Speaking at the Ethereum Community Conference (EthCC), Vitalik Buterin outlined several critical tests to evaluate whether a cryptocurrency firm genuinely meets standards of security and decentralization.
Buterin introduced the first approach as the “walkaway test.” This concept explores the scenario of a company completely disappearing along with its associated servers. If a user’s assets remain safely stored despite the firm’s sudden closure, the platform passes this essential security check. “This is like the most baseline thing you should be getting out of your assets being on-chain instead of sitting on someone’s server,” Buterin stated.
He offered “privvy embedded wallets” as an example demonstrating strong security, explaining they allow users to export private keys into other wallets rather than being locked into a single centralized platform. Another illustration raised by Buterin is Farcaster, a blockchain-powered decentralized social media protocol enabling users to connect their accounts to external Ethereum accounts as a backup measure. He praised Farcaster for actively pursuing true decentralization rather than merely claiming it.
Another critical test Buterin highlighted was the “insider attack test,” wherein developers anticipate vulnerabilities from potential malicious insiders, such as employees or founders. He emphasized that developers must carefully analyze systems not only from external threats but from internal manipulations. Potential weak points, according to Buterin, include smart contracts, user interfaces, data oracle services, and governance protocols influenced by large token holders.
Buterin then described evaluating companies through their “trusted computing base” (TCB), a measure of how much program code users must trust to ensure asset security. He clarified that while extensive lines of code are common in large systems, security strengthens significantly when critical actions are limited to tightly controlled and auditable segments. When the TCB expands beyond manageable auditing limits, the notion of trustlessness is effectively compromised, he warned.
Lastly, Buterin advised builders to closely examine the incentive structures of their platforms—the “properties of the game” that they create. Even a carefully designed decentralized infrastructure might inadvertently push users toward centralized solutions if those offer greater convenience. He cited the shift from Web1 to Web2 as a warning example, showing that without straightforward decentralized backup options, centralized providers tend to attract users, undermining the initial decentralization goals.
In conclusion, Buterin underscored that crypto firms must face these rigorous tests if they aim to establish genuine security and decentralization. By addressing challenges comprehensively—ranging from internal threats to user convenience factors—developers can build robust systems that maintain their integrity under various scenarios.
