It seems like both developers and investors tend to forget that they are handling real, actual money. Would you leave a suitcase full of cash in the middle of the street? Would you give your credit card data to some random stranger on the internet? That's what basically happens in crypto all the time.
I think that there is wide variation between projects/services in how seriously they consider security issues and code vulnerabilities. It is also difficult to know for sure which is a A+ project and which is an F, especially when they first launch. Even Amazon faced this problem when it was new. Some people didn't trust online commerce at all, it had to earn the trust of its customers.
With crypto assets, the situation is worse in some ways because the stakes are potentially much higher. A crypto exchange is essentially a bank if it has custodial control over funds. So it needs to have bank-level security. But a new exchange just launching might have the very best security practices in place, but it will have to earn over the trust of its customers. But the reality is that a new exchange launching needs enough customers in order to stay in business, so the difficulty can be real in earning enough customers as an unproven entity. Decentralized exchanges provide a good answer, but only to the extent that they are implemented and operated in a secure manner. But decentralized exchanges will not end the need for fiat/crypto gateways, at least for the time being. Some actual standards that are established, maintained as technology evolves, and are complied with by these businesses could help to at least set a baseline in these areas. I'm not saying they should be "mandated" (though regulators may have a different view of that), but rather, that the market should favor those that choose to implement them. Voluntary opt-in but a market expectation that any good operator does put these measures in place.
Of course, a conservative approach would be to not use any service other than those that you've been using and had no problems with. Online trading of stocks took a while to be embraced by the masses. Many people stuck to their brokers, with their high fees, for a long time because they either didn't want to learn the technology or because of stories they'd heard about fraud, weak security, and/or website functionality/UX issues. Early stock trading websites weren't very fun to use, they were often adapted from internal systems that brokers used.
I absolutely agree with you. As much as I love that whole wild west, new frontier vibe that crypto is swinging, I so very much appreciate the formal approach that Bitcoin and some of the alts have taken.
To be fair, handling crypto is especially tricky. Holding what equates to actual cash on a computer system is unprecedented prior to cryptocurrencies. Even if you were handling payments there was usually some form of rollback available, should things go awry. Not so with crypto, yet it seems to be partially held to lower standards than finance which is insane.
Nonetheless we've come a long way since MtGox. It's almost as if the market has begun to realize that crypto is a billion dollar business now.
The "wild west" is a great approach to take in exploring ideas. Some of the altcoins that aren't simple clones have some very interesting ideas that could eventually be more widely implemented in other, larger cryptos eventually. Some of the ideas won't shake out, however.
But even altcoins are mostly "live", representing real money. Of course anyone that gets involved with them knows that there is a chance the value could go to zero, but when you are dealing with actual funds, you have to be a little less "wild west". There is a need for structured testing in testnets before you roll out something to your real blockchain that could end up destroying peoples money. The best currencies do this. Many of them, however, can't always afford the infrastructure to run a separate testnet. I'm hoping to help some of the good ones with some infrastructure.
Also regarding the "wild west", regulations will be happening. They already are in some legal jurisdictions. My view is that, as a community--really an industry--that it is far better to get out in front of regulations with common-sense, reasonable standards that are adopted as industry best-practices. Regulators are inclined to work with their "constituents" if they are legitimately dealing, as an industry, with the problems. I don't think crypto assets will be banned in any major country (and of course I understand the argument that they "can't" be banned due to their nature, which is true, but that doesn't mean that regulators don't ban something on paper) because some countries are openly embracing Bitcoin and seem to be becoming aware of the wider implications of moving to decentralized systems. The comment yesterday from the Prime Minister of India was really nice to see, for example.
Another area that needs a close look is the way that KYC is conducted in ICO/ITO offerings. In my view, the risk of giving out your information to some project on the Internet is just as high, if not higher, than the risk of losing funds from the venture. Identities can be stolen, either by a hack or by malicious ICO projects. This is something that the industry could establish a decentralized solution that would balance the legal requirements with practical requirements of the crypto model. These rules were written for banks, and while there is some overlap, there is also a different set of considerations that need to be taken into account when dealing with decentralized entities.
Hats off to you for critically evaluating technologies. I know this approach should be the standard, however it unfortunately isn't, which makes me all the more glad to hear that there are still organizations and companies out there that take a sane and prudent approach at blockchain techologies.
Thank you very much. I hope it does become the standard.
I don't think that European banks are much better in that regard.
Referring to "But who would bank with a company that was so careless with funds".... I honestly think that consumers are at least partially to blame on that matter. If people would avoid shoddy exchanges in the first place, a lot of these dramas could be avoided.
I agree that consumers share in the responsibility to make sure the places they do business with are trustworthy. At the same time, there needs to be a pathway for new businesses to be able to enter the market and be able to prove that they, too, are able to be trusted. I guess a "toe in the water" approach, trying a new business slowly, is one way to approach that. Standards that are voluntary but that become "expected" is another approach.
As the industry expands, these things will be put in place, either by the industry or by the regulators. U.S. securities markets are "self-regulated" with entities like the SEC providing oversight to "self-regulatory organizations" such as FINRA. That could be a good model that balances the unique aspects of crypto assets with the legal requirements.
In any event, it's good to be able to have this conversation. It's good to know that others are also thinking about these factors.
Best regards,
Ben