously, that somehow both sides ultimately lost in the end because they created an opening for a third party.
I am writing this article because right now, I can see this exact same trend playing out in crypto. If the ecosystem will not defend itself effectively and begin to take steps to block these actors, the victor will not be crypto and decentralized trust (by which we mean maximum pillaging), and it will also not be the pillagers.
It will be the techno-Normans waiting in the wings to conquer the barbarian wastes with their superior weaponry and strategy. In this case, that would be the absolute worst case scenario for crypto, because do you know who they are?
That's right. The traditional finance companies.
If you don't think that banks, large asset managers, and payments companies are waiting in the wings, deploying tokenized funds, tinkering with their technology, and figuring out how to launch their own expedition to conquer the lands of blockchain, you are not paying attention at all.
Even worse, right now the system that they would intend to build, which largely looks like a replica of the current one, just on a blockchain so with slightly more interoperability between them (but not for the plebs) is probably better in the long-term for the average consumer.
Read that again.
If you have a choice between a bank oligopoly vs. anarchy and constant exploit by virulently evil nation states, well… what exactly are we doing that the bank oligopoly might turn out to be the lesser of the two evils, people?
countermeasures
Not all systems that experience predation at the hands of barbarians or techno-barbarians will fall. Right now, the main driving force is the lack of will or vision to fight back, but this does not have to be the case. It merely is the case right now.
To that end, I am going to propose some potential solutions that would benefit both institutional and retail participants that I think ignoramuses’ are also going to be mad about, but I also suspect this will age well with time…
CHANGES TO VALIDATION
One of the problems right now is that there's not an obvious way to interdict hacks rapidly. Again, this goes back to the principle of permissionless systems where any transaction that is valid "per the code" just gets to go. It doesn't matter if it was the North Koreans stealing $1.4B. They put in the right information, it happens.
This structure ultimately needs to change. A system that is willing to be neutral to nation-state malfeasance is one that will, ultimately, not survive. Read back up to the section where I talked about people having to individually defend against this threat as it grows, or think about what will happen when one of the BTC ETFs inevitably gets hacked.
At some point, we need a kill switch. If we are taking from systems that work properly, the bar for permanent interdiction of a transaction should be relatively high, but the bar for temporarily holding a transaction or locking tokens in a wallet should be low.
So here's a question: why don't we give any validator the ability to put a 24 hour hold on tokens, where the entire network then needs to vote on if those tokens will be released or continued to be held? And if a validator does this and the hold is not sustained by the network, they get slashed (open to if this should be every time or if they fail repeatedly to avoid spammers locking up a network).
This would give anyone the ability to throw the penalty flag on a large hack and give time for the entire chain to make a decision on what to do, which puts significant stress on would-be hackers and allows for proper decision making. If this was in place, it would have been much better to interdict the ByBit hack and simply return the funds.
Would this be a bad feature? Yes, it allows a chain to "censor", but the bar is pretty high if you make that a majority or supermajority vote by validators or something of the sort. We essentially already have that with hard forking, so why not create a more tactical version to be deployed in this case?
Doxxed Validator Sets
People are also going to dislike this one, though it is technology that already exists out in the wild (ht: Stellar, some Avalanche subnet configurations, etc.). Governance attacks get a lot harder when these are known organizations that behave in predictable ways, or exploiting those organizations becomes a much easier case for a hard fork.
It also provides a target for law enforcement to interact with, which the crypto community is going to balk at, but playing the long game, this might be preferable to a decentralized system with no obvious target to interact with, as if that system continues to be rife with techno-barbarians pillaging the countryside, where you eventually end up from a nation-state perspective is bans on participation and everyone owning or facilitating for it facing legal peril for doing so.
Obviously this is controversial, and I would not recommend it for something like BTC, but if you are looking at a venue for the trading of tokenized real world assets, this validator structure makes way, way more sense than an economic security model purely for practical reasons (you cannot provide enough economic security with the token to secure $100T in assets).
Social proof matters, essentially.
Playing Offense
Have people also considered proactively countering the most malicious actors?
One of the reasons they keep doing this is that they get away with it and keep the funds. If many, many chains all made a compact to track the funds flowing around from hacks and, whenever they found them, seize them back (or hell, just burn them, go full scorched earth), then the economic returns from hacking would go down dramatically.
Sometimes, it's better to fight fire with fire, and sometimes, the evildoer using force will only understand the language that they already know and needs to have it turned back upon them to stop.
Pre-empting Objections
I know a bunch of people are going to say that as soon as chains start doing this, it's going to be the end of the permissionless paradigm because they show they have the power to do these things.
One, everyone knows that you already have the power to do these things and are choosing not to. This pacifism in the face of out-and-out expropriation by nation states (again, I thought we were against that) is allowing precisely the thing crypto was supposed to prevent, like the rent-a-cop who hassles the teenage kids who were smoking while someone loots the store and carries tens of thousands of dollars of merchandise out the back.
Two, if you really want to not have this power, you are creating a system that incentivizes widespread exploitation. This will not end well. Take the long view here; if you want mainstream financial and consumer adoption and crypto prices to go up, you can't be saying to grandma "hey, this is way better than the traditional system, so long as you can defend yourself from an operational perspective against the highest sophisticated nation-state actors across the globe”. She can't. It's an absolute blocker to the mainstream. If you want to become a shrinking backwater used for crime and stupid memes, go with this, but if not, maybe change course?
Remember, all of this comes from wanting blockchains to succeed in the long run. We can't build the max crime minimum defense playground and think that's going to work especially for institutional and consumer adoption. It's stupid. We have to do better.
moving forward
There are many factions within crypto, but the reality is that most have been either effective at pushing their view but not gaining more traction, or completely ineffective at pushing their view but continue to do so anyways.
I think it is time for a functionalist group within the ecosystem, to rally around those taking pragmatic approaches to solve these problems and, ideally, using the best ideas from tradfi and other traditional systems of governance while also trying to eliminate the worst and maximize the value of the technology.
For enterprise blockchain applications, there is 100% a place for a permissioned validator set, pause for large breaks, error reversal possible, open access chain that can be used by retail and all global financial institutions. This really isn't something that exists right now (though portions of it do exist in various architectures designed after the original chains), but it's something I believe the community needs to start thinking a lot harder about.
