8 Critical Insights from My Forthcoming Book on Blockchain Security
Decentralised Digital Security: Code, Community, Crisis (Forthcoming, Manchester University Press)
14 October, 2025
By Kelsie Nabben
Coordination under Uncertainty
As the digital world becomes ever more entangled with global finance, governance, and everyday life, the question of how to coordinate securely under conditions of uncertainty has never been more pressing.
My forthcoming book, Decentralised Digital Security: Code, Community, Crisis, explores this topic through a deep ethnographic dive into blockchain ecosystems—with a focus on security not only as a technical property, but also a social practice.
The book draws on years of ethnographic research conducted as major incidents unfolded across blockchain ecosystems—often in real time. It follows the engineers, white-hat hackers, and other community responders who collectively respond, rescue, pause, repair, postmortem and prepare for the next crises (notably, the not-for-profit Security Alliance, or SEAL). For the first time, it documents how security occurs within blockchain ecosystems, revealing how decentralised systems depend on emergent forms of coordination, including institutions, standards, reputation, and moral codes.
This blog post shares eight critical insights that frame the book.
1. Blockchain is framed by a persistent state of insecurity
In decentralised systems, insecurity is not an exception, it is the norm. The open, permissionless nature of public blockchains and the financial value at stake means that vulnerability and threats are constant. This persistent insecurity shapes how actors organise, communicate, and innovate. Rather than aiming to eliminate insecurity or ‘achieve’ security, these communities learn to live with it: treating threats as a shared coordination problem that must be constantly managed.
2. Insecurity is the greatest threat to the legitimacy of public blockchain ecosystems
For public blockchain systems that claim to offer trust without intermediaries, insecurity undermines not only user confidence but broader legitimacy of the industry. Each exploit or governance failure threatens the foundational claim of public blockchains: that code can be law (i.e. algorithmic governance). The book shows how the legitimacy of blockchain ecosystems depends on the ability to respond collectively to crises and improve user outcomes—turning moments of breakdown into demonstrations of precarity, innovation, and resilience.
3. Security is social: from technical vulnerabilities to social engineering
While smart contract bugs and hacks often make headlines, the book shows that security is a social coordination phenomenon. Firstly, social engineering often creates the possibility for phishing attacks and major exploits. Secondly, crisis response is inherently reputational, often informal, and socially coordinated—both within blockchain ecosystems, and with external authorities (i.e. Federal law enforcement agencies). Blockchain security, therefore, must be understood as a sociotechnical achievement—requiring not only auditing and formal verification, but rules of engagement, communication practices, and shared moral economies of response and repair.
4. The rise of the blockchain white hat hacker
The book identifies that a new character has emerged in the security landscape: the blockchain white-hat hacker. White hats are ‘for good’ hackers—highly proficient in their technical abilities and ideologically motivated to help the blockchain industry fulfill its potential. These actors often coordinate ‘war room’ crisis responses and intervene in real time (publicly, on chain) to mitigate or reverse hacks. They are responsible for the recovery of millions in stolen assets and design of numerous opensource software code security solutions. They state their motivations as altruistic, and their actions are bound by their own codes of conduct. The blockchain white hat hacker embodies cypherpunk ideals and the moral frontier of decentralised security. The book examines the rise of these “ethical exploiters” and the delicate reputation and legitimacy claims that underpin their work. It also traces the novel initiatives that are paving the way to protect white hat rights and allow users and protocols to consent to their response efforts (such as SEAL Safe Harbour and SEAL911).
5. Beyond hacks: Physical and geopolitical threats
Blockchain infrastructures are not insulated from the physical and political world. From gang kidnappings to state-sponsored exploits by sanctioned regimes, the geopolitics of security are increasingly intertwined with decentralised digital systems. The Lazarus Group and other Advanced Persistent Threats illustrate how cyber operations blur the boundaries between financial crime, warfare, and governance. Security in blockchain networks must therefore be seen as a geopolitical concern that requires coordination with traditional nation-state authorities.
6. Emergent security coordination: the rise of collective initiatives like SEAL
In the face of persistent threats, decentralised communities have created innovative security coordination initiatives. A key example that the book traces is the Security Alliance (SEAL), a cross-protocol coalition that mobilises incident response across ecosystems. These initiatives exemplify a new form of collective intelligence and diplomacy that operates across institutional boundaries to trace, freeze, and recover assets. They represent some of the most promising frontiers in decentralised digital security.
7. The need for incentive alignment
Decentralised security relies on incentives—from donations to bug bounties. Yet, economic incentives must be reliably organised to sustain security practices. Furthermore, effective defence requires incentive systems that combine economic reward with moral purpose, a sense of civic duty, and institutional accountability. Security is strongest where incentives are aligned with ethics.
8. Security for users: Towards a culture of shared responsibility
User security in blockchain ecosystems remains one of the most under-examined challenges of all. From managing private keys to recognising scams, individuals using blockchain infrastructure are required to bear the weight of ‘self-sovereignty.’ The book details the experiences of user losses (myself included), as well as the buffers (i.e. SEAL911 emergency response help line, and protocol or exchange pay outs). It argues that genuine user security demands designing for insecurity and shared responsibility to build infrastructures that empower users through better defaults, interfaces, and education.
In Closing
Decentralised Digital Security: Code, Community, Crisis tells the story of how people coordinate under pressure when the stakes are global, the code is public, and the rules are still being written.
It is also a call to reimagine security as a collective endeavour—one that spans codebases, communities, and crises. Through ethnographic insight and analytical depth, the book situates blockchain not at the periphery of cybersecurity, but at its evolving core.
Note: The book is anticipated for release in early 2026. It will be published Open Access, with thanks to a generous grant from the Ethereum Foundation. Thank you also to each research participant, notably the Security Alliance, as well colleagues for feedback, as detailed in the acknowledgements of the book.