Some people have said “Oh, that sounds like a horrible life, if you don’t trust people!” But it’s not as horrible as getting hacked or having things stolen– you’ve gotta think adversarially. You can kind of make it fun; what I do is I take it to extremes. I say, “What’s the worst thing that could possibly be happening with this person?” If I get into an elevator, I say “Is this person a thief? What would that look like?” If I am in a diner, and the kindly old woman behind me is taking too much of an interest in what I’m doing, I say “Is that a ‘Pwn Phone’ in her pocket, is she a hacker?” It gets fun that way, because it’s very unlikely, but if you think adversarially like that, then you think to yourself that every Wifi connection is bad, every person is out to get you, everybody is trying to kill you and rob you, and the wolves are at your door.
That goes into my second point– you’ve gotta think adversarially– you want to constantly think: “How is this going to be attacked?” Because if you’re creating ICOs, or you’re creating a company, or just in your personal life, or certainly anything you’re doing where you’re developing code or creating ideas like this, you want to say “How is this going to get attacked?” If I have anything that’s centralized, how is that going to be attacked? What’s the worst thing that someone could do? If I’m trusting this party, this party, and this party, what happens if 3 people show up with 3 different guns and pull them on those people? You have to think adversarially like that.
Some of the best people at doing this are the Bitcoin developers, at least from a code standpoint, which tends to spill over into their regular life in protecting their own emails and things like that. A lot of the best minds that I know in Bitcoin come from a very cypherpunk ethos, where they care about things like privacy, and they’re aware of things like the disclosures that have been made by Snowden. They know how easy it is to be hacked and compromised, and how many wolves there are in our Game of Thrones example– direwolves are at the door, trying to hack you. I don’t know how many hackers– that would be a great data point. But it is an extraordinary amount, and if they knew you exist, and they know you have crypto or suspect you might– the more they know, the worse. If they know what exchange, or if you use an exchange, that kind of thing, they’re at your door. There are thousands of highly, highly skilled people who want to attack you.
In code, you have to think “What’s the most evil thing anybody would do on this network?” If you’re building a network, or supporting open source projects, or building an ICO or business, or anything, you want to think very adversarially. Take a lesson from some of the real adversarial thinkers like Luke Jr. or Peter Todd, the people who are kind of known for poking holes in things and being almost extreme in their worries about risk. That’s a wise thing to do if you’re in crypto, think adversarially.
The third point I’ll make is, if you’re in crypto, this is a crazy space– anything can happen. I love Bitcoin, but I’m not ready to declare it the winner because the race is only 1 percent won. This is a multi-trillion dollar market. If Bitcoin becomes the global reserve currency, you’re looking at way, way higher– it’s so early in the race, something else could come along. Now, there is a little bit of a network effect, but that doesn’t matter that much– if you’re racing from Boston to L.A., it doesn’t matter that much when you’re in Newton, MA, it matters when you’re much further along in the race.
So don’t get too confident; go back to adversarial thinking, and don’t declare Bitcoin the winner or declare the game over, or even that it can’t be stopped by governments. It can’t be stopped technologically by governments, but make no mistake, governments could make a big hassle about it. If they declared it a felony in the United States, even I would close my business, and so would a lot of others. It’s less likely now, but you do have centralization, you do have government risk in China and the United States. Not risk of destroying it, but risk of harming it, and it’s still very early technology, and the race hasn’t been won.
They may try to squash it down, and as Andreas and others have pointed out, that’s fine– we’ll just make something stronger. I am confident about that, and if it were ever to be co-opted, all the good cypherpunks would leave and go do something else, even if they had to do it underground. That’s good, from an adversarial thinking standpoint, with Bitcoin. But my point is, you could do everything right personally, you could guard all your security, but you could still get rekt. You could still be hacked. There could be unanticipated weaknesses in a project that you’re involved with, no matter how well you think it through.
It’s like that Earth to Moon special where they talked about when the astronauts were killed, and they kept asking “whose fault was it?” One of the astronauts went to the testimony, and they said “Hey, it was Northrop Grumman’s fault, AND it was this contractor’s fault, AND it was my fault, AND it was your fault– it was everybody’s fault, because we just didn’t anticipate this particular error, which caused this particular disaster.”
That’s the way it will be in crypto, no matter how well you plan. There are cons and scams that I see sometimes and say, “Oh man, that was foolish, they didn’t have their 2-factor authentication on,” but there are some that I see where I say “Whoa, gee, that’s something that you could fall for.” If you think you’re immune to falling for a scam, then you’re vulnerable– you’re vulnerable no matter what. Somebody has thought of a zero-day scam, or a zero-day attack, meaning an attack that nobody knows about, only they know about it. Somebody has thought about some scam that they haven’t tried yet, and maybe you’re the first one that they’re gonna try it on. At some point, stealing somebody’s phone and getting the SMS, or tricking them to not use 2-factor– that was a new scam, the first people who fell for that weren’t stupid. You’re not stupid now, you just don’t know, any you can’t know everything. So, you’ve gotta think very adversarially.
I’d love to say, “We can do it, it’s crypto, we’re a community and we can build– we’re the crows on the wall, and we can rally against the White Walkers,” but it’s Game of Thrones. You could do everything right and be Ned Stark, and you could still end up with your head chopped off.
So, be careful out there: don’t trust anybody, think adversarially, and watch out and plan for a rainy day, because even if you do everything right: it’s Game of Thrones, baby.