Silence before the breach.
On 15 January 2025, Crypto Briefing reported that Como 1907, a Serie A club owned by the Indonesian Djarum Group, finalized a loan deal for Barcelona’s 18-year-old midfielder Xavi Espart. The transaction was ordinary in football terms: a two-year loan with a buy option. The anomaly? The article explicitly flagged it as ”crypto-free.”
No fan token issuance. No crypto-sponsored jersey patch. No NFT-linked bonuses. In a league where clubs like Inter Milan and Roma had previously raced to ink deals with blockchain platforms, this silence is a data point. Over the past 12 months, the number of crypto-related partnerships in Italy’s top flight dropped by 37% (per SponsorPulse data). The Espart deal is not a standalone event—it is the symptom of a broader recalibration.
For an auditor, this is the moment before the vault drains. The hype is gone. The code remains. And the legacy systems—traditional finance, contracts, scouting—are being stress-tested.
Context: The Protocol of Football Transfers
A football loan works like a simple smart contract: Club A (lender) transfers the rights to a player’s performance for a fixed period, with optional future purchase. The economic layers are:
| Layer | Traditional | With Crypto Overlay | |-------|-------------|---------------------| | Payment | Fiat wire transfer, delayed settlement | Stablecoin or token transfer, on-chain settlement | | Incentive | Buy option, performance bonuses | Token-gated fan engagement, staking rewards | | Risk | Counterparty default, regulatory freeze | Oracle manipulation, liquidity crisis |
Between 2021 and 2023, Serie A clubs integrated the crypto overlay extensively: Inter signed a $20M sponsorship with DigitalBits (which later defaulted), Roma offered fan tokens via Socios, and Juventus launched its own token. The economic model was simple: issue tokens to raise immediate cash, then hope the token price appreciates through fan engagement.
But the code had a flaw. Verification > Reputation.
The DigitalBits partnership collapsed when the $XDB token lost 95% of its value. Roma’s fan token dropped 80% from its all-time high. The liquidity was never there. Como’s management, composed of former traders and legal professionals, recognized the pattern: a protocol with no exit audit.

Core: Code-Level Analysis of the ‘Crypto-Free’ Decision
Why would a club reject an asset class that still commands $1.7T in market cap? The answer lies in the economic mechanics of a football club’s balance sheet.
1. The Liability Hidden in Tokenized Revenue
When a club issues a fan token, it creates a liability: an obligation to provide future utility (voting, discounts, content) or a promise of buyback. This is akin to a debt instrument with no maturity date. From my audit experience with token-gated DAO treasuries, I have seen this pattern:
class FanToken:
def __init__(self, total_supply, club_revenue):
self.supply = total_supply
self.reserve = club_revenue * 0.1 # Initial liquidity
def price(self):
return self.reserve / self.supply
def on_utility(self, user):
# No guaranteed redemption
pass
```
The problem: the reserve is rarely audited for segregation. In the event of a bear market, the reserve shrinks faster than supply adjusts, leading to a spiral. Como’s ownership group, which has experience in commodities trading, likely ran this mental model.
2. The Cost of Oracle Dependency
A fan token’s price depends on external data (match results, player performance, market sentiment). This is an oracle risk identical to what I have dissected in lending protocols. If the oracle fails—due to poor liquidity or malicious manipulation—the token becomes worthless.
3. The Opportunity Cost of Illiquid Assets
The $40 million that Roma might have raised through token sales is dwarfed by the $400 million they could have made by selling a star player like Nicolò Barella. Short-term crypto liquidity is a distraction from long-term asset appreciation. Como’s Xavi Espart deal is a bet that player development—not token speculation—generates the highest ROI. This is equity logic over token logic.
Let me break down the transfer’s economic structure using a discounted cash flow model:

Present Value of Espart = (Loan Fee) + (Buy Option * Probability of Activation) - (Wages * Years)
Assuming a loan fee of $1M, a buy option of $10M, 50% probability, and wages of $0.5M/year for 2 years:

*PV = $1M + ($10M 0.5) - ($0.5M 2) = $1M + $5M - $1M = $5M*
No token needed. No oracle. No regulatory uncertainty.
Contrarian: The Blind Spot in the ‘Crypto-Free’ Narrative
The market interpretation of Como’s move is that clubs are abandoning crypto. I argue the opposite: they are downscoping their dependency on unaudited protocols.
One unchecked loop, one drained vault.
Consider the following blind spots that proponents of “crypto-free” risk:
- Lost network effects: Tokenized fan engagement, despite its flaws, creates data trails. Without it, Como loses the ability to tokenize future loyalty, potentially missing a long-tail revenue stream if a regulatory framework emerges.
- Composability gap: A player loan could be integrated with a broader infrastructure—e.g., decentralized insurance on injuries, or tokenized performance bonuses. By rejecting crypto altogether, Como locks itself out of future protocol composability.
- Security by obscurity: The claim “crypto-free” assumes traditional finance is inherently safer. My audit of bank reconciliation systems for a European fintech revealed that batch settlement times create a 48-hour window for front-running—a vulnerability that blockchains solve.
The real threat is not crypto itself, but the absence of a standardized security framework for both worlds. Como’s lawyers may have flagged counterparty risk in crypto, but they missed the same risk in fiat: Barcelona’s financial instability (€1B debt) could lead to a default on the loan terms.
Code is law, until it isn’t.
Takeaway: The Vulnerability Forecast
I predict the following cascade over the next 18 months:
- Serie A clubs will publish formal “crypto risk assessments” in their annual reports, mirroring the IR-15 security standards I recommended to a DeFi lending desk in mid-2024.
- The players’ unions (such as FIFPro) will demand smart contract audits for tokenized bonuses—not to ban them, but to verify the code.
- A major club, likely Juventus, will attempt a hybrid model: a permissioned token for season tickets, isolated from trading markets, audited by a third-party firm.
Como’s Xavi Espart loan is not a rejection of blockchain. It is a security patch applied to the protocol of sports finance. The question is not whether crypto returns, but whether the next iteration will be built with verifiable dependencies, institutional standardization, and forensic dissection.
Silence before the breach? Or silence after the exploit? The market will decode the signal within 12 months.