Seven canonical tokens, defined
A flowchart for making token choices. Plus, lessons learned from crypto’s largest heist.
Tokens, defined
Miles Jennings, Scott Duke Kominers, and Eddy Lazzarin
With growing activity and innovation around token-based network models, builders are wondering how to distinguish different types of tokens — and which might be the best choice for their business. At the same time, both consumers and policymakers are trying to better understand the roles and risks of blockchain tokens in applications.
After all, token design choices matter — and there are a lot of choices that dictate whether a token might be a good store of value or medium of exchange; whether it might be a productive asset with innate functional and/or economic value; or whether it’s inherently valueless. The characteristics also dictate how a token might be treated legally.
So, whether you’re building a blockchain-based project, investing in tokens, or simply using them as a consumer, it’s essential to know what to look for. It’s important not to confuse, for instance, memecoins with network tokens. To help organize the conversation, we share definitions, examples, and a framework for understanding the seven categories of tokens we see entrepreneurs building with most often: network tokens, security tokens, company-backed tokens, arcade tokens, collectible tokens, asset-backed tokens, and memecoins.
Bonus read: The difference between company-backed tokens and network tokens that the centralizers don’t want you to know
Lessons learned from the Bybit hack
Matt Gleason and Robert Hackett
Last month marked potentially the biggest crypto heist of all time — a hack of the Dubai-based crypto exchange Bybit for a total of almost $1.5 billion. The Federal Bureau of Investigation has attributed it to a North Korean state-sponsored hacking group called “TraderTraitor.”
In this episode of web3 with a16z crypto, we step through the details of how the attack went down; the state of crypto security across different types of wallets and organizations; and what you can do to help protect yourself, and your company, from similar attacks.
We’re joined by Matt Gleason, a security expert at a16z crypto, whose writeup of the incident you can find below.
Malicious validators
Joachim Neu, Srivatsan Sridhar, and Ertem Nusret Tas
A central question in the security of blockchains is what percent of validators can be evil — that is, the number of adversaries that can be in control, while a blockchain remains safe and live. Is it 50%? 33%? Or, as Vitalik Buterin has written, 99%?
And if there’s a way to achieve resilience against adversaries that control almost all of a blockchain’s security-critical resources, why do almost all deployed blockchains content themselves with less? The answer is that it depends on the assumptions you make about clients. Are clients sleepy or always-on? Are they silent or communicating? Can validators be sleepy, too? And is the network synchronous or partially synchronous? Answering these questions can help builders see what percentage of validators can be evil while the blockchain remains operational.
Ethereum’s next upgrade
Noah Citron
The Pectra hard fork is live on testnet as of March 5 — with a mainnet fork block to be decided soon. Pectra, which includes 11 Ethereum Improvement Proposals (EIPs), will be one of Ethereum's most complex hard forks yet.
Most notable are EIP-7702 for account abstraction, and EIP-7691 which doubles the average blob throughput:
EIP-7691 and EIP-7840 increase the blob target from 3 to 6 blobs per block, doubling the throughput of Ethereum's rollups—and eliminating tech debt related to future blob configuration changes.
EIP-7702 creates a new transaction type in Ethereum, allowing Ethereum accounts to update their code, supporting seamlessly upgrading Ethereum accounts to smart contract accounts, and making use cases like batched transactions possible for all existing Ethereum accounts. Unlike prior account abstraction EIPs, this one does not require creating new accounts or performing one-time migrations, increasing the likelihood of account abstraction being adopted more widely.
Devconnect 2025 location announced
Devconnect, the “Ethereum World’s Fair,” is scheduled to take place in Buenos Aires November 17-22. See you there!
— a16z crypto editorial team
You’re receiving this newsletter because you signed up for it on our websites, at an event, or elsewhere (you can opt out any time using the ‘unsubscribe’ link below). This newsletter is provided for informational purposes only, and should NOT be relied upon as legal, business, investment, or tax advice. This newsletter may link to other websites or other information obtained from third-party sources — a16z has not independently verified nor makes any representations about the current or enduring accuracy of such information. Furthermore, the content is not directed at nor intended for use by any investors or prospective investors in any a16z funds. Please see a16z.com/disclosures for additional important details, including link to list of investments.