Maria Montero

The social layer is ironically key to the safety of Bitcoin.

Something strange happened in the second half of 2018. At some point, all the people active in crypto looked around and realized that there were not many of us. The friends we had convinced during the last holiday season no longer spoke to us. They had stopped checking their Coinbase accounts. The tide had come out of the beach. Tokens and blockchains were supposed to change the world; How come no one was using them?

In most cases, still, no one it is using them. In this regard, many crypto projects have been admirably successful. The appeal of Cryptocurrency is understood by many as freedom from human fallibility. There is no central banker, playing politics with the money supply. There is no lawyer, supervising the contract. Sometimes it seems that crypto developers adopted the skunk defense mechanism. It’s working: they’re succeeding in keeping people away.

Some now recognize the need for human users, the so-called “social layer”, of Bitcoin and other crypto networks. That human component is still considered its weakest link. I am writing to propose that the human component of crypto is its strongest bond. For crypto network builders, how to attract the right users is a question to come up before about how to defend against attackers (aka the wrong users). Contrary to what you might hear on Twitter, when evaluating a crypto network, the demographics and ideologies of its users matter. They are the last line of defense, and the ultimate decision-maker on direction and narrative.

What Ethereum did

Since the collapse of The DAO, no one in crypto should be allowed to say “the code is a law” with a straight face. The DAO was a decentralized hedge fund that boldly claimed pure government through code, then imploded when someone found a loophole. Ethereum, a crypto protocol on which the DAO was built, erased this fiasco with a hard fork, returning the transaction log to the time before the disaster. The dissidents of this intervention in the social layer went ahead with the original and no-fake Ethereum protocol, calling it Ethereum Classic. For so-called “Bitcoin maximalists,” the DAO fork is emblematic of Ethereum’s trust dependence and thus weakness.

There is an irony, then, in the current enthusiasm of maximalists for narratives that describe Bitcoin’s resistance at the social layer. The story continues: In the event of a security breach, the community of Bitcoin developers, investors, miners, and users is a definitive layer of defense. We, the Bitcoin community, have the option to fork the protocol: transfer our investment of time, capital, and computing power to a new version of Bitcoin. It is our collective commitment to a trusted minimized monetary system that makes Bitcoin strong. (Disclosure: I have bitcoin and ether.)

Even this narrative implies trust, in the people that make up that crowd. Historically, the developers of Bitcoin Core, who maintain the dominant client software of the Bitcoin network, have also been influential, shaping the roadmap of Bitcoin and the history of its use cases. Ethereum’s taste of minimal trust is different, having a public leadership group whose word is widely imbued. In either model, the social layer remains. When they parted ways with the DAO, the Ethereum leaders had to convince a community to come.

You cannot believe the wisdom of the crowd and discount their ability to see through an illegitimate power grab, orchestrated from the outside. When people criticize Ethereum or Bitcoin, they are really criticizing this crowd, accusing it of a propensity to fall for false narratives.

How do you protect the Bitcoin base code?

In September, Bitcoin Core developers patched and disclosed a vulnerability that would have allowed an attacker to block the Bitcoin network. That vulnerability originated in March 2017, with Bitcoin Core 0.14. It stayed there for 18 months until it was discovered.

There is no doubt that Bitcoin Core attracts some of the best and brightest developers in the world, but they are fallible, and more importantly, some of them are pseudonyms. Could a state actor, working under a pseudonym, produce code good enough to be accepted into the Bitcoin protocol? Could he or she fall into another vulnerability, undetected, for further exploitation? The answer is, without a doubt, yes, it is possible and it would be naive to believe otherwise. (I doubt the Bitcoin Core developers are that naive.)

Why is it that no government has tried to kill Bitcoin by exploiting such weakness? Could it be that governments and other powerful potential attackers are, if not friendly, at least tolerant of the continued growth of Bitcoin? There is a strong narrative in the Bitcoin crypto culture that persists against hostility. Is that narrative even real?

The social layer is key to crypto success.

Some argue that sexism and racism don’t matter to Bitcoin. They do. Bitcoin hodlers need to think carefully about the books we recommend and the words we write and speak. If your social layer is full of idiots, your network is vulnerable. Not all hacks are technical. Societies can be hacked, too, with bad or insecure ideas. (There are growing examples of this, outside of crypto.)

Not all white papers are as stylish as Satoshi Nakamoto’s white Bitcoin paper. Many of them run over 50 pages, devoting lengthy sections to imagining various possible attacks and how the network’s internal “crypto-economic” system of incentives and penalties would render them useless. They remind me of the vast digital fortresses my eight-year-old builds in Minecraft, filled with traps and turrets.

I love my son (and his Minecraft creations), but the question that both he and crypto developers may forget is: why would anyone want to break into this prohibitive stronghold, let alone attack it? Who will enter, having talents, ETH or gold? Focusing on the user is not shaving when the user is the best security defense. I’m not suggesting that security is an afterthought, but maybe a network should be built to attract people, rather than exclude them.

The author thanks Tadge Dryja and Emin Gün Sirer, who provided feedback that helped refine some of the ideas in this article.