Philip Martin is an impressive guy. A veteran of the U.S. Army, where he spent years working on counterintelligence, he did stints at Amazon and Palantir before coming to Coinbase to lead its security operations. So his views on the crypto industry's horrendous hacking problems carry considerable weight.
I caught up with Martin last week, and asked him how the industry beset by hackers since the very beginning has evolved when it comes to security. He noted that, while fundamental principles remain the same, the rise of smart contracts has made the job considerably harder.
"Today, we have these massive, immutable, interrelated smart contracts that are storing tens of billions of dollars. I equate it to whipping back to 1970 and asking a dev to write secure code—they would fail miserably," Martin observed. He added that the fact that building and accessing smart contracts is extremely easy, but this has meant many core code libraries have gaping security holes.
Martin says it doesn't have to be this way, but many in the industry lack the incentives to build with security in mind. Coinbase, which has a strong track record on cyber defense, is trying to set an example with its new Base blockchain—building an open-source monitoring tool called Pessimism onto the chain itself. More broadly, Martin says he hopes the crypto industry will imitate Microsoft, which famously switched to a security-by-design approach with the launch of Windows 7 in 2009.
The crypto industry may have no choice if it wants to grow and be taken seriously. I wrote recently about an embarrassing incident where a custody firm, ironically named Fortress, let itself get robbed, and how this was just the latest in a long series of sloppy behavior that has made crypto a byword for hacking. It doesn't help that the most formidable threats are not rogue individuals, but a nation state—North Korea—and organized crime outfits in Eastern Europe. Little wonder companies are getting robbed every week.
The news isn't all bad, though. Martin notes correctly that smart contracts are barely five years old and that the basic building blocks of security to support them are still being built. It's also encouraging that big crypto companies that are fierce rivals—including Coinbase and Binance—regularly help each other when it comes to unmasking and stopping hackers.
But Martin says the industry needs to move faster and, in his words, "act like grown-ups." He has that right. Each new breach is yet another blow to the industry's already battered reputation and, if there is going to be another crypto boom, it will have to be built around a new ethos that values security as much as getting rich quick.
Jeff John Roberts
jeff.roberts@fortune.com
@jeffjohnroberts
