On Abstraction and Risk
Abstraction is a key component to the mass adoption of cryptocurrency. How easy of an experience we give users is typically at the cost of a more centralized experience. A more technical user can abstain from abstraction in the form of harnessing the technology and its associated frictions at a localized level, while your mother will most likely need third-party providers to hold her hand along the way.
At the moment, I’d argue that most, if not all of the systems that have been created to date (whether it be a global monetary system or an NFT DApp) have been purely catered toward a niche group of enthusiasts. This, of course, isn’t a negative thing — because the design thinking then focuses on the introduction of new users to these systems. Abstracting away technical components obviously comes with risk. The more we abstract, the more we centralize, and the more risk end users may have. Ejection from these systems and the breaking of abstraction comes with the risk profile being in one’s own hands while facing all the associated frictions with it.
Abstraction comes with risk, ejection comes with individual responsibility and friction.
The primary goal for anyone in this space should be to give users the option to either opt-in to a centralized abstracting service, or opt-out to be in control of one’s own finances and application interactions. I want to present the way I currently think about the sliding scale of abstraction, and what the associated services are with each step.
The Abstraction Stack
The abstraction stack comes in five distinct layers: Lifecycle, Exchange, Custody, Infrastructure, Base Protocol. At the top of the list is lifecycle abstraction, which hides everything from an end-user in order to give them the best experience possible. Centralized exchanges typically have the ability to command the lifecycle of an asset, which also captures the exchange, custody, infrastructure, and base protocol elements as well. This may also include spending services such as offering a debit card against your assets. Some exchanges can even offer extended forms of abstraction (to reach this lifecycle category) such as hiding the trading ‘behind the curtain,’ and being an online broker to offer a familiar experience to retail investors. Services that hide everything such as Robinhood or Circle fall under the lifecycle category, while general cryptocurrency exchanges fit the exchange category.
Since speculation is still the widest use case for any of these assets, the abstraction of the exchange experience is paramount to widespread adoption. Centralized exchanges will continue to be the entry and exit point for anyone acquiring and using these assets, as localized services add more friction, uncertainty, and risk. The most successful centralized exchanges provide order books sufficient enough to tap into, a smooth acquisition or selling experience, and safety (sometimes in the form of insurance).
Below lifecycle and exchange abstraction, we have centralized custody providers that hold assets on your behalf. In its completely abstracted form, this includes providers such as Xapo and BitGo. These providers primarily have institutions as customers, as institutions are able to reduce risk through these third-parties. Larger institutions don’t have blockchain wallet key management as a core competency, and the insurance that many of these providers have takes care of most of the liability. These custody providers typically also have services to quickly move the assets to an exchange environment within a small time window if customers wish to eventually sell their holdings.
Centralized wallet providers can sometimes fall under this layer of abstraction if they don’t let users choose what nodes they wish to connect to for a particular network. If a user is using a wallet provider’s nodes to connect to a network, they are essentially allowing that wallet provider to validate transactions on their behalf. They may allow users to have control of their own keys, but the way in which transactions are being validated is still hidden from the user’s view. However, wallet services that allow users to connect to their own nodes allow greater control and less abstraction (infrastructure is now in the user’s control) but add a bit more friction considering the requirements from the user’s side.
Still holding onto infrastructure abstraction are DApps, which may provide users with more of a “peer to peer” experience, but still default to trusted validators such as Infura. For example, running Augur may give users the option of connecting to their own node, but typically defaults to one of these providers to make the experience a lot easier for users. However, in doing so, it trains users to be comfortable with services that provide trusted validators — it’s not a bad thing, but just a means of abstraction at the tradeoff of trustlessness. Services such as MetaMask which is typically used in almost all web-based “DApps” rely heavily on Infura to connect to the Ethereum network.
The lowest level of abstraction comes in the form of running your own fully validating node (locally) and transacting from your own node. This, of course, is plagued with many non-starters from a retail user’s perspective, as it typically requires one to be technically savvy and yearning for an extreme amount of control. I’m not writing to critique abstraction or the lack thereof, but to mention that different users will opt into different methods of using these networks. We shouldn’t shun those that opt into centralized services to use these networks or consider them to be outsiders.
Some people will never run their own nodes or depart from the abstracting layers that make these tools easy to use. It’s important to know the risks with using these services, but “being your own bank” isn’t the most appealing thing to most of humanity. There’s a reason why banks are popular, even after all of the fraud they’ve engaged in. There’s also a reason why most people prefer to transact digitally while knowing the privacy risks in doing so. People will naturally trade convenience for their sovereignty.
However, the importance of these systems comes from the ability to opt-out of centralized providers if one wishes to do so. I’ll be the first to commend anyone working on the tools that ease the friction associated with the latter, but future systems will likely be built using providers that aggregate services and abstract these networks.
Abstraction Begets Risk
Using these centralized providers may prove to ease the experience of using these networks, but as the amount of abstraction increases, so too does the risk. The following are a few risks associated with some of the layers of the abstraction stack and should be factored in when determining one’s comfort level:
Security risks and compromised assets — With new exchanges popping up on a continued basis, many are guaranteed to fail due to security issues. They are also continual targets for hackers because of how many assets they hold under custody. In 2019 alone, we’ve already seen the hacking and takedown of popular New Zealand-based exchange Cryptopia, and a recent hack that cost Binance around $40MM. Although both had their own forms of remedying the situation, it’s a steady reminder that exchanges aren’t bulletproof, and sometimes assets aren’t recoverable after exchanges have been compromised. If a user broke the abstraction layers and acted as their own custodians until the point of trading and then resumed being their own custodian, losses could be avoided.
Identity risks and blacklisting — With any centralized service comes the risk of identity data being compromised. In February, cryptocurrency exchange Coinmama suffered a data breach that leaked 450,000 usernames and passwords. Considering that most retail users administer bad security practices such as account credential reuse, the damage caused by these kinds of breaches is typically underestimated. Breaches of other services in the past have also included KYC records as well. Also, using addresses that may have received assets that were involved in various dark web marketplaces or hacks may lead to exchanges barring accounts or transfers.
Complete shut-down of services — At any time, a centralized, abstracted service can pull the plug on their operation and cease to offer existing services.
It would be an important undertaking to eventually create a framework that evaluates risk on each level of the stack based on what could possibly happen to users interfacing with these various entities. Such a framework would instil confidence in users engaging with said entities and would encourage them to manage their risk-score to the best of their abilities. As you move down the abstraction stack, the scope of questioning narrows as fewer services are being provided by an entity.
The more important task is informing retail users on the various ways they could move down the stack. For example, cutting the lifecycle level down to the exchange portion by encouraging the use of cryptocurrency exchanges that allow withdrawals to personal wallets. Or even convincing a user to set up their own node and have their wallets point to it.
Information is the key to all of this — even the most informed of users may be comfortable at the highest lẹ̬̗v̠͘e̴̼ĺ̝ ̛̘͚o̝̕f̨̭̺ a̮̞̰͚̻͝bs͏̻̗̘t̷͕̫ŗa̠̰̼̤̬c̵t̞̰̦͎́io̢n͕͇̮̮͎̬̗.
