You’re still rolling your own crypto. You need to stop.

Not everyone with “cryptographer” in their title has the training or expertise to write cryptographic code that’s used by real people to protect real things


Artwork by Crystal Le


As the snows of Crypto Winter melt and a thousand seed rounds bloom, too many Web3 teams are making the mistake our forebears have warned about for decades: They’re rolling their own crypto. 

Crypto, in this case, means cryptography — the software and mathematical techniques that secure the internet, your credit card and the Web3 protocols we know and love.

Why is crypto different from, say, general app development? Think of it this way. If you’ve just developed the hottest new platform for streaming bird videos to tech-savvy cats, you’re probably thrilled if it works 99.9% of the time. But if instead you’ve built the hottest new crypto wallet, preventing attempted thefts 99.9% of the time obviously won’t work: Attackers will just keep trying until they’ve drained your users’ funds. Persistence is worthwhile when the payoff is a payout.

Unfortunately, as computer security legend Bruce Schneier says, “Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can’t break.” The tough part, as Schneier says, is building systems other people can’t break. Sadly, Web3 teams emboldened by inexperience (and overworked auditors) keep rolling their own crypto. What’s the result?

Bad crypto implementations

Cryptographic algorithms are incredibly delicate. Even a well understood, secure algorithm is easy to break if it’s implemented poorly. 

Consider the hundreds of millions of dollars stolen in the last two years because of a textbook mistake: Generating secret keys in a predictable way that’s easy for attackers to guess. We still see these bugs a few times a year, even though avoiding them is Cryptography Engineering 101.

But not all bugs are that simple. Some take engineering intuition and expertise to spot, and not all cryptographers specialize in engineering. Applied cryptographers and crypto engineering specialists are well-versed in subtle implementation bugs because (hopefully) they’ve written Web2 crypto code, Web3 crypto code, and maybe even papers about how to write crypto code. In contrast, theoretical cryptographers are well-versed in theory, but are much less concerned with code-level intricacies.

In short, don’t be fooled: Not everyone with “cryptographer” in their title has the training or expertise to write cryptographic code that’s used by real people to protect real things.

Broken deployments

Even if a system is theoretically sound and implemented well, it can still be deployed poorly. 

Take the Ronin bridge, which lost over half a billion dollars in 2022. Users’ funds were supposed to be protected by a five-of-nine majority voting mechanism, but a series of stunningly poor deployment decisions led to its demise. In the end, five of the nine voting keys were effectively controlled by one company (Sky Mavis), allowing attackers to hijack a majority of the votes with a single compromise.

Designing and deploying secure systems that resist attackers is another specialty that’s distinct from cryptography theory and engineering — and it’s one that’s often overlooked in Web3. That’s probably why, in the aftermath of the Ronin attack, commentators tut-tutting about “more decentralization” completely missed the point. The issue was with quality, not with quantity.

Harmful complexity 

Finally, there’s a Web3-specific disease that’s making all of this worse: A fetish for unnecessary use of bleeding-edge buzzword crypto — things like “fully homomorphic encryption,“ multi-party computation” or “zero-knowledge proofs” — for problems that simply do not need big-iron solutions. These polysyllabic crypto heavyweights aren’t just immature, they’re even more brittle and even harder to implement correctly. And in most cases, they’re being used to attract attention (and investment), not because they’re the right tool for the job.

Read more from our opinion section: Crypto crime is too easy

What’s the problem with that? Well, if you asked a landscaper to plant some azaleas and they showed up with a backhoe, you’d have some questions (especially if a minor slip maimed the neighbor’s dog). And if the landscaper replied with a jargon mad-lib, you probably wouldn’t interpret your confusion as a sign of the landscaper’s deep azalea wizardry.

The same is true in Web3. When the sales pitch is just technobabble conveying little more than “we have the heaviest cryptography on the block,” ask yourself: Has the team made it clear that they need the big guns, specifically, that nothing simpler could solve this problem? Usually, the answer is no.

So we’ll say it again: Don’t roll your own crypto! Maybe start checking the “About Us” page before trusting a project with your — or worse, your users’ cryptographic secrets. 

And if the answers to your security questions have a low signal-to-buzzword ratio — or if the team acts like their product is too advanced for mere mortals to understand — consider looking somewhere else.

Riad is co-founder and CEO of key management infrastructure provider Cubist and an Assistant Professor at Carnegie Mellon University. He is an applied cryptographer and leading academic researcher on zero-knowledge proofs and their applications. He is a co-inventor of proof systems including Lasso, Hyrax, and Brakedown, and he has co-authored cryptographic specifications including RFC9380 and the BLS signatures standard used by Ethereum, Avalanche and many other blockchains. Riad received his SB and MEng in Electrical Engineering and Computer Science from MIT, and his PhD in Computer Science from Stanford.

Fraser is co-founder and CTO of Cubist and an Assistant Professor at Carnegie Mellon University. She is an expert in software correctness: her research focuses on systems security, automated bug finding and formal verification, from verifying (parts of) production systems like browser JITs, to finding exploitable bugs in real codebases. Her tools have found many zero-day bountied bugs and CVEs in the Chrome and Firefox browsers and multiple operating systems. Fraser received her BA in English and her MS and PhD in Computer Science from Stanford.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


Upcoming Events

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research report cover graphics (4).jpg


Despite crypto gaming related projects and funds raising close to a billion dollars in November 2021, there have been only a handful of games that have attracted users apart from mercenary capital, and have had sustained activity for longer than a few months. Crypto gaming is going through an infrastructure phase. Theoretically, crypto gaming stands to benefit from purpose-built, high throughput chains, where blockspace is cheap (especially for games which are fully onchain). However, despite the launch of many gaming-focused chains, most crypto games are lacking in quality and quantity. Most new crypto gaming infrastructure either have no games or only a few games launched (e.g. Xai) or have failed to garner meaningful attention (e.g. Immutable X).


As Bloomberg analysts up their ether ETF approval odds, concerns about ETH’s liquidity and its possible status as a security remain


Ethereum is becoming a multilayered lasagna-like system, pushing people to the margins with its complexity and fees


Ether would be set to re-test its 2021 price high should the regulator unexpectedly approve ETH funds, industry watchers say


The Financial Innovation and Technology for the 21st Century Act, known as the FIT21 Act, is expected to head to the floor for a vote in the House in the afternoon on May 22


NYAG announced details about its settlement with bankrupt lender Genesis on Monday


The $948 million of inflows from May 13 to May 17 roughly equaled the net money that left the fund category over the five prior weeks