A reader left a message:
“Currently, AI large models like Mythos are changing the DeFi and blockchain security ecosystem. If hackers utilize AI vulnerabilities to breach leading DeFi projects like Uniswap and Lido or the underlying public chains of ETH and BTC to implement large-scale theft... will a rollback be executed on-chain after the incident? Can the industry recover from the impact and resume development? Additionally, how secure is the underlying code of Ethereum, and can it withstand the impact of large models?”
This question is very complex, and I will try to share my personal views from various angles I can think of.
The concerns raised by this reader have actually already occurred in certain projects:
A few days ago, a white-hat hacker discovered security vulnerabilities in ZCASH using AI, leading to a significant drop in its price—people are worried that this vulnerability has been used to increase the issuance of ZCASH, resulting in a massive sell-off of tokens.
Although there is currently no solid evidence to prove this concern is valid, its impact on people's confidence is enormous.
The issues faced by ZCASH are a microcosm of what the entire crypto ecosystem might encounter.
If we broaden our perspective to various industries, it is highly likely that the crypto ecosystem is the one that will be impacted first by this kind of shock.
Why is that?
Because the vast majority of projects in the crypto ecosystem, including underlying infrastructures like layer-one blockchains, are open source, transparent, and public.
This means they will face scrutiny from AI first and foremost. Under this scrutiny, any problems will be exposed and vulnerable. Once discovered, they will immediately become targets for attacks and be exploited as “honey pots.”
In the current rapidly advancing AI landscape, the risks faced by the crypto ecosystem will only become greater and more urgent.
How do I view this risk and issue?
I believe we can find a reference for judgment from another question.
That question is: how do we view an open, transparent system versus a closed, black-box system?
An open, transparent system has problems and weaknesses that are obvious: because it is open and transparent, any small issue can be amplified, exaggerated, and seized upon by adversaries, leading to suppression and attacks.
In contrast, a closed, black-box system is completely different: because it is not open and opaque, outsiders cannot see its operational rules, and thus cannot find its weaknesses, much less attack it.
So, does that mean the closed, black-box system completely outperforms the open, transparent system?
Quite the opposite.
For a closed, black-box system, because it lacks mechanisms for timely feedback and punishment, a small problem within it can gradually worsen and spread due to concealment and cover-up, developing into a systemic risk. Once this risk leaks out and becomes an explicit risk under attack, it can instantly trigger systemic breakdown and flash crashes, leaving no time for rescue.
Moreover, due to the closed, black-box nature of the system, people are unsure of how it operates, leading to doubts when dealing with such systems, and they may even suspect the existence of backdoors, making it difficult to establish trust.
In contrast, an open, transparent system is different.
While this system often faces severe criticism and attacks, as long as it establishes a thorough error-correction mechanism and timely responsive capacity, it can expose and resolve issues during the phase where they are still manageable, preventing further deterioration.
Additionally, people know that such systems are transparent, understand their rules, and can trace their operations, so they are more likely to trust them and are more willing to try them out.
When given a choice, I believe that over time, most people will increasingly choose an open, transparent system over a closed, dark system.
The vast majority of operating systems used by electronic devices worldwide are open-source Linux or Android. This is a very typical example—aside from their robustness and the fact that they allow other users to avoid reinventing the wheel, another important factor is that their openness and transparency easily secure user trust.
Linux and Android have had vulnerabilities in the past and will have vulnerabilities now and in the future. They have been attacked historically and will continue to be attacked, but people will not abandon them because they have already established a comprehensive mechanism and methods to deal with crises and vulnerabilities.
Moreover, once people adopt them, their dependency will be very high, with strong stickiness.
The same principle applies to the crypto ecosystem.
This ecosystem has provided a fairly complete infrastructure that is capable of supporting the coexistence of humanity and AI.
Its openness and transparency are precisely the cornerstone and common ground that allows everyone and AI to trust and recognize it.
After so many years of operation and repeated challenges, along with constant scrutiny from hackers worldwide, the crypto ecosystem has consistently grown and expanded visibly. This alone indicates that the entire ecosystem has established a viable and effective mechanism for security issues; otherwise, we would not see the current crypto ecosystem.
Furthermore, the crypto ecosystem is meant to support a new world, which needs to garner immense trust; it must also be open and transparent.
More importantly, the security challenges brought by AI are not only directed at the crypto ecosystem but have posed significant tests for all industries and ecosystems.
However, the crypto ecosystem is just at the forefront of this impact.
If the crypto ecosystem can withstand the security challenges posed by AI, I believe it will instill greater confidence in its safety and reliability, making people more willing to build new applications and commercial models in this new world.
This is beneficial for the crypto ecosystem and poses no harm.
Therefore, for the reasons stated above, I am not worried at all that, as an ecosystem, the crypto ecosystem will be affected and obstructed by security issues.
Consequently, regarding the reader's question of “can the industry recover from the impact and resume development?”, my answer is unequivocal:
Of course, it can.
However, when it comes to whether each specific project within the crypto ecosystem can withstand the impact and recover, each case must be considered individually.
I believe that many projects will be ruthlessly eliminated in these shocks.
Which projects will manage to endure these waves of security shocks, survive tenaciously, and continue to innovate?
In this respect, traditional enterprises offer us many cases to learn from.
In American history, there have been numerous instances of “unprecedented” financial disasters.
In those disasters, almost all companies were severely impacted without exception, facing crashes, halving, or even nearing zero.
After the catastrophes, a considerable number of companies perished forever, but there have always been some that quickly rebounded and reached new heights.
What kind of companies can rebound quickly and achieve new highs?
In my view, these are companies with healthy corporate culture and values.
The same applies to the crypto ecosystem.
If one wants to predict which companies will be able to resiliently endure future waves of security shocks, I will look at which teams have a positive corporate culture and values.
For instance, one can observe which teams' founders have always prioritized security.
In fact, the crypto ecosystem already has such examples:
For example, Spark and Morpho, which have emerged in the recent AAVE incident.
They were not the most eye-catching projects in the ecosystem before. While other projects were carelessly introducing various collateral assets and expanding market share, they were cautiously improving security mechanisms or isolating security risks from the outset.
This exemplifies the significant role of value-driven orientation in critical times and is one of the important factors in my judgment of which projects are likely to survive various risks in the future, and it is also one of the key factors I consider when selecting projects now.
“If hackers utilize AI vulnerabilities to breach leading DeFi projects like Uniswap and Lido or the underlying public chains of ETH and BTC to implement large-scale theft... will a rollback be executed on-chain after the incident?”
If a rollback indeed occurs, and it is up to the community to vote on, I will participate in the vote and respect the final outcome; if there is no community vote at that time, I will judge based on my perspective at that moment.
“How secure is the underlying code of Ethereum, and can it withstand the impact of large models?”
I cannot judge the security of the underlying code of Ethereum, so I do not know how secure it is. But I believe it is at least stronger than the application projects it supports and will not be worse than any closed-source projects we see on the market today.
Additionally, I have always been paying attention to Vitalik and the Ethereum Foundation's previous statements and emphasis on security issues. I believe that even if Ethereum faces security vulnerabilities and significant attacks, it can withstand various shocks and continue to advance.
Moreover, if a fully open-sourced, public, and transparent Ethereum encounters major security issues, the security vulnerabilities of other closed systems become even more questionable.
I recall sharing a detail from a meeting summary of the Ethereum Foundation's conference at the end of last year in an article earlier this year:
The Ethereum Foundation suggested that in the future, EIPs should be completely submitted by AI, with AI auditing and submitting the code.
At that time, I regarded this suggestion as a fanciful idea, believing there was still a significant gap before it could be realized.
But now, with the emergence of Mythos, I feel that this suggestion is no longer far-fetched; it may indeed be a serious consideration for the Ethereum Foundation.
Moreover, this suggestion is becoming increasingly feasible and practical.
If Ethereum can indeed transition to having AIs like Mythos submit EIPs and conduct audits in the future, its iteration speed and security will be significantly enhanced compared to now.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
