It seems that way from the outside, I'll grant. But I'll explain by analogy why I don't think it's as crazy as one might otherwise at first glance assume.
It's possible to create gold artificially, but because of the cost of doing it vs just purchasing the natural stuff, you can be almost certain any gold you come into contact with is not artificially created.
In much the same way, even though there are indeed tons of theoretical attacks that compromise various crypto keys linked to massive fortunes, because of the way the sector has evolved in terms of not making high value keys available in a low security context, and mitigating those threats in a high security context, the likelihood that any given crypto "account" you care to mention will ever be hacked is similarly low. It's not worth the attackers to invest the necessary resources to snag your minor android wallet stash, and even if they tried to bring those resources to bear on Xapo's vaults, they would fail.
Also, the sector as a whole has basically pioneered a whole new class of security measures, at least to the extent they're now in reasonably wide circulation, and improved security consciousness and software in general around the space immensely, exactly because now a bug isn't just some time and embarrassment, it may well be losing millions of dollars in value. In that context it makes sense to invest in the security to do it right and think carefully about all possible attack surfaces and vulnerabilities.
It's possible to create gold artificially, but because of the cost of doing it vs just purchasing the natural stuff, you can be almost certain any gold you come into contact with is not artificially created.
In much the same way, even though there are indeed tons of theoretical attacks that compromise various crypto keys linked to massive fortunes, because of the way the sector has evolved in terms of not making high value keys available in a low security context, and mitigating those threats in a high security context, the likelihood that any given crypto "account" you care to mention will ever be hacked is similarly low. It's not worth the attackers to invest the necessary resources to snag your minor android wallet stash, and even if they tried to bring those resources to bear on Xapo's vaults, they would fail.
Also, the sector as a whole has basically pioneered a whole new class of security measures, at least to the extent they're now in reasonably wide circulation, and improved security consciousness and software in general around the space immensely, exactly because now a bug isn't just some time and embarrassment, it may well be losing millions of dollars in value. In that context it makes sense to invest in the security to do it right and think carefully about all possible attack surfaces and vulnerabilities.