The entire point is not having to trust "reputable" financial audit company, as we've been shown time and time again that they can, and will, be corrupted.
Legal oversight is still required. If you come in my house and $5 wrench my BTC out of me, legal oversight is still required to make it right, just as it would have happened with fiat, with banks, or barter, or whatever else.
If I run a scam, legal oversight is going to whoop my ass, even if the "legal oversight" is people that had their money stolen doing justice themselves.
Meat space still exists, but at least with crypto you're still minimizing the amount of trust required to digitally operate your own finances. "But then crypto is pointless" is a dumb take, because while not perfect it's still a massive, MASSIVE improvement over the "trust me bro" that financial istitutions are running on today.
How many billions need to be lost to crypto scams before we all agree that crypto's "trust me bro" is actually worse than having auditors, the SEC, FDIC, and greenbacks worth their face value with the full faith and confidence of the US Gov?
How many billions does retail need to lose to scams that are perpetrated by the auditors and the SEC before you admit that the phrase "with the full faith and confidence of the US Gov" is an unfunny joke?
I do not get why it's so hard to conceive that you can use crypto to build a system where you don't have to trust that people are doing the correct thing, as it's mathematically ensured by the system itself that no shenanigans are occurring.
The only "trust me bro" that is occurring in crypto comes from CENTRALIZED entities (such as CEXs, Tether, etc) and from people running scams where money appears out of thin air.
We don't even know how pin down a precise set of rules to always make people feel that justice was served in English. This is why we pay humans who, as a full time job, work out what people mean to do and whether what actually happened was what was intended; and who can negotiate and arbitrate between aggrieved parties. How do you expect us to encode in mathematics "common sense" we do not actually understand well enough to describe in plain English? Come back when we've solved AI alignment; I have no doubt we eventually will, but that day is not today, and tomorrow isn't looking good either.
...but crypto is not even attempting to solve that problem. Not even vaguely. The rules in this space are "finders keepers, no takesie backsies", and the participants like it this way (until someone does something that makes them feel aggrieved and suddenly they don't and there is no recourse, by design). No negotiation, no arbitration, no common sense, no human element at all: "you snooze, you lose", and this is the entire selling point.
If you make me choose between having the financial freedom to handle my money without having to trust anyone and only needing to pay attention to what I do with it, or having a nanny that oversees all my finances and coddles me in case I hurt myself but could possibly steal my money, I'll choose the former.
I can understand why one would disagree, though.
What's wrong with having the option to do away with the nanny, again?
What's more likely: Tech bro Chuck E Cheese tokens suddenly become worthless... or the US Government suddenly becomes insolvent (despite it's ability to not only print money, but field the world's most powerful military)?
How many more FTX disasters do we need until we've decided crypto is clearly the worse option?
What they did is fraud regardless of the cryptocurrency aspect, and plenty of people in crypto warned against centralized exchanges for decades now because of this exact reason, with MtGox and FTX being the most prominent examples because CENTRALIZED EXCHANGES WILL RUN AWAY WITH YOUR MONEY.
Because ->CENTRALIZED EXCHANGES<- ARE SCAMS.
BTC had NOTHING to do with it, it was just what gullible people fake traded in the exchange. If BTC was used properly and implemented actual Proof of Solvency as per the discussion we're currently having, this whole discussion would not be taking place because the ledger is public. The whole fiasco has taken place because the entire circus operated on "trust me bro we have your money, look we have been audited by a certified auditor ;)", which, in case you haven't noticed, is exactly how the rest of the financial system works.
How many more FTX disasters do we need until we've decided not using crypto as a public ledger is clearly the worse option?
Oh and BTW good luck next time the US doubles the circulating money supply again, but I guess that's ok because they have lots of big ships lol.
That's a broad stroke. I could say the same thing about crypto exchanges, and even several coins themselves (i.e. can we at least go for a few months without another 'stable coin' fiasco?).
Whether you use PoW, PoS, or some other consensus algorithm, you will always have some necessary baseline of trust among people operating the network.
"Not your keys, not your coins" is being repeated AD NAUSEAM because you should NOT trust crypto exchanges for anything but purchasing the coins and IMMEDIATELY taking the coins out.
And the whole point of Proof of Reserve is exactly to avoid another stable coin fiasco. Every single person in crypto knows Tether is bound to explode as it's not backed by anything. With PoR you don't have to trust anyone, as it's cryptographically ensured the money is there.
And PoW, PoS are several orders of magnitude harder to exploit than a single centralized exchange. There is still a baseline of trust, but that baseline is beyond what any exchange could possibly reach by virtue of it being public and decentralized. Any malicious activity is much harder to execute and much easier to detect than any malicious activity operated by an opaque black box company. (see: FTX -> Alameda)
Meh. As an outsider, you're not going to be able to reliably audit some incomprehensible smart contracts, either. You'll have to trust somebody: either Deloitte, or @ShibaMuskMoonSecure.eth
Your evidence is an audit company finding a vulnerability and the team refusing to fix it? How does that prove your point?
Sure, while it's hard for users to verify that the code does what it says and has no bugs, there are companies that can do it for you (as you posted) and even automated tools that allow anyone to do so automatically, and as the EVM gets used and exploited, these tools and audits also gets more robust. More importantly, the code can be audited by multiple sources, as it being public means it can be audited by anyone.
On the other hand, financial records are likely audited by a single "reputable" company, with all the information the customers have is a badge that says "the money is there, trust me bro" and nothing else. But hey, it's "reputable" source so it's ok to trust them, right? ...Until it turns out that whoops, the money wasn't actually there because someone got a fat paycheck to make a honest mistake, ahah...
Linux is one of the biggest, shining examples of publicly viewable code. Unfortunately, it has a history of bugs, issues, gotchas, and major flaws that can go unnoticed for years. [1]
Just because something can be audited by everyone doesn't automatically make it better.
> Until it turns out that whoops, the money wasn't actually there because someone got a fat paycheck to make a honest mistake, ahah...
Do you have any examples of this happening with a reputable (read: top 5) auditing firm in the last decade? Because I can find a dozen examples of crypto frauds happening in the past week.
Oh, nobody hands over a brown envelope of cash and tells the auditors to make a mistake.
Instead, the company under audit pays the auditor $$$$ for 'consultancy services' if the audit goes well, and fires them if they're too argumentative or time-consuming.
While it's nothing like as bad as the cryptocurrency market, where scams are a daily occurrence, nobody investing in the stock market should imagine these auditors are going to catch anything but the most blatant fraud.
Crypto is a tool to build a public financial system that minimizes the amount of trust needed. If you invest in DogeSpaceMarsElonCumMakeMeRichInu and lose money, it's not crypto's fault. You STILL have to do your due diligence and invest responsibly.
I just noticed, before you rag me on about "in the last decade", the article closes with:
>In his book on the Equity Funding Corporation fraud – the Enron of the 1970s – Raymond Dirks wrote: "If routine auditing procedures cannot detect 64,000 phony insurance policies, $25m in counterfeit bonds and $100m in missing assets, what is the purpose of audits?" More than 30 years later, investors are asking themselves the same questions.
Except that no matter how much due diligence you do, there is nothing to invest in in the crypto space other than endless rehashes of DogeSpaceMarsElonCumMakeMeRichInu.
Disagree? Suggest three crypto "investments" that are not scams. Just three, with the entire ecosystem to pick from. Then let's check back in six months and see how many of them have gone the way of FTX.
Smart contracts only need to be audited once, traditional accounts need to be audited continuously. Amortized over enough time, that's a much lower surface area for error.
Smart contracts can be audited by any member of the public with the technical know-how, so there are typically a lot of eyes on the most important cogs - similar in some ways to the OSS security model. Traditional accounts typically cannot be directly and reliably audited by members of the public.
> How many eyes are on Debian vs memecoin-smart-contract-22112?
To be perfectly honest, the memecoin contract probably has more. A smart contract's code base is much, much smaller and changes less often, and a greater number of people are much more strongly financially incentivized to find bugs. Plus, they often do a thorough third-party code audit up-front at the time they publish the code, which would be impractical to do with OS code since it needs to be constantly updated due to its threat model.
I would trust the Shiba Inu token code to have less critical bugs in it than the Debian code.
I assume you have to install software to do that? Software written by some author(s) that you have to trust? That you have to download and install from trusted sources?
It's not like I can verify "one number on the chain" with my own human eyes and no third parties involved. There's always trust somewhere in the system, you're just making that trust relationship more obscure and opaque.
It absolutely does not. As a developer who has worked to secure software systems, I fundamentally reject your assertion that "just trust the code" is a better security policy than "employ trustworthy people".
We just witnessed one of the largest frauds in all of human history. It would have been nearly impossible to trick every client that exists that can examine the chain. You are so wrong it is unfathomable that you are being honest right now.
The is the point I am making that you refuse to understand: You don't have to trick the clients, you have to trick the people; one way you might trick the people is with bogus software.[0]
Consider that Tether is obviously a scam but continues unabated to this day. Better tooling is not going to fix the problems you think it will, because the incentives are all stacked toward dishonesty and fraud.
First, the greater community that would "accept" such an audit that is simply proof of on-chain funds is not dumb enough to download some random "Bitcoin wallet" that shows fake numbers for one single company.
Second, the fraud you're alleging Tether is doing is off chain! It's in the fiat world! It's not happening on-chain. Stop blaming a system that literally mathematically precludes fraud (within the system itself, of course).
Did we have 5 Enrons within 6 months of each other though? These things are an exception in traditional finance, but they seem to be the norm with crypto.
These failures are in traditional finance, there was nothing related to blockchains or cryptography in the FTX internal operations or accounting books, nor in DCG/Grayscale, nor in BlockFi or Celsius. These are the failings of traditional finance in an unregulated or poorly regulated sector. Traditional finance as is conducted is insanely brittle and prone to manipulation/fraud. To avoid this, it needs to be strongly regulated and supervised.
As the same error seems to be being made in HN again and again, here is an analogy that hopefully will make the point clear. Traditional finance is like a dynamically typed programming language. You can certainly be productive with it, but it's much easier to slip through programming errors. To compensate you need to build a large set of unit tests to re-do much of what a strongly typed language gives you out of the box. A blockchain is the strongly typed version of traditional finance. Harder to use, to a large extent much of the ecosystem is nascent and still being built but it prevents large swaths of fraud and manipulation because it provides the checks built-in. The DeFi ecosystem is coming unscathed from all this fallout; Uniswap, Aave, Curve, MakerDAO, RocketPool, GMX, dYdX...
However, the linked article is about solving these problems with algorithms. The 'DeFi' systems you mention are not in control of vast sums of money, like the exchanges are. People want to use the exchanges and solving the problem by telling people to do other things isn't effective.
The retort to 'these crypto problems could be solved with regulations' is that traditional finance has these problems already and is regulated. This is a problem with society and not with technology, and trying to apply technological solutions to problems that have existed and will exist as long as people exist, seems to be arrogant and ineffective.
By trying to 'solve' these issues with technology, we appear to be opening new avenues up for gaming the system because there is no technology that emerges completely solved. Since we have been iteratively working on financial systems for a lot longer, it may be practical to work to progress that way instead of wiping everything and starting from scratch, where we are reinventing the wheel and getting all of the tragic consequences along with that.
> The 'DeFi' systems you mention are not in control of vast sums of money, like the exchanges are. People want to use the exchanges and solving the problem by telling people to do other things isn't effective.
Uniswap alone has settled over a trillion USD. The current DeFi ecosystem on Ethereum (even now in the current market) has tens of billions of in value locked. I do not know what would be vast sums of money, it's still small in comparison with traditional finance but the technology is a few years old.
> This seems to me to be a problem with society and not with technology, and trying to apply technological solutions to problems that have existed and will exist as long as people exist, seems to be arrogant and ineffective.
Indeed, the fundamental problems are societal and human in nature. The point is minimizing the surface area where that human intervention can cause damage. If your argument held any merit we might as well get rid of double entry accounting. After all, it's just trying to apply a technological solution to human problems. https://en.wikipedia.org/wiki/Double-entry_bookkeeping
> Since we have been iteratively working on financial systems for a lot longer, it seems practical to work to progress that way instead of wiping everything and starting from scratch, where we are reinventing the wheel and all of the tragic consequences along with that.
It's not reinventing the wheel. It's building a stronger foundation. I'm going to assume your field of expertise is CS, if it's not, hopefully it will be useful for someone else. Imagine the same argument brought to progress in programming language design. What's the point of Rust? We are just reinventing the wheel, considering how much has been built in unsafe languages like C or C++ we might as well keep iteratively building on them. Humans are still making programming mistakes. We don't need no memory safety in programming languages.
During the S&L crisis in the 1980s there were many bank failures with clean auditor opinions that turned out to be massively insolvent.
During the early 2000s you had quite a few, including Enron, WorldCom, Tyco, Parmalat and other accounting scandals.
During the 2008 crisis it turned out that large parts of the financial system was insolvent, but all had clean auditor opinions.
As William K. Black says it, in control frauds (where the fraudsters are the the persons in control of the institution), accounting fraud is the weapon of choice.
The problem with Crypto is there's nothing but frauds and Ponzis.
This would be like the ratings agencies that said the bad mortgages were AAA leading to the housing market collapse, leading to the creation of Bitcoin
