Outside of crypto, your tech startup’s primary competition comes from other companies—established players you want to disrupt, other startups, etc.

Inside of crypto, you are also in an adversarial relationship with organized crime and the military of North Korea.

That means you face both a market competition problem and a military problem at the same time.

To succeed in crypto means that you need a strategic rethink of how you approach competition. What good does it do you to trounce the market competition only for North Korea to get you rekt a week later?

Another way of framing this question is: How much tech debt can you take on as a crypto startup, and for how long?

Well, that depends on your risk appetite. It also depends on your ability to understand the risks you face and explicitly accept them. Risk acceptance is not useful if you underestimate the risks you face.

And human beings are notoriously bad at understanding and measuring risk, especially in cybersecurity.

The answer to the tech debt question depends on your timeline. You can probably get away with doing bare minimum security (or even less) for 12 to 18 months. But if your DeFi projects hits the big time, that’s going to attract apex predators, like hyenas to a wounded lion on the savannah.

It is highly doubtful you will be able to pay off that tech debt fast enough before predators get you rekt.

Consider two alternate scenarios. All tech companies want an exit. A sale of the company. Could be an acquisition by a larger company, could be an IPO.

Let's take the example of an IPO. In order to IPO, a company needs to establish a clear track record of consistent profit generation. That takes years. To pull a number out of thin air, let’s take five years. Many companies take five years (and often longer) to get to IPO.

Can you get away with shoddy security in the crypto space for five years without getting rekt?

I say no.

Any crypto company with assets and revenue sufficient to be having a serious conversation about an IPO by definition has a gigantic target painted on their back, and the hacker cubicles in Pyongyang are going to use you for target practice. After all, those nuclear weapons don’t pay for themselves.

A reasonable counter to my argument would be: We have to move fast and be first to market or the competition will eat our lunch. If we don’t create a viable business, then the IPO conversation is moot.

Well, the competition also lives in an adversarial relationship with organized crime and the North Korean military. They can also get rekt.

Simply by not getting rekt you can outlast the market competition.

Which brings us to the question of “brittle vs. resilient.” Brittle crypto companies will shatter. They might see green for a short while but only resilience goes the distance. Only resilience lasts in the face of persistent extralegal adversaries who want to bankrupt you.

There is risk in everything we do and risk in all the business we conduct. And it is in no company’s interest to be too risk averse. This can be just as harmful to a business as being too risk accepting. Finding just the right amount of risk is a question of artful strategy.

But a clear-eyed assessment of the security risks in crypto shows a lot of companies that look more like artless foolhardiness, like skydivers jumping out of an airplane without a parachute.

Maybe you’ll come across a scrap of cloth on your way down to slow your descent.

Then again, maybe not.