Philip Martin is an impressive guy. A veteran of the U.S. Army, where he spent years working on counterintelligence, he did stints at Amazon and Palantir before coming to Coinbase to lead its security operations. So his views on the crypto industry’s horrendous hacking problems carry considerable weight.
I caught up with Martin last week, and asked him how the industry beset by hackers since the very beginning has evolved when it comes to security. He noted that, while fundamental principles remain the same, the rise of smart contracts has made the job considerably harder.
“Today, we have these massive, immutable, interrelated smart contracts that are storing tens of billions of dollars. I equate it to whipping back to 1970 and asking a dev to write secure code—they would fail miserably,” Martin observed. He added that, because building and accessing smart contracts is extremely easy, it has meant many core code libraries have gaping security holes.
Martin said it doesn’t have to be this way, but many in the industry lack the incentives to build with security in mind. Coinbase, which has a strong track record on cyber defense, is trying to set an example with its new Base blockchain—building an open-source monitoring tool called Pessimism onto the chain itself. More broadly, Martin said, he hopes the crypto industry will imitate Microsoft, which famously switched to a security-by-design approach with the launch of Windows 7 in 2009.
The crypto industry may have no choice if it wants to grow and be taken seriously. I wrote recently about an embarrassing incident where a custody firm, ironically named Fortress, let itself get robbed, and how this was just the latest in a long series of sloppy behavior that has made crypto a byword for hacking. It doesn’t help that the most formidable threats are not rogue individuals, but a nation-state—North Korea—and organized crime outfits in Eastern Europe. Little wonder companies are getting robbed every week.
The news isn’t all bad, though. Martin noted correctly that smart contracts are barely five years old and that the basic building blocks of security to support them are still being built. It’s also encouraging that big crypto companies that are fierce rivals—including Coinbase and Binance—regularly help each other when it comes to unmasking and stopping hackers.
But Martin said the industry needs to move faster and, in his words, “act like grownups.” He has that right. Each new breach is yet another blow to the industry’s already battered reputation, and, if there is going to be another crypto boom, it will have to be built around a new ethos that values security as much as getting rich quick.
Jeff John Roberts
jeff.roberts@fortune.com
@jeffjohnroberts
DECENTRALIZED NEWS
FTX’s former CTO testified that Sam Bankman-Fried’s hedge fund dipped into customer money as far back as 2019, and that the exchange lost or squandered $14 billion. (Fortune)
New rules from the U.K. financial regulator that impose a host of strict rules on crypto firms, including those outside the country, are now in effect. (Bloomberg)
A Swiss company is using Coinbase’s Base blockchain to create tokens that represent shares in a T-bill ETF, though they are only available outside the U.S. for regulatory reasons. (Blockworks)
Yuga Labs laid off an undisclosed number of U.S. employees as its CEO said the firm, best known for its Bored Apes brand, has pursued too many projects. (Decrypt)
A new research note from Bank of America says U.S. Treasuries have been oversold—a situation that in the past has been a precursor to major volatility in crypto. (CoinDesk)
MEME O’ THE MOMENT
This is the web version of Fortune Crypto, a daily newsletter. Sign up here to get it delivered free to your inbox.