When newcomers to Ethereum ask why they should use a DApp over a traditional web service, our mantra has always been, “Decentralization, Decentralization, Decentralization.” A centralized web service could be censored by a government, but DApps are safe. A centralized web service could lose all of its data in a failure, but DApps are safe as long as Ethereum is alive. Centralized services are walled gardens by default, but DApps can have their tokens traded openly on exchanges.

But what people don’t say is that DApps have far more vulnerabilities and weak points than Ethereum itself, and just because a DApp runs on a decentralized blockchain, that doesn’t make it safe from the whims of its owner.

With the recent explosion of CryptoKitties, a lot of newcomers are coming into this space without a clear understanding of the nature of DApps, so I will use CryptoKitties as an example to illustrate some of the hidden, and not so obvious, problems with DApps in general.