Let’s address the risks of decentralization
Summary: Decentralization is the key value proposition of crypto. It enables trust and services without intermediaries. However, there is no such thing as a free lunch, as decentralization comes with severe risks, stressed last week by the $320mn Wormhole exploit. This may reduce trust in decentralized applications and give incentive to further regulation.
In August, Certus One owned by leading market maker Jump Crypto, a subsidiary of Jump Trading, launched Wormhole, an interoperability protocol allowing users to transfer tokens and use applications across various cryptocurrencies such as Ethereum, Solana, and Terra. Such an application is also known as a bridge. The most used Wormhole bridge is from Ethereum to Solana. This particular bride was targeted last week in what evolved into one of the largest decentralized finance protocol exploits in crypto.
Wormhole exploited for 120,000 Ether
On Wednesday, a hacker managed to exploit the Wormhole bridge between Ethereum and Solana for 120,000 Ether, worth around $320mn at the time. In brief, the hacker was able to mislead the protocol into assuming that the person in question deposited Ether into the contract to issue an equal amount in wETH, which is tokenized Ether on Solana collateralized with actual Ether through Wormhole. With the wETH at hand on Solana, the hacker returned to Wormhole to redeem the majority to actual Ether on Ethereum. The problem, though, as the hackers wETH was not collateralized, it was Ether collateralizing others wETH. The hacker traded the remaining wETH into other assets on decentralized exchanges on Solana to quickly get rid of the undercollateralized wETH.
Wormhole quickly offered the hacker a $10mn bug bounty if returning the funds. However, the hacker did not seem interested since Jump Crypto promptly funded Wormhole with an equivalent 120,000 Ether from their own book, saying on Twitter: “Jump Crypto believes in a multichain future and that Wormhole is essential infrastructure. That’s why we replaced 120k ETH to make community members whole and support Wormhole now as it continues to develop.” The hacker has not moved the stolen Ether yet, and to cash out such an amount will be severely challenging, as the few exchanges, brokers, and OTC desks able to liquidate such an amount will freeze it instantly if it suddenly hits their Ethereum wallet, as they know the source of the funds.
The Wormhole exploit stresses the risk of decentralizationIn 2021, $1.3bn was lost in decentralized application exploits, which was more than double the amount of 2020 upon an increasing value locked in decentralized applications. Hence, the Wormhole exploit is surely not the first and most critically, it is presumably not the last exploit. The latter stresses that decentralized applications are fragile and that they will likely continue to be that for years to come. This is further enhanced upon the fact that Wormhole was not developed by a teenager living in his or her parents’ basement. It was virtually developed by Jump Trading, one of the largest market makers within equities, options, futures, and cryptocurrencies. If a protocol developed by a corporation of that size can be exploited, imagine how challenging it is for a minor start-up to develop safeguarded decentralized applications. Moreover, imagine if an exploit in fact happens for a minor start-up, it is immediately game over as they cannot in this case fund the protocol with over $300mn worth in Ether in under 24 hours. This ultimately limits innovation within crypto as fewer want to risk their start-up and reputation in the space.
Here, decentralization enters the equation. While decentralization is the key value proposition of crypto because it empowers services normally facilitated by various intermediaries such as international transfers and decentralized trading of non-fungible tokens (NFTs), it is also a notable shortcoming of crypto. This is the case with decentralized exploits, as developers and users cannot recover funds when exploits occur, compared to a centralized system where the company behind can often reverse the transaction. This means that exploits and cyberattacks can have proportionally much worse consequences when dealing decentralized.
Does crypto learn from it?
Whenever an exploit takes place, the community often makes a u-turn and presents it as somewhat positive with the main argument being that the protocol in question alongside other protocols learn from the particular exploit to develop future-proof protocols. The learning view is likely true, however, imagine in how many ways various decentralized applications can be exploited, so to potentially develop safeguarded decentralized applications through a learning phase will not be a quick fix.
One might argue that decentralized applications will experience the same learning phase and development as e.g., crypto wallets. In the early days of Bitcoin, there were no great wallets, which meant that many Bitcoins were lost forever in the first years of its lifetime. At the time, it was likely hard to imagine that institutions would ever trust crypto companies to custody billions worth of value. This is not unimaginable anymore. Quite the contrary, it is the case today. As Søren Kierkegaard said: “Life can only be understood backwards, but it must be lived forwards”.
It is important to remember that the first decentralized applications launched in 2018, so it is somewhat of a new phenomenon. This means the industry is still quite early in its learning phase. Furthermore, over the past years, several consultancies have launched making audits in the code of decentralized applications, such as OpenZeppelin, which further enhances security. Besides doing audits, OpenZeppelin has released a framework of battle-tested smart contracts intended to be used by new decentralized applications. This effectively means that as the industry matures there will perchance be various frameworks and infrastructure to be leveraged in making applications more secure.
On the other hand, even if the industry can present a near-zero exploit risk in the future, the question is whether everyday people will trust decentralized applications with their history of exploits. Not to mention that the potential consequences of exploits are rapidly intensified upon increasing usage and value locked in decentralized applications. This may enforce tough regulation by regulators before the industry proves that it is safe to interact with.
Latest Market Insights
Outrageous Predictions 2023: The War Economy
- The constantly growing global need for energy drives the world's richest to huddle up and launch a R&D project in a size the world hasn't seen since the Manhattan Project gave the US the first atomic bomb.
French President Macron resignsThe political stalemate in France and the rise of Marie Le Pen following the 2022 elections corners President Macron, forcing him to give up on politics and resign from his position. At least for now.
Gold rockets to USD 3,000 as central banks fail on inflation mandateAs markets and central banks realise that the idea that inflation is transitory is wrong, and that prices will remain higher for longer, gold is sent through the roof, hitting a price tag of USD 3,000
EU Army forces EU down path to full unionWith continued challenges in the region and a US military that isn't aggressively enacting its former role as global policeman, the European Union agrees to create its own armed forces, bringing the whole region closer.
A country agrees to ban all meat production by 2030In an effort to become one of the global leaders on the path to net-zero emissions, one country decides to not only put a heavy tax on meat, but to ban domestic production entirely.
UK holds UnBrexit referendumFollowing a recession and domestic pressure, the United Kingdom is thrown into political turmoil that will end with a vote to wind back Brexit.
Widespread price controls are introduced to cap official inflationHistory tells us that with the war economy comes rationing and price controls. And this time is no different, as policymakers introduce strict price controls that lead to a range of unintended consequences.
OPEC+ & Chindia walk out of the IMF, agree to trade with new reserve assetSanctions against Russia have caused widespread turmoil due to US Dollar moves in countries across the globe that don't consider the US an ally. To relieve themselves from this, they leave the IMF and create a new reserve asset.
USDJPY fixed to the USD at 200 as Japan overhauls financial systemFollowing the challenges that faced the Japanese Yen in 2022, the Bank of Japan attempts to keep the currency from sliding. Unsuccessful on the long-term, Japan will launch a reset of its entire financial system.
Tax haven ban kills private equityWith the war economy comes an increased focus on national interests and sovereign nations' ability to assert themselves. In that regard, the OECD countries turn their attention on tax havens and pull the big guns out, banning them altogether.