With rising institutional interest and adoption of various cryptoassets, including bitcoin but also many other crypto related applications, it seems worthwhile to revisit an often-stated, but potentially misunderstood aspect of blockchain-based assets. In any conversation, presentation, or casual discussion around blockchain or cryptoassets one of the most often cited traits of crypto is the immutability (unhackable) nature of blockchain transactions. As has been proven time and again, via the hacks and other breaches that have cost investors billions of dollars on an annual basis, the protocols, exchanges, and applications that investors leverage are not – as it turns out – immutable.
This might seem like a basic concept, and one that is hardly worth mentioning again, but given the speed and scope of adoption by institutions across the globe this is not something that should be overlooked. While the underlying blockchains might be immutable, although that has also been proven to not be an entirely accurate statement, the proliferation of applications and use cases that are dependent on blockchain infrastructure are far from immutable. Many of these applications are designed to make the user experience simpler, easier, and more convenient; all of which are worthwhile ambitions. That said, there are several items that advisors, investors, and users of cryptoassets need to keep in mind as development, adoption, and (unfortunately) hacks seem destined to increase.
Let’s take a look at some reasons why – despite near constant repeating – crypto is not necessarily as immutable as might be thought.
Exchanges are not immutable. Crypto exchanges and connected applications have routinely been hacked, breached, or otherwise compromised, which in turn has led to billions of investor losses. Compounding these losses is the reality that most – if not all – of said losses are not covered by investor insurance or other traditional products. As investors of all sizes continue to show increased interest in crypto investing and trading it is also worth noting that the user interface for logging into these exchanges do not have blockchain-enabled security or cryptography. For example, if a user has an exchange application installed on a smart phone or device, the only security protecting access to those funds is the traditional password protocols used to access the device and other applications.
In other words, it does not matter if the blockchain is immutable if the password to gain access to the apps that – in turn – grant access to investor funds are relatively easy to breach.
Cryptoassets are not perfect. This is something that has been painfully proven over and over again during the last several years of increased crypto enthusiasm not every cryptoasset in created with the same duty and care. Cryptoassets that have turned out to be complete scams, those that have the underlying value put under serious question during the recent crypto winter, and the realization that many projects will face hard questions, have dampened enthusiasm for newer applications. Innovation and creative destruction are part of every asset class and market cycle; crypto is no exception to this rule. It is, however, worth highlighting that in addition to the issues raised above, there have been examples of blockchain applications – designed to increase interoperability – falling victim to large hacks.
As always, investors and users need to conduct proper due diligence, no matter how “boring” that might seem.
Smart contracts are not magic. Smart contracts, which are executable code embedded into an underlying blockchain, have been highlighted quite often as an integral part of the evolution of the wider blockchain ecosystem. From forming the basis for decentralized finance (DeFi) applications, to the allows decentralized autonomous organizations (DAOs) to function correctly, to allowing blockchains to interact with legacy technology systems, smart contracts have risen to prominence with every justifiable reason. Such dependence and widespread development, however, also provide a ready-made opportunity for unethical actors to gain access to a wide array of applications.
Examples abound of how errors or deliberate incorrections in coding have allowed hackers and other bad actors to exploit these use cases. Given how rapidly the DeFi sector has grown – with total-value-locked (TVL) still totaling in the tens of billions even during this crypto winter, this is not an insubstantial matter. Adding to this, the role that smart contracts play in enterprise adoption cannot be overstated, and smart contract vulnerabilities represent a significant risk to future implementation.
As the blockchain and crypto space continues to evolve and develop in creative and innovative directions, the bulk of this development rests on the bedrock of these applications being safe and secure. Immutability is almost always touted as one of the greatest strengths of blockchain based applications, and this is true; it is a powerful reason that has helped spur adoption. What should always be kept in mind, however, is that the immutability of any blockchain or crypto application is only possible if every layer is equally secure. Advisors, investors, and users would be well advised to keep this salient fact top of mind when reviewing potential opportunities.