By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
CAIA Level I Study Guide
What is this topic? Distributed Ledger Technology (DLT) is the decentralized, cryptographic framework underpinning digital assets (e.g., cryptocurrencies, tokenized securities). It enables trustless, tamper-evident record-keeping across a peer-to-peer network.
How is it tested, applied, or used? CAIA tests DLT’s role in alternative investments (e.g., crypto funds, DeFi), regulatory challenges (AML/KYC), and operational risks (smart contract exploits). Real-world use includes settlement systems (e.g., blockchain for securities), tokenization of assets (real estate, private equity), and audit trails for compliance.
CAIA assesses DLT to evaluate: - Risk judgment: Identifying vulnerabilities (e.g., 51% attacks, oracle failures) in digital asset investments. - Regulatory literacy: Interpreting how DLT interacts with securities laws (e.g., Howey Test for tokens), tax treatment, and cross-border compliance. - Operational due diligence: Assessing DLT’s impact on custody, liquidity, and counterparty risk in alternative investment structures. - Innovation awareness: Recognizing DLT’s disruptive potential in asset management (e.g., fractionalization, automated compliance via smart contracts).
DLT is a core enabler of digital assets, a growing segment of alternative investments. CAIA Level I covers DLT’s technical, regulatory, and operational dimensions to prepare candidates for: - Evaluating crypto-native funds (e.g., Bitcoin ETFs, DeFi protocols). - Auditing DLT-based systems for compliance (e.g., AML/KYC in on-chain transactions). - Assessing DLT’s role in tokenization (e.g., private equity, real estate) and settlement efficiency (e.g., T+0 vs. T+2).
Intermediate
Key rule: PoW is censorship-resistant but slow; PoS is scalable but may favor wealthy validators.
Smart Contract Risks:
Key rule: Always audit smart contracts for reentrancy bugs (e.g., recursive calls draining funds).
Regulatory Classification:
Confusing "decentralization" with "trustlessness." - Decentralization: No single point of control (e.g., Bitcoin’s 10,000+ nodes). - Trustlessness: No need to trust counterparties (e.g., Bitcoin’s PoW consensus). - Trap: A system can be decentralized but not trustless (e.g., EOS’s 21 block producers are centralized). Conversely, a trustless system may not be decentralized (e.g., a private blockchain with one validator).
Apply the Howey Test if uncertain.
Assess the ledger type:
Permissionless (open to all) vs. permissioned (restricted access).
Evaluate consensus mechanism:
DPoS: Fast, but centralized (e.g., EOS).
Identify smart contract risks:
Check if the contract is upgradeable (proxy patterns) or immutable.
Regulatory due diligence:
Custody: Is storage self-custodied (risk of key loss) or institutional (counterparty risk)?
Operational risk assessment:
Custody: Are private keys stored in cold wallets (offline) or hot wallets (online, higher hack risk)?
Valuation:
What it tests: Basic DLT terminology. Example Question: Which consensus mechanism is used by Bitcoin? A) Proof of Stake B) Delegated Proof of Stake C) Proof of Work D) Practical Byzantine Fault Tolerance
Correct Answer: C) Proof of Work Key Tip: Memorize Bitcoin = PoW, Ethereum = PoS (post-Merge).
What it tests: Regulatory classification. Example Question: A startup issues a token that grants holders voting rights on project decisions and a share of profits. Under the Howey Test, is this token likely a security? A) No, because it has utility (voting rights). B) No, because it is not sold to the public. C) Yes, because it meets all four Howey Test criteria. D) Yes, but only if profits are guaranteed.
Correct Answer: C) Yes, because it meets all four Howey Test criteria. Key Tip: Focus on expectation of profit derived from others’ efforts—voting rights alone don’t exempt a token from securities laws.
What it tests: Risk assessment of a DLT-based fund. Example Question: A hedge fund invests in a DeFi protocol that lends stablecoins against crypto collateral. Identify three risks specific to this strategy and propose one mitigation for each.
Model Answer: 1. Smart Contract Risk: The protocol’s code may contain bugs (e.g., reentrancy) leading to fund loss. - Mitigation: Require third-party audits (e.g., CertiK, OpenZeppelin) and insurance (e.g., Nexus Mutual).
Mitigation: Use decentralized oracles (e.g., Chainlink) with multiple data sources.
Liquidity Risk: Collateral may become illiquid during market stress (e.g., 2022 crypto winter).
Key Tip: Link risks to DLT-specific vulnerabilities (e.g., oracles, smart contracts) and real-world examples (e.g., Terra/LUNA collapse).
What it tests: Operational due diligence. Example Question: A private equity firm wants to tokenize a commercial real estate asset. Outline three steps to ensure regulatory compliance and two risks to monitor post-tokenization.
Model Answer: Steps for Compliance: 1. Jurisdictional Analysis: Register the token as a security (e.g., under Regulation D in the US) or structure it as a utility token if possible. 2. KYC/AML: Implement on-chain identity verification (e.g., Spruce ID) for token holders. 3. Custody: Use a qualified custodian (e.g., Anchorage) to store private keys and comply with SEC rules.
Post-Tokenization Risks: 1. Secondary Market Liquidity: Low trading volume may prevent investors from exiting. 2. Regulatory Changes: New laws (e.g., MiCA in the EU) could reclassify the token, triggering compliance costs.
Key Tip: Emphasize regulatory adaptability—DLT laws are evolving rapidly.
Eliminate wrong answers in DLT questions using the "3 C’s": 1. Consensus: If the question mentions mining, it’s likely PoW (e.g., Bitcoin). If it mentions staking, it’s PoS (e.g., Ethereum). 2. Custody: If the scenario involves private keys, the risk is self-custody (key loss). If it involves exchanges, the risk is counterparty (hacks). 3. Compliance: If the token offers profit-sharing, it’s likely a security (Howey Test). If it’s purely utility (e.g., paying for storage), it’s not.
A Bitcoin transaction is stuck "pending" for hours. What’s the most likely cause? - What’s happening: The network is congested, and the sender set a low gas fee. - Notice first: Check mempool size (number of pending transactions) and fee market (higher fees = faster confirmation).
A DeFi protocol offers 20% APY on stablecoin deposits. What’s the hidden risk? - What’s happening: The protocol may be overcollateralized (e.g., 150% LTV) or yield farming (temporary incentives). - Notice first: Audit the smart contract for reentrancy bugs and check if the yield is sustainable (e.g., not Ponzi-like).
A company issues a token that grants access to a SaaS platform. The SEC sues, claiming it’s a security. What’s the strongest defense? - What’s happening: The token may fail the Howey Test if it has consumptive use (e.g., paying for API calls) and no profit expectation. - Notice first: Argue that the token’s primary use is utility, not investment (e.g., like a Starbucks gift card).
Question: What is the primary purpose of a blockchain’s "hash function"? A) To encrypt transaction data B) To create a unique, fixed-size output for any input C) To validate the identity of users D) To store private keys securely
Correct Answer: B) To create a unique, fixed-size output for any input. Explanation: Hash functions (e.g., SHA-256) produce a deterministic, irreversible output (hash) for any input, enabling tamper-evidence. Trap Option: A) Encryption implies reversibility (hashing is one-way).
Question: A hedge fund holds 1,000 ETH in a smart contract that auto-stakes to earn yield. The contract is exploited, and 500 ETH are drained. What’s the most likely cause? A) A 51% attack on Ethereum B) A reentrancy bug in the smart contract
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.