Alchemy University

Ch. 9: Risks, Safety, Regulation, and Ethics

Course/Ch. 9: Risks, Safety, Regulation, and Ethics
Lesson 9.27 min read

Technical and Security Challenges

We’ve touched on hacks, but let’s systematically consider technical risks:

  • Smart Contract Bugs: The code is law on blockchain – if there’s a flaw, attackers can exploit it to steal crypto. Unlike traditional software bugs which can be patched quietly, on blockchain if money’s stolen, you often can’t reverse it (unless maybe the community hard forks which is rare and contentious, as in the Ethereum DAO case). So writing secure contracts is paramount but also very hard (they are effectively financial software – it’s like coding a banking system that’s open to internet adversaries, but you can’t patch instantly). Formal verification and multiple audits are becoming standard for major contracts, but many smaller projects skip or rush this.

    🔐 Formal Verification

    Advanced teams now use mathematical proofs (formal methods) to ensure smart contract behavior aligns with expectations. Though not common yet, this may become industry standard.

    📉 Case Study: Cetus Protocol Hack (2024)

    Cetus Protocol, a DEX on Sui, was exploited for over $2 million after a bug in its pool contract logic allowed an attacker to manipulate liquidity pool ratios. The exploit didn’t rely on flash loans or fancy attack vectors—it was a simple math oversight in how fees and swaps were calculated. This highlights how even “simple” DeFi logic, if not tested thoroughly or formally verified, can create critical vulnerabilities. Despite being on a newer, performance-oriented chain like Sui, the fundamentals of secure contract design remain the same: math mistakes can become million-dollar losses.

  • Private Key Management: Letting users manage their own keys is empowering—but also introduces a single point of failure. If malware, a keylogger, or a compromised extension grabs your key, your funds are gone. Most attacks are still social engineering or phishing, but malware-based key theft is very real (especially via fake wallet apps or malicious browser extensions).

    Hardware wallets help by keeping keys offline, but even these require vigilance. For example, clipboard hijacking malware can change the pasted address to one owned by an attacker. If you don’t verify on the hardware device’s screen, you could unknowingly send funds to a thief.

    🔐 Multisig and MPC (Multi-Party Computation)
    For larger treasuries or shared wallets, multisig setups (requiring 2-of-3 or 3-of-5 keys to sign a transaction) are standard best practice. They reduce the chance of a single compromised key draining everything. More recently, MPC wallets have emerged—splitting key shares across multiple devices or parties so no one holds the full key. These setups are especially valuable for DAOs, protocols, and institutional custody, offering stronger guarantees without relying on a single physical device or user.

  • 51% Attacks & Network Security: Public blockchains rely on majority honest consensus. Smaller blockchains (with low mining power or few validators) could be attacked by someone controlling >50% of that power, allowing them to reorder transactions or double-spend. This happened on some smaller networks like Ethereum Classic or Bitcoin Gold where attackers rented hashing power to rewrite blocks (causing exchanges to lose funds through double-spends). Big chains like Bitcoin, Ethereum (now proof-of-stake) are very expensive to 51% attack (billions of dollars needed). But some proof-of-stake chains with few validators could be more at risk if those validators collude or get compromised. This is a system risk – you rely on the chain’s security for all apps on it. So robust decentralization and active community guard against these, but new chains especially need to build up security.

  • Scaling and Downtime: Although blockchains aim for high availability, some have had downtime. For instance, Solana had a few major outages in 2021-2022 due to bugs or resource exhaustion from spam transactions. That shows that scaling to global throughput is a challenge. If a network goes down for hours, all apps on it freeze. That undermines reliability. Ethereum L1 rarely if ever has total downtime (except possibly splitting in consensus issues like in 2016 once), but it gets congested and slow under heavy load (fees spike making it near unusable for average person at times, as seen during DeFi summer or NFT drops). Solutions (layer-2, sharding, alternate designs) are in progress, but until fully implemented, users face times of either high cost or slow service. For mass adoption, tech needs to handle thousands of TPS cheaply – not fully there yet on main nets (though some claim to, like Solana, which is good when up but as noted had reliability trade-offs).

  • Interoperability Risks (Bridges): Because multiple chains exist, bridges connecting them become points of vulnerability. Many largest hacks were on cross-chain bridges (since they hold a lot of locked funds to represent across chains). Bridges are complex (two or more networks, potentially weaker links like multisig custodians). If a bridge is compromised, it can create massive losses and even affect economies of the chains (like if a major stablecoin onchain is a bridged version and that backing is stolen). So bridging tech is an Achilles heel currently. Some are developing more trust-minimized bridges (using onchain light clients of each other or zero-knowledge proofs to verify cross data), which will improve security but are complex to build.

privacy-radar

  • Privacy vs Transparency: Blockchain transparency is double-edged. Good for accountability, bad for privacy. If salaries on a DAO are paid in crypto, everyone sees what everyone makes – some find that too intrusive (though could be positive for fairness). If you pay someone in crypto, they might then see everything else in your wallet and infer your net worth or purchases – that’s not how cash works. So lack of privacy is a risk: personal safety (crypto wealth can make you a target for hackers or even physical extortion if someone knows you have millions in an easily transferrable form). There’s been crimes like kidnappings of known crypto holders. Solutions: one should practice “opsec” (operational security) – not tie wallets to identity in a way that reveals big holdings, use pseudonyms, etc. Technical solutions: privacy coins (Monero, Zcash) exist but are separate networks. On Ethereum, use of mixers like Tornado Cash was common for privacy, but that got legally targeted (US sanctioned it, as it was used by thieves like North Korean hackers to launder funds – that is an ethical/regulatory wrinkle: how to allow financial privacy without facilitating criminals – it’s the age-old debate but crypto intensifies it). New cryptographic tools like zero-knowledge proofs might allow selective privacy (you can prove you’re compliant or not stolen funds without revealing full history, etc.). But at the moment, using crypto means compromising much more financial privacy than using cash or even banks to some extent.

  • Social Engineering and Human Error: Many hacks aren't code, but tricking human administrators. For example, some centralized DeFi pools had admin keys (for upgrades) – those keys can be targeted (e.g., dev might have on phone and falls for a phishing link, attacker then uses admin to drain funds). Or governance attacks: if a project’s governance is mostly one large token holder, an attacker could buy enough tokens to push a malicious proposal (like “send all treasury to me”) and vote it through if others are inactive. Something like that nearly happened with a project called bZx – the attacker took out a flash loan to get majority voting power to try and change a parameter to then exploit (I think the attempt was mitigated by devs intervening, but it highlighted the vector).

the-300k-mistake

  • User Experience and Mistakes: People can make mistakes like sending crypto to wrong address (and with no recourse – e.g., someone accidentally sent $300k to a contract address with no retrieval function – permanently stuck), or losing keys (stories of early adopters losing Bitcoin wallets leading to millions unreachable), or falling for scams due to the tech complexity. The UI/UX in Web3 is improving but still has a learning curve; mistakes are costly.

  • Smart Contract Upgradability vs Immutability: If a contract is truly immutable and a bug is found, you're stuck (unless migrating funds to a new contract, which is complex and relies on user action). If a contract is upgradeable (via a proxy or admin key), that introduces a central point of trust or attack (admin could become malicious or be compromised to alter code). So there's a risk trade-off. Some best practice: time-lock upgrades (so users see an upgrade coming 2 days in advance, can pull funds if they distrust it), multi-sig admin (so not one person can upgrade), or formal verification to be confident enough to deploy immutable.

blockchain-power-tug-of-war