Crypto Scandals, Scams, Hacks, and Just Plain Dumb Ideas

Crypto Scandals, Scams, Hacks, and Just Plain Dumb Ideas

“You say that crypto is a good thing, but what about the constant scandals and hacks and collapses I keep hearing about?”

You’re not wrong.

The crypto world is attempting to:

• do something very difficult;
• that is intentionally designed to allow people to do anything they want (including shooting themselves in the foot);
• with risks that are hard for even experts to understand, let alone laymen;
• for very high stakes, both economically and politically.

What that means is:

• It’s easy for the devs to screw up.
• There’s no way to stop bad actors from making bad projects and trying to attract suckers.
• It’s not easy to understand which projects are good ideas and which ones aren’t.
• There’s going to be political opposition.

“Yikes. And you still think this is a good idea??”

The potential benefits are worth it, the risks will decrease over time, and the risks right now can be mitigated by not putting in amounts of money that you cannot afford to lose, especially if you don’t understand what you’re doing.

We are still early; in the long run the crypto world has the potential to be a lot safer and healthier than the mainstream system, but we are definitely not there yet.

“How exactly do the risks decrease over time?”

Let’s distinguish between different kinds of bad things, because there are quite a few and they have different causes and solutions. Very roughly speaking:

• Scams: devs are dishonest
• Hacks: devs are honest but make mistakes
• Dumb Shit: devs are honest, code does what it’s supposed to do, but what it’s supposed to do is stupid
• Bullshit: the bad thing wasn’t crypto’s fault, but media acts like it was

Scams / rugpulls

This is where some devs promise to build something, collect a bunch of money, then run away with it.

Don’t give people a lot of your money unless you trust them.

Hacks

This is where a project’s devs are honest, but make mistakes. Writing correct code is hard; sometimes there are bugs, and sometimes a bad guy can come along and use one of those bugs to steal money.

There are lots of examples of this. I don’t really feel like making a list right now.

Honest crypto projects go to great lengths to try to avoid having this kind of thing happen. There are audits (where programmers who aren’t the authors of the code look over the code to try to find bugs), testnets (where the devs put the app up on a special blockchain that has magic faucets that pour out play money, to let people beta-test the app), extreme levels of super-duper-carefulness, etc. Still, sometimes bugs slip through.

Older projects that have been around for a while and are battle-tested are usually safer. And the good news is that once the code is right, it’s right. That is, the dream here is:

• Sure, in the early days of a particular protocol, there’ll be bugs. Don’t put large amounts of money into a new application that hasn’t been battle-tested yet.
• But in the long run, the devs will shake all the bugs out and release a version that is actually correct and then we can just keep using that forever and it’ll keep on working. (As opposed to an app run by an ordinary company made of humans, where just because it works today doesn’t mean the humans running it won’t become untrustworthy tomorrow, or be pressured by the government, or whatever.)

Dumb Shit

Here I’m thinking of Terra/LUNA (though there are plenty of other examples too).

I’m not saying that there wasn’t any shady human misconduct going on (I’m fuzzy on the details), but Terra was also just a really bad idea in the first place, and there were plenty of people who https://www.youtube.com/watch?v=6eOU5OaKd8s. The problem that eventually caused its demise was publically predicted by various people in advance; it wasn’t a bug in the code (the code worked the way it was supposed to), it was that its economics were designed in a dumb way. This was something that you could have figured out just by listening to what the project’s critics were saying about it (although it was complicated by the fact that the project had a community of obnoxious fans who went around loudly shouting down people who tried to speak up against it) (but the obnoxiousness of the community and the founder was also something that you might plausibly have noticed and been rightly scared off by).

That doesn’t mean we should say “it was your own fault” to the people who lost money; there were suicides, and a lot of other people who got really badly burned, and that’s not something to be flippant about. Still, this story is a good illustration of the fundamental tradeoff with code running on blockchains:

• We can’t stop anyone from writing whatever applications they want, and we can’t stop users from using those applications.
• But at least the users can see what they’re getting into and trust that the code will execute as-written.

I can’t claim to have foreseen Terra’s demise; before the crash, I had heard of the name Terra, but I knew absolutely nothing about it beyond that. If you had asked me about it back then, that’s what I would have said. And if you had asked me whether it was a good idea to put money into it, I would have said, “I wouldn’t put money into something I don’t understand reasonably deeply. And if you don’t understand it either and haven’t heard anyone you trust vouch for it, don’t put in an amount of money that you can’t afford to lose.”

Bullshit that gets unfairly blamed on crypto

With any sort of “crypto” project, it’s important to understand which parts of it are made of code and which parts are made of humans.

For example, FTX (which made headlines as a big “crypto” thingy that collapsed) was a normal company run by humans. It was an exchange - that is, a business that enabled its users to trade various kinds of assets (which just happened to be crypto assets like BTC and ETH and so on). The thing that went wrong with FTX wasn’t that there was some sort of flaw in BTC or ETH or whatever; the thing that went wrong with FTX was that the humans running it did shady things that they weren’t supposed to do (lending out its users’ assets).

This is exactly the problem that crypto fixes.

It’s useful to contrast FTX with another project called Uniswap, which is a decentralized exchange - like FTX, it’s an app that enables its users to trade various kinds of crypto assets, but instead of being made of humans, it is (mostly) made of code. (The code was written by humans, of course, but now the code is just running on Ethereum; its authors can and do release new versions, but the operation of the existing versions is out of its authors’ hands.) Auditors can look at the code for Uniswap version whatever and see that it just cannot do the bad thing that FTX did, because there is just nothing in its code that does that.

The high-level vision in the crypto world is that we’d love to keep on replacing more and more organizations-made-of-humans (especially the ones handling important stuff like money) with code that verifiably just does what it’s supposed to do. It’s also standard advice in the crypto world not to leave your assets in the custody of centralized exchanges (like FTX); move your assets to a wallet that you control, and then use decentralized exchanges like Uniswap. FTX wasn’t a crypto failure, it was a great example of why we really need crypto.

That’s the story with many of the scandals the news keeps telling you about.