Crypto Immutability only works if all layers are secure
With increasing institutional interest and use of various crypto-assets, including bitcoin, but also many other crypto-related applications, it seems worth revisiting an often stated but potentially misunderstood aspect of blockchain-based assets. In any conversation, presentation, or casual discussion surrounding blockchain or cryptoassets, one of the most frequently cited characteristics of crypto is the immutable (unhackable) nature of blockchain transactions. As has been proven time and time again, via hacks and other breaches that have cost investors billions of dollars annually, the protocols, exchanges, and applications that investors leverage are not—as it turns out—immutable.
This may seem like a basic concept, and one hardly worth mentioning again, but given the speed and scale of adoption by institutions worldwide, it is not something that should be overlooked. While the underlying blockchains may be immutable, although that has also proven not to be an entirely accurate statement, the proliferation of applications and use cases that rely on blockchain infrastructure are far from immutable. Many of these applications are designed to make the user experience simpler, easier and more convenient; all of which are worthwhile aspirations. That said, there are several elements that advisors, investors, and users of cryptoassets need to keep in mind as development, adoption, and (unfortunately) hacks seem to be on the rise.
Let’s take a look at some reasons why – despite almost constant iteration – crypto is not necessarily as immutable as one might think.
Exchanges are not immutable. Crypto exchanges and connected applications have routinely been hacked, breached or otherwise compromised, which in turn has resulted in billions in investor losses. Compounding these losses is the reality that most – if not all – of said losses are not covered by investor insurance or other traditional products. As investors of all sizes continue to show increased interest in crypto investing and trading, it is also worth noting that the user interface for logging into these exchanges does not have blockchain-enabled security or cryptography. For example, if a user has an exchange application installed on a smartphone or device, the only security that protects access to these funds is the traditional password protocols used to access the device and other applications.
In other words, it doesn’t matter if the blockchain is immutable if the password to access the apps that – again – provide access to investor funds, is relatively easy to crack.
Crypto assets are not perfect. This is something that has been painfully proven time and time again over the past few years of increased crypto enthusiasm, not all crypto assets are made with the same duty and care. Cryptoassets that have turned out to be complete scams, those whose underlying value has been seriously called into question during the recent crypto winter, and the recognition that many projects will face tough questions have dampened enthusiasm for newer applications. Innovation and creative destruction are part of every asset class and market cycle; crypto is no exception to this rule. However, it is worth highlighting that in addition to the issues raised above, there have been examples of blockchain applications – designed to increase interoperability – falling victim to major hacks.
As always, investors and users must perform proper due diligence, no matter how “boring” it may seem.
Smart contracts are not magic. Smart contracts, which are executable code embedded in an underlying blockchain, have been highlighted quite often as an integral part of the development of the wider blockchain ecosystem. From forming the foundation for decentralized finance applications (DeFi), to allowing decentralized autonomous organizations (DAOs) to function properly, to allowing blockchains to interact with legacy technology systems, smart contracts have gained prominence for all good reasons. However, such dependence and widespread development also provide a ready opportunity for unethical actors to gain access to a wide range of applications.
Examples abound of how errors or deliberate errors in coding have enabled hackers and other bad actors to exploit these use cases. Given how quickly the DeFi sector has grown – with total value locked (TVL) still in the tens of billions even during this crypto winter, this is not an insignificant matter. In addition to this, the role that smart contracts play in enterprise adoption cannot be overstated, and vulnerabilities with smart contracts represent a significant risk to future implementation.
As the blockchain and crypto space continues to evolve and evolve in creative and innovative directions, the bulk of this development rests on the bedrock of these applications being safe and secure. Immutability is almost always touted as one of the greatest strengths of blockchain-based applications, and this is true; It’s a powerful reason that has helped spur adoption. However, what should always be remembered is that the immutability of any blockchain or crypto application is only possible if each layer is equally secure. Advisors, investors and users would do well to keep this salient fact top of mind when considering potential opportunities.