I had other plans for what to write about this week, but the latest high-profile exploits in the digital asset space created a bit of a vortex where I was unable to think about much else. That these hacks followed a series of other failures which will shape the development of web3 for years adds to their significance. Despite the calamity, there continues to be innovation and a robust community upholding the ecosystem. However, the headlines provide more reason for regulators to impose oversight and may galvanize policymakers to be domineering.
Let’s look at some of the recent dramas and how they might affect the path forward for this young ecosystem.
On August 1st, the Nomad bridge (an interoperability platform built to connect several blockchains) was exploited when a routine upgrade left the protocol vulnerable to approving any carefully scripted transaction submitted to it. Someone wise to this situation pilfered funds in a handful of large transactions, which caught the attention of other traders who copied the original transaction and changed the beneficiary address to their own. A total of $190M worth of tokens were sent to 41 wallets*, leaving some to joke:
*about $17M has been returned by hackers since
Nomad raised $22M at a $225M valuation in April and the accompanying blog post touted their “security-first interoperability.” I’m not qualified to speak on any technical matter, but maybe these groups are moving a little too quickly in their iterative processes. The attack follows a number of costly tech oversights from groups including Wormhole ($320M), Ronin ($540M), and Horizon ($100M), who all endeavored to add value by allowing the ownership of assets to flow across chains. Various levels of reimbursement have occurred in each instance and their cause is a noble one for digital asset markets. However, is the “move fast and break things” approach causing more harm than benefit?
The day after the Nomad exploit, users on Solana began reporting that their wallets had been drained. A small number of Ethereum accounts had also been emptied. At the time of writing, the exact issue is still being uncovered, but it’s believed that a vulnerability in the code of the Slope wallet allowed the dissemination of plain text seed phrases, and in some instances, the sharing of imported private keys for other wallets.
You might be tempted to think that between these breeches, the losses caused by the Terra/Luna collapse, 3 Arrows’ implosion, and a string of CeFi bankruptcies that the digital asset industry would be on its deathbed, but somehow that’s not the case. The folks over at DappRadar published a piece on the state of the crypto markets since the contagion got started and some of the findings might surprise you. Unique Active Wallet (UAW) activity declined 12% in Q2 relative to Q1, but it’s still up 62% year-over-year. NFTs have suffered a similar fate, with volumes down 33%, while activity is still 48% higher compared to 2021. Gaming seems to have bucked the trend altogether with players continuing to interact with related dApps at “more or less the same rate as before the Terra incident.”
NFTs are proving to be particularly good at onboarding as many wallets show their first interaction with the ecosystem as an NFT trade over a transaction using a DEX. This plays into the thesis that the cultural component of JPEGs is more widely appreciated than a financial application.
I participated in a conference call hosted by Forbes last week that featured a number of guests who are focused on building infrastructure for enterprise adoption. When a large organization looks to enable digital assets, they typically begin by hiring consultants or tapping their network to get educated. Following that, executives turn their attention to safe interaction with and storage of digital assets. At a greater scale, there are more precautions in-place than your typical retail participant (cold storage, multi-sig wallets, etc.) and most groups won’t interact with DeFi directly. I think this has helped avoid major blow-ups and build confidence at the institutional level, where leaders are now looking to ‘add jet fuel to existing business lines’ by hiring a small team to come up with a go-to-market web3 strategy. Once a game plan has been selected, the next step is to build out a team with product managers, engineers, designers, etc. to carry out the tactics.
Few companies have started creating capacity for developing in web3, but there are many in the earlier stages – especially for NFTs. This is encouraging and not too dissimilar from how so many companies have already adapted their businesses for web2. Let’s take print media as an example. Before the internet, they operated a system of factories and journalism hubs, but the advent of the internet changed consumption patterns. Thoughtful executives sought to understand this new dynamic and then slowly changed how they interacted with customers. Before long, they hired developers to build apps and launched new forms of content. Now they look a lot more like technology businesses than printing and writing networks. I’m not sure if this part was scripted, but it was mentioned that Forbes is hiring and here are two of their web3 postings:
While many innovative incumbents look to tap into the power of cryptoassets, there’s still a contingent of firms who have yet to pivot meaningfully to the digital age. In a recent survey of 300 U.S. financial executives, 14.4% said they plan to develop a digital transformation strategy this year, while 7.5% said they had no plans to do so at all. Twenty-five years into this secular trend, over a fifth of American community banks and credit unions still don’t have a strategy for how to compete in the electronic landscape. Meanwhile, GonzoBanker notes that “[t]hree in 10 Gen Zers and Millennials now consider a digital bank or fintech to be their primary checking account provider.”
Have regulations influenced financial institutions’ hesitance to go digital?
Banks have come under strict oversight since 2008, making me wonder if this has played a part in some reluctance to accept transformation. The impact could be two-fold as incumbents face a higher, and more costly regulatory burden, which leaves less capital for investment. Further, would-be financial service providers stay away or compete along other vectors. Less competition and a common headwind could entrench outdated technologies.
The OECD says that “the ideal policy approach is to find an appropriate balance between preserving safety and soundness of the system and allowing financial institutions and markets to perform their intended functions.” Greater oversight could slow banking breakthoughs due to heightened sensitivity around risking client assets. As Jessica Pinkston remarks in this note criticizing the sector’s lack of innovation several “embarrassing customer incidents or precarious security holes can be traced back to incorrect configuration or fragile interfaces.” Does that sound familiar? The financial system has suffered similar setbacks to the emerging online ownership economy, but a fear of upsetting policymakers means that innovations have generally been rolled out slowly. The forthcoming oversight might look to impose a similar environment for cryptoassets.
Legislators have allowed FinTechs to operate with less onerous rules than traditional banks, so there’s hope that the emerging digital ownership economy will be afforded similar leeway, but the pieces of the puzzle seem to suggest that regulators in many jurisdictions will take a heavy hand to start. The former have encountered data breaches, but I can’t recall or find any incidence of client assets being siphoned off by hackers. That said, because NFTs (in their current form) are unlikely to pose any systemic threat - and because the consumer industry continues to ramp up their adoption of the technology - it seems like the space will be spared in early legislation. Regardless of how it all plays out, I’m confident that the community will remain committed to experimenting with code, governance, and… memes.