Cryptocurrencies have been varying in popularity over the past 4 years. This is largely down to the almost systematic bull runs which loosely follow the Bitcoin halving cycles. And are then followed by a bear market which completely wipes any gains for multiple gamblers/investors.
While the application and utility of cryptocurrencies is something which seems to drastically split opinions. One thing can be agreed upon by anyone involved in the crypto discussion: something needs to be done about scams and hacks.
According to the CNBC cryptocurrency scams totalled roughly $14 billion USD in 2021 alone. Crystal Blockchain report that over $16 billion USD was stolen in cryptocurrencies between 2011 and 2023. While the numbers reported vary, there is one thing which is clear: that is a huge amount of money to be stolen in a somewhat insignificant industry.
Compounding the staggering amount of funds which have been stolen in the crypto industry is the fact that cryptocurrencies have seen most adoption in emerging and undeveloped countries.
A 2021 report by Chainalysis argues that the 5 countries with the highest adoption rate of cryptos are: Vietnam, India, Pakistan, Ukraine and Kenya.
This paints a grim picture. The likelihood of a victim being someone that is already at a disadvantage places a higher emphasis on the need for an industry wide recovery plan.
It’s all well and good that crypto entrepreneurs have made billions from what is essentially nothing. But allowing this debacle to continue in the manner it has is just irresponsible.
If You Make Money From Other People’s Money, You Have a Responsibility
My opinion on crypto and blockchains in general has become a pretty passive one: meh is the word to sum it up. However, my opinion on the responsibility of technological vendors remains pretty straight cut: we need to protect our users.
Whether you are a dev on an open source blockchain project, the CEO of a centralised crypto exchange or Elon Musk, you have a duty to shield your users from financial losses incurred by using your technology.
In the traditional tech space this is not so much of a point of debate. If Twitter, for example, irrefutably causes a user to lose even a single penny, they will be forced, by law, to reimburse said user. That is regardless of whether or not they are able to reacquire the lost funds for their own coffers.
So why, I ask, do people just accept the rampant victim shaming which is toxically prevalent within the crypto-space? The phrase “not your keys, not your coins” is one which is touted a lot by maximalists. What about the cases where the wallet itself is the enabler of the scam? Is it not in the interest of all crypto related projects to ensure that innocent users are reimbursed?
Something, Something, Decentralised and/or Immutable
The reason which is often given by tech vendors in the crypto space is that there is nothing they can do to reimburse victims of the company’s incompetence. I’m sorry, but this is absolute bullshit (pardon my French).
Blockchain and crypto purists will often cite that what’s done is done. They will tell you there is no way to possibly reverse a transaction on a traditional blockchain. This is something which may be true for a few cryptocurrencies. Bitcoin, for example, has a mining algorithm which makes is extremely hard (not impossible) to reverse a transaction.
This, however, does not apply to all blockchains. Solana, Ethereum (as of ‘the merge’), Cardano, EOS and a whole bunch of other high market-cap coins all use a mining algorithm which relies on a relatively small number of ‘validators’. These validators essentially have the power to reverse any transaction they wish, if enough of them get behind the notion to do so. So What’s Stopping Them?
In a word, purists. The same purists that will tell you there is nothing that can be done to reverse the transaction(s) are the same people that will talk down on Proof-of-Stake (POS) blockchains. Their reason for distain towards POS? Validators technically have the ability to reverse transactions.
Quite the paradox, aye? This then begs a much larger question on the matter…
Who’s Responsibility Is It?
In my honest opinion the responsibility lies with the people/companies who are making insane profits from the largely unregulated industry. Companies such as Binance, Coinbase/Circle, Tether, TrueFi are all valued in the billions. They all run a pretty centralised system and they all have the ability to actually help those who have fallen victim to crypto scams.
Take Circle/Coinbase as an example. They operate/own the USDC cryptocurrency. It is a stable coin (which means it has a value which is pegged to a traditional currency). It operates using a smart contract which is held on multiple blockchains.
Their smart contract has the ability to blacklist an address. In doing so, they are able to prevent that address from sending or receiving any USDC. They also have the ability to mint new USDC tokens as they see fit. You can see where I am going with this, right?
If they a) can blacklist a hacker’s wallet and b) can print new USDC tokens, why on earth would they not simply blacklist a wallet which is proven to be owned by a hacker, print new tokens and issue them to the original victims?
Proving the Legitimacy of the Victim
If proving the legitimacy of the victim is a hurdle to overcome there are options. We know that centralised exchanges are required by law to KYC their users. We also know that every crypto user needs an on-ramp from a traditional currency. Adding to that we know that the majority of on-ramps are the exact same exchanges which KYC their users. You can see where I am going with this, again, right?
It suffices to say that a means of proving legitimacy of the victim would be to send a message from their KYC exchange wallet (which has interacted with the hacked wallet) to a wallet controlled by USDC, with a new address in the memo. This would enable the victim to nominate a non-compromised wallet in which they can receive their returned funds, and grant Circle/Coinbase the assurance they need to be sure they haven’t just returned the money back to the scammer.
The same methodology can be implemented in centralised exchanges. Consider that exchanges such as Binance operate using their own closed source blockchains with limited validator nodes. In doing so they are in sole control of the chain. They may not have the private keys to wallets on the chain, but they do have the ability to blacklist/freeze any wallet under their control.
Granted the scammer needs to send the funds to the exchange’s wallets, but it is at least something, right?
There are pitfalls in the plans above, nothing is perfect. For a start it requires cooperation between multiple competitors (good luck with that). It also risks pissing-off a few blockchain maximalists. But at least the above would be something.
Right now we are in a situation whereby private companies are making a fortune and doing very little by the way of assisting victims. They are shouldering none of the responsibility for the scams and hacks which they enable and shrugging it off with a simple “your fault, should have bought a ledger, moosh”. And that simply doesn’t cut it.
On the one hand they will tell you their platform is safe and encourage you to pile your hard earned money into their control. All the while they have the other hand ready to slap you down if you dare ask for help.
As for the maximalists, fuck them. Maximalism is one of the biggest scourges of the earth and thinking in absolutes causes more problems than it solves. Don’t worry, the hypocrisy in that last sentence is not lost on me.
Love, peace and happiness.