Chapter 30 Exercises
Section A: Conceptual Questions
Exercise 30.1 — Classifying Failure Modes
For each of the following scenarios, identify which category of crypto failure it most closely resembles (exchange hack, smart contract exploit, fraud, design flaw, or contagion) and explain your reasoning:
(a) A DeFi lending protocol offers 15% yield on stablecoin deposits. The yield is generated by lending the deposits to institutional borrowers. One of the borrowers defaults, and the protocol cannot make depositors whole. There was no misrepresentation — the protocol's documentation accurately described the lending model — but depositors assumed the yield was "risk-free."
(b) A new layer-1 blockchain suffers a consensus bug that allows an attacker to double-spend tokens. The bug exists in the open-source code and could have been found by any auditor, but the chain launched without a formal audit. The attacker drains $30 million from a DEX running on the chain.
(c) A centralized crypto exchange CEO transfers customer bitcoin to a personal wallet and uses the funds to buy a yacht, a private jet, and several properties. The exchange continues operating normally for 18 months, using new deposits to honor withdrawal requests, until the gap between liabilities and assets becomes too large to conceal.
(d) A stablecoin maintains its peg through a basket of reserves that includes 40% corporate commercial paper, 30% treasury bills, and 30% crypto collateral. During a market downturn, the commercial paper and crypto collateral lose significant value, and the stablecoin breaks its peg.
(e) A crypto hedge fund borrows from three different lending platforms, using the same collateral pledged to all three (none of which are aware of the cross-collateralization). When the collateral's value drops, all three platforms issue margin calls simultaneously, and the fund cannot satisfy any of them.
Exercise 30.2 — The Centralization Spectrum
The chapter argues that "centralized entities fail, decentralized protocols continue." Test this claim by analyzing the following systems on a centralization spectrum:
(a) For each of the following, identify the specific points of centralization: - A centralized exchange (e.g., Coinbase or Binance) - A decentralized exchange (e.g., Uniswap v3) - A DeFi lending protocol (e.g., Aave) - A centralized crypto lender (e.g., Celsius, pre-collapse)
(b) For each system, describe what happens if the founding team disappears overnight. Which systems continue operating? Which halt? What does this reveal about their actual degree of decentralization?
(c) Is Uniswap truly decentralized? Consider: the smart contracts are immutable, but the frontend (app.uniswap.org) is operated by Uniswap Labs, a private company. Uniswap Labs has blocked certain tokens from appearing on the frontend. Does this constitute centralization? What are the implications for users?
(d) MakerDAO maintained DAI's peg throughout the 2022 crisis while Terra's UST collapsed. Both were algorithmic stablecoins. What structural differences explain the divergent outcomes? (Hint: consider collateral type, over-collateralization ratio, and liquidation mechanisms.)
Exercise 30.3 — Evaluating the Ethereum Fork Decision
The DAO hack in 2016 led to a hard fork that reversed the attacker's transactions. This exercise asks you to evaluate that decision from multiple perspectives.
(a) The "code is law" argument. Steel-man the case against the fork: the attacker interacted with the smart contract in a way the code permitted. No one hacked Ethereum itself. Reversing the transaction sets a dangerous precedent. Make this argument as compelling as you can.
(b) The pragmatic argument. Steel-man the case for the fork: $60 million was stolen through what everyone agrees was an exploit (not the intended behavior of the contract). The 28-day lockup provided a window to act. Failing to act would have devastated confidence in Ethereum. Make this argument as compelling as you can.
(c) The precedent question. The Ethereum community has not executed a similar state-altering fork since 2016, despite subsequent hacks of comparable or larger scale (e.g., the Ronin Bridge hack in 2022 lost $620 million). Why was the fork executed for The DAO but not for subsequent exploits? What changed?
(d) Your verdict. Having considered both sides, do you believe the fork was the right decision? Justify your answer with reference to the specific circumstances and the principles at stake. There is no single correct answer; the quality of the reasoning matters more than the conclusion.
Exercise 30.4 — Contagion Mapping
The 2022 contagion cascade involved multiple entities connected through lending, investment, and counterparty relationships.
(a) Draw a directed graph showing the flow of contagion from Terra/Luna through the following entities: Three Arrows Capital, Celsius, Voyager, BlockFi, Genesis, and FTX. For each edge, label the type of relationship (lender, borrower, investor, counterparty).
(b) Identify the entities that, if they had been removed from the graph, would have broken the contagion chain. Are there single points of failure in the contagion network?
(c) In traditional finance, circuit breakers exist to halt cascading failures: deposit insurance (FDIC), lender-of-last-resort facilities (Federal Reserve discount window), and mandatory capital requirements. For each of these three mechanisms, discuss whether an equivalent could exist in the crypto ecosystem and what trade-offs it would involve.
(d) Some argue that the 2022 contagion was actually a feature, not a bug — that the crypto market needed to purge overleveraged entities, and that the absence of bailouts meant the market healed more honestly than traditional finance (which socializes losses through taxpayer-funded rescues). Evaluate this argument. What are its strengths and weaknesses?
Section B: Analytical Questions
Exercise 30.5 — Forensic Balance Sheet Analysis
The CoinDesk article that triggered FTX's collapse was based on a leaked Alameda Research balance sheet. Below is a simplified version. Analyze it.
Alameda Research — Simplified Balance Sheet (Q2 2022)
| Assets | Amount |
|---|---|
| FTT (unlocked) | $3.66B |
| FTT (locked / collateral) | $2.16B |
| SOL (locked) | $1.15B |
| SOL (unlocked) | $0.29B |
| Cash and stablecoins | $0.13B |
| BTC | $0.07B |
| Other tokens / investments | $1.50B |
| Total Assets | $8.96B |
| Liabilities | Amount |
|---|---|
| Borrowings | $7.40B |
| Total Liabilities | $7.40B |
| Net Equity | $1.56B |
(a) What percentage of Alameda's total assets were FTT tokens? Why is this concentration concerning?
(b) FTT tokens were created by FTX, Alameda's sister company. In traditional finance, what would we call an asset that a company creates and then counts on its own (or a related party's) balance sheet? Why is this practice problematic?
(c) The "locked FTT" ($2.16B) was being used as collateral for borrowing. Walk through the reflexive loop: if FTT's price drops, what happens to the collateral value, and how does this affect Alameda's ability to maintain its borrowings?
(d) Alameda's cash and stablecoins were $130 million against $7.4 billion in borrowings. What does this imply about the firm's liquidity — its ability to meet short-term obligations?
(e) If you had seen this balance sheet in June 2022, what actions would you have taken? (Consider: would you continue holding assets on FTX? Would you short FTT? Would you alert regulators?)
Exercise 30.6 — Red Flag Checklist Application
Apply the chapter's Red Flag Checklist to two current crypto entities: one centralized exchange and one DeFi protocol. For each entity, assess the following eight flags:
- Opaque or absent proof of reserves
- Yields that are "too good to be true"
- Commingled entities
- Single points of failure
- Hostility to criticism
- Regulatory arbitrage
- Related-party transactions
- Absence of independent governance
For each flag, provide a green/yellow/red rating with a brief justification. Write a one-paragraph summary of your overall assessment for each entity.
Exercise 30.7 — Comparing Crypto Failures to Traditional Finance Failures
For each crypto failure listed below, identify the most analogous traditional finance failure and explain the structural parallels:
(a) FTX/Alameda (2022) and _____
(b) Three Arrows Capital (2022) and _____
(c) Terra/Luna (2022) and _____
(d) Mt. Gox (2014) and _____
Suggested comparisons (you may use others): Bernie Madoff (Ponzi scheme), Long-Term Capital Management (leveraged hedge fund collapse), the 2008 money market fund "breaking the buck," Barings Bank (rogue trader), MF Global (commingled customer funds).
For each pair, discuss: What structural features were shared? What, if anything, was uniquely crypto about the failure?
Section C: Research and Discussion Questions
Exercise 30.8 — The Mt. Gox Creditor Saga
Research the Mt. Gox creditor repayment process, which began in 2024 — a full decade after the exchange's collapse.
(a) Why did the process take so long? Identify at least three specific factors that delayed distributions.
(b) Some creditors who had lost bitcoin at ~$450 per BTC eventually received bitcoin worth orders of magnitude more. Does this outcome affect your assessment of the failure? Why or why not?
(c) The Mt. Gox trustee sold significant quantities of bitcoin in 2018 to generate fiat for creditor payments, contributing to downward price pressure. Was this approach appropriate? What alternatives existed?
Exercise 30.9 — QuadrigaCX: The Lingering Questions
The QuadrigaCX case remains, in some ways, unresolved.
(a) The Ontario Securities Commission concluded that QuadrigaCX was "effectively a Ponzi scheme." Do you agree with this characterization? What distinguishes a Ponzi scheme from other types of fraud?
(b) Gerald Cotten's body was exhumed and his identity confirmed. But the investigation found that funds were missing long before his death. How should we assess the "lost keys" narrative in light of this finding?
(c) The QuadrigaCX case led to calls for mandatory multi-signature key management for crypto custodians. Design a key management policy for a hypothetical exchange that would prevent a QuadrigaCX-type failure. Specify: how many key holders, what threshold is required for transactions, how successors are designated, and how the policy is audited.
Exercise 30.10 — Writing a Post-Mortem
Choose one of the six failures discussed in this chapter. Write a formal post-mortem report (500-750 words) that includes:
- Timeline: Key dates and events leading to the failure
- Root cause: The fundamental reason for the failure (not just the proximate trigger)
- Contributing factors: Secondary factors that made the failure worse than it needed to be
- Warning signs: Signals that were available before the collapse
- Lessons learned: Specific, actionable recommendations to prevent recurrence
- Classification: Was this a technology failure, a human failure, or both?
Model your post-mortem on the format used by major technology companies for incident reports (Google's SRE post-mortem format is a useful reference).
Section D: Coding Exercises
Exercise 30.11 — Failure Timeline Visualization
Using the failure_timeline.py script in this chapter's code directory as a starting point, extend the timeline to include at least five additional crypto failures or security incidents not covered in the chapter text. For each addition, include:
- Date
- Entity name
- Failure type (hack, fraud, design flaw, contagion)
- Amount lost
- One-sentence description
Regenerate the timeline visualization with your additions.
Exercise 30.12 — Contagion Simulation
Extend the contagion_network.py script to model a hypothetical contagion scenario:
(a) Add a new node to the 2022 contagion network — a hypothetical exchange called "NovaX" — that has lending relationships with two of the existing entities. Demonstrate how adding this node changes the contagion dynamics.
(b) Implement a simple "stress test" function that simulates what happens when a specified entity's assets lose 50%, 75%, or 100% of their value. For each scenario, trace which other entities become insolvent (defined as liabilities exceeding assets) and in what order.
(c) Add a "circuit breaker" mechanism that halts contagion when an entity's losses exceed a threshold (simulating, for example, deposit insurance). Demonstrate how circuit breakers change the extent of contagion.
Exercise 30.13 — On-Chain Forensics
This exercise requires an Ethereum block explorer (etherscan.io) but no coding.
(a) Look up the original DAO contract address: 0xBB9bc244D798123fDe783fCc1C72d3Bb8C189413. Examine the transaction history around June 17, 2016. Can you identify the exploit transactions? What patterns do you observe?
(b) Look up the FTX exchange's known Ethereum hot wallet addresses (published by various blockchain analytics firms). Examine the outbound transactions from November 8-12, 2022. What do you observe about the volume and timing of withdrawals?
(c) Based on your observations, discuss: how much of a crypto exchange's activity is visible on-chain? What is invisible? How does this affect the feasibility of proof-of-reserves systems?