During the Ethereum Community Conference (EthCC), co-founder of Ethereum Vitalik Buterin highlighted several tests that can aid in assessing the security of crypto companies. His speech was a significant contribution to discussions on security in the crypto industry.
Criteria for Assessing Security in Crypto Companies
The first test mentioned by Buterin was the 'walkaway test,' involving whether users' assets remain protected even if the company suddenly shuts down. He pointed out that the primary advantage of blockchain technology is that user assets are not stored on a single server.
'This is the most baseline thing that you should be trying to get out of your assets being on-chain instead of your assets being on a server,' Buterin noted.
He cited 'privvy embedded wallets' as an example of good security, as they allow users to export their key into another wallet.
Insider Attack Test and Trusted Computing
The next test described by Buterin is the 'insider attack test,' which contemplates the potential damage if a company were hacked by an insider employee or its founder. Buterin emphasized the need to evaluate weaknesses in the system not only from an outsider perspective but also an insider’s.
'A lot of projects in the ecosystem, I think, have been doing a great job of seriously thinking about these issues. But it’s something that we really need to insist on much more as a first-class property,' Buterin said at the EthCC.
Importance of Decentralization and Its Risks
Buterin also urged the EthCC audience to analyze the properties of the 'game' that a system creates. He warned that even if a protocol is designed to be decentralized and neutral, it can still become centralized if it incentivizes convenience through centralized solutions. Without good decentralized backup solutions, users may gravitate toward centralized providers for convenience, thereby negating the benefits of decentralization.
In his speech at EthCC, Vitalik Buterin addressed crucial aspects of security for crypto companies. His ideas and tests are highly relevant in light of the ongoing development of the crypto industry and the need for enhanced system reliability.
