Cloud Hosting

Philip Martin is an impressive guy. A veteran of the U.S. Army, where he spent years working on counterintelligence, he did stints at Amazon and Palantir before coming to Coinbase to lead its security operations. So his views on the crypto industrys horrendous hacking problems carry considerable weight.

I caught up with Martin last week, and asked him how the industry beset by hackers since the very beginning has evolved when it comes to security. He noted that, while fundamental principles remain the same, the rise of smart contracts has made the job considerably harder.

Today, we have these massive, immutable, interrelated smart contracts that are storing tens of billions of dollars. I equate it to whipping back to 1970 and asking a dev to write secure codethey would fail miserably, Martin observed. He added that, because building and accessing smart contracts is extremely easy, it has meant many core code libraries have gaping security holes.

Martin said it doesnt have to be this way, but many in the industry lack the incentives to build with security in mind. Coinbase, which has a strong track record on cyber defense, is trying to set an example with its new Base blockchainbuilding an open-source monitoring tool called Pessimism onto the chain itself. More broadly, Martin said, he hopes the crypto industry will imitate Microsoft, which famously switched to a security-by-design approach with the launch of Windows 7 in 2009.

The crypto industry may have no choice if it wants to grow and be taken seriously. I wrote recently about an embarrassing incident where a custody firm, ironically named Fortress, let itself get robbed, and how this was just the latest in a long series of sloppy behavior that has made crypto a byword for hacking. It doesnt help that the most formidable threats are not rogue individuals, but a nation-stateNorth Koreaand organized crime outfits in Eastern Europe. Little wonder companies are getting robbed every week.

The news isnt all bad, though. Martin noted correctly that smart contracts are barely five years old and that the basic building blocks of security to support them are still being built. Its also encouraging that big crypto companies that are fierce rivalsincluding Coinbase and Binanceregularly help each other when it comes to unmasking and stopping hackers.

But Martin said the industry needs to move faster and, in his words, act like grownups. He has that right. Each new breach is yet another blow to the industrys already battered reputation, and, if there is going to be another crypto boom, it will have to be built around a new ethos that values security as much as getting rich quick.

Jeff John Robertsjeff.roberts@fortune.com@jeffjohnroberts

FTXsformer CTO testified that Sam Bankman-Frieds hedge fund dipped into customer money as far back as 2019, and that the exchange lost or squandered $14 billion. (Fortune)

New rules from the U.K. financial regulator that impose a host of strict rules on crypto firms, including those outside the country, are now in effect. (Bloomberg)

A Swiss company is using Coinbases Base blockchain to create tokens that represent shares in a T-bill ETF, though they are only available outside the U.S. for regulatory reasons. (Blockworks)

Yuga Labs laid off an undisclosed number of U.S. employees as its CEO said the firm, best known for its Bored Apes brand, has pursued too many projects. (Decrypt)

A new research note from Bank of America says U.S. Treasuries have been oversolda situation that in the past has been a precursor to major volatility in crypto. (CoinDesk)

Its not fine:

Follow this link:

Coinbases security team has fought crypto hackers for a decade: Heres what has to change - Fortune