Welcome to the Block & Mortar newsletter! Every week, I bring you the top stories and my analysis on where business meets web3: blockchain, cryptocurrencies, NFTs, and metaverse. Brought to you by Q McCallum.

Reading online? Subscribe to get this in your inbox whenever it's published.

#72 - Always/never, what cheese has in common with designer bags, and a new-to-me FTX domino

An image of an open padlock, surrounded by computer keyboard keys.  The scene is cast in a reddish light. Photo by FLY:D on Unsplash

(Photo by FLY:D on Unsplash)

Always/never, going/gone

Are you familiar with the always/never tradeoff? I have an old blog post that explains it in detail, but the quick version is that you can’t have a weapon that works only when you want it to. The weapon either always works (so it may harm you as well as your enemies) or it never works (it won’t hurt anyone).

Despite its origins in the nuclear safety world, always/never is surprisingly applicable to everyday life. You can hide your valuables so well that you never find them again. You can have a car without dings and scratches, so long as it never leaves the garage. And if you take measures to protect a system against unauthorized access, you may also lock out the people who are allowed to be there.

That last one is an especially hard lesson in the unforgiving terrain of crypto. Losing access to your wallet means losing your NFTs, your Bitcoin, and maybe almost $40M worth of customer funds. Crypto fintech startup Prime Trust lost the seed phrase for a wallet so they’re in that precise situation right now.

To be fair, Prime Trust took a lot of the right steps. They didn’t store the wallet’s seed phrase on online systems, where it could be hacked or leaked. They didn’t write it down on a piece of paper, which might suffer fire or water damage. Instead, they etched the seed phrase into a small slab of metal (a fairly common approach when using hardware wallets) and put that away for safekeeping.

It’s just that now … well … they can’t find that piece of metal.

Before you mutter “too clever by half,” I’ll point out that the always/never tradeoff crops up a lot in matters of security. Consider the ways that Prime Trust could have avoided losing the wallet’s seed phrase. Now consider how each one would have increased the chances of the seed phrase falling into the wrong hands. We could just as easily be reading the story of how Prime Trust had been robbed, instead of how they walled off their access to the funds.

What’s the takeaway, then? I see two lessons:

1/ Considering always/never, you have to decide which problems you want to handle. Anything you do to protect against Situation A will likely open a door to Situation B.

2/ If it’s worth etching into one slab of metal … it’s worth etching into an extra two or three.

From cheese to designer bags

Waaaay back in newsletter #4, Block & Mortar ran a segment on using microchips and blockchain to address supply chain fraud in cheese. No, seriously. Check it out.

According to a recent Insider piece – which sourced from a WSJ article – the makers of authentic Parmesan cheese are still at it. That’s right: Block & Mortar beat the Wall Street Journal to a story by more than a year. But I digress…

If blockchain is good enough for cheese, why not other goods? I’m guessing that’s the train of thought at Prada. The handbag maker is one of several luxury brands using the Aura Blockchain Consortium’s technology so customers can verify the provenance of their purchases. This isn’t just for Prada’s direct sales, either:

Giving customers a more reliable way to prove their products are real could help raise the appeal of originals, while making it harder to sell fakes on the secondhand market. And by making it easier for customers to pass on or resell their products, the technology could help prove the case that many of these highly priced items have some investment value.

(If the name Aura rings a bell, it’s because I mentioned them a couple months ago in a segment on blockchain in the luxury goods industry.)

Prada’s move makes sense to me. Many luxury items are expensive, they’re meant to last, and their value can fluctuate over time. (One could even say that they store value.) This paves the way for a thriving, legitimate secondary market. Which will certainly attract sellers of knock-offs.

The linked Bloomberg article walks through the author’s experience using the Prada system. It was far from perfect – it looks like it’s not fully integrated into their stores – but still struck me as an important first step for the brand. And since Prada is part of the Aura group, I expect any lessons to quickly spread to other members and lead to improvements.

Lazarus is back (again)

In the August media roundup, I linked to a podcast about North Korean hackers’ attempts to steal crypto. It didn’t take long for the world to get a new example:

Last week crypto gambling site Stake experienced a series of large, suspicious withdrawals. The FBI says that this was a hack by North Korea’s Lazarus Group.

Cybercrime, in general, has a certain appeal: imagine being able to walk off with tons of money without having to actually … walk? This sort of crime is nonviolent and can be performed at a distance. That limits physical and psychological risks to the perpetrators. (It may also reduce perpetrators’ inhibitions, since they are able to dissociate themselves from the danger and the victims. But that’s another story.) And when the crime is committed by state-sponsored groups, no one’s worried about prison time.

Point being: expect more hacks in the crypto space. State-sponsored or otherwise.

A nudge on the domino

We all know the FTX saga, don’t we? “So there was this guy SBF, his crypto platform tanked, some money disappeared.” That’s about it.

Or maybe not?

Apparently, a key element in the FTX unwinding was … Sam’s want of a crypto license.

That’s the story according to someone who claims to have first-hand knowledge. They posted two long Twitter threads (part 1, part 2) explaining that SBF purchased their company because he wanted a Gibraltar crypto license for FTX.

(Yes, I’m going to count those threads as prequels to the main tale. I bet FTX will inspire more movies and spinoffs than Star Wars. But I digress…)

The catch? FTX had to buy out one of their investors, Binance CEO Changpeng “CZ” Zhao, in order to satisfy Gibraltar’s regulatory requirements. That was a gentle nudge against the next domino, which was that FTX paid CZ in their in-house FTT tokens instead of in cash. Which must have seemed like a good idea – FTT was kind of free money for FTX to dish out – until it wasn’t:

Basically, a couple of reports about poor FTX financial health surfaced and CZ decided to minimize risks and ordered Binance to sell all its FTT stake in November 2022, effectively triggering the FTX collapse that we all remember too well… what a turn of events!

The author of the tweet thread raises a key point about this sequence of events:

Obviously, it was just a nominal trigger, and FTX’s collapse was always inevitable and a matter of time… their utter unprofessionalism, lack of integrity, and neglect of any treasury and accounting rules left them no chance…

I’m inclined to agree. This aligns with what I said in April, that “to operate a scam is to run a race against a system destined to collapse.” The key elements are always there, waiting to develop into an incident.

I highly recommend reading both of the tweet threads for the full story. The author goes into a lot more detail than I’ve done here. And they also touch on some reasons why people put up with SBF’s antics for so long.

The wrap-up

This was an issue of Block & Mortar.

Who’s behind Block & Mortar? I'm Q McCallum. I've spent the past two decades in the emerging-tech space. And I'm very interested in web3 use cases.

Credit where it's due. Big thanks to Shane Glynn for reviewing early drafts. Any mistakes that remain are mine.

Reading this online? Or as a forward? Why not sign up? Get Block & Mortar news in your inbox, whenever it's published.

Privacy statement: I don’t share/rent/sell your personal info. Seriously.