The Irony of InfoSec’s Reaction to Crypto, NFTs, and Web3

crypto nft web3

There’s something strange about how our InfoSec community is reacting to cryptocurrency, NFTs, and Web3.

Mostly, it’s quite negative. And not dispassionate negative either—but a negativity soaked in ridicule and hate.

This is very curious coming from a community that includes so many hackers.

I think this comes from the dual nature of hackers themselves. On one hand, hackers are super open-minded and curious. They find everything interesting and can’t wait to learn about new things.

On the other hand, they’re also anti-establishment and anti-hype. Or at least, mainstream hype. Kind of like people who only like underground bands until they get popular. While it’s underground they’ll hype it all day, but once too many people like it they go find something else.

And that’s definitely happening with crypto and NFTs and Web3. Everyone’s talking about it. Everyone’s launching a coin, an NFT, or talking about how Web3 will solve all the problems. So I suppose it’s natural for hacker types to throw rotten fruit from afar.

But it still seems strange. I feel like the opposing force of curiosity and exploration should be strong enough to counteract that tendency.

We’re the security people. We should be walking the minefield before everyone else—to try to make it safer for the normies. We should be curious about it. We should be experimenting with it.

Hackers are simultaneously curious and skeptical, which is a great mix.

It might be total shite—at least some parts of it. And there’s definitely too much unhealthy hype around it. But that doesn’t mean the whole thing is rubbish.

If there’s even a moderate chance that decentralized computing, shared ownership of organizations, and digital validation of ownership will take off—which I think is a matter of when and not if—I think hackers should be fascinated by that. Like, holy shit, we could very well be in the BBS days of a new type of internet.

Unsupervised Learning — Security, Tech, and AI in 10 minutes…

Get a weekly breakdown of what's happening in security and tech—and why it matters.

And some hacker types definitely get it. Not everyone has gone negative on this stuff. I know lots of people who have been messing with crypto and NFTs and such. But guess what? Many of them are quiet about it because they don’t want to be ridiculed by their fellow InfoSec people.

It’s bad when hackers have to keep their curiosity about a new thing a secret from their own tribe.

We can do better.

All this stuff going on—putting aside the hype—could end up being a new substrate for everything, just like the internet in the 90’s. Or maybe not. Maybe it’s too early. Or maybe this tech won’t get us there. Or maybe it’s all crap. Who knows.

And I want to be very clear: it’s ok to find problems in things. It’s ok to warn people if you see danger. It’s ok to have a negative opinion about something. Obviously.

What I’m talking about is default hate towards anything new and strange. Like Cloud for instance. And now Crypto. Maybe they’ll work out, maybe they won’t.

But as security people—with the hacker spirit in many of us—I feel like we should be more curious and optimistic, and less prone to attack new things just because they’re strange.

It’s fine to warn, caution, and criticize. That’s part of our DNA too. But we should do our best to maintain a backdrop of optimism and curiosity when we do so, especially when looking at something with the potential to shape our future.


  1. Feb 2, 2022 — I did some slight softening of the post to make it more clear that I think criticism is fine, and even needed, but that I just don’t want us to lose the openness and curiosity aspects that make our culture so great.

  2. Moxie’s article on NFTs was an interesting example in that he didn’t completely bash the whole enterprise. He advised caution, and he did so after actually playing with the tech himself.

  3. A fellow security professional reminded me that this is similar to how security viewed the move to Cloud as well. And then all these years later nobody even notices anymore.

  4. Image from a Coindesk article by Annie Zhang.