Let’s address the risks of decentralization Let’s address the risks of decentralization Let’s address the risks of decentralization

Let’s address the risks of decentralization

Mads Eberhardt

Cryptocurrency Analyst

Summary:  Decentralization is the key value proposition of crypto. It enables trust and services without intermediaries. However, there is no such thing as a free lunch, as decentralization comes with severe risks, stressed last week by the $320mn Wormhole exploit. This may reduce trust in decentralized applications and give incentive to further regulation.

In August, Certus One owned by leading market maker Jump Crypto, a subsidiary of Jump Trading, launched Wormhole, an interoperability protocol allowing users to transfer tokens and use applications across various cryptocurrencies such as Ethereum, Solana, and Terra. Such an application is also known as a bridge. The most used Wormhole bridge is from Ethereum to Solana. This particular bride was targeted last week in what evolved into one of the largest decentralized finance protocol exploits in crypto.

Wormhole exploited for 120,000 Ether

On Wednesday, a hacker managed to exploit the Wormhole bridge between Ethereum and Solana for 120,000 Ether, worth around $320mn at the time. In brief, the hacker was able to mislead the protocol into assuming that the person in question deposited Ether into the contract to issue an equal amount in wETH, which is tokenized Ether on Solana collateralized with actual Ether through Wormhole. With the wETH at hand on Solana, the hacker returned to Wormhole to redeem the majority to actual Ether on Ethereum. The problem, though, as the hackers wETH was not collateralized, it was Ether collateralizing others wETH. The hacker traded the remaining wETH into other assets on decentralized exchanges on Solana to quickly get rid of the undercollateralized wETH.

Wormhole quickly offered the hacker a $10mn bug bounty if returning the funds. However, the hacker did not seem interested since Jump Crypto promptly funded Wormhole with an equivalent 120,000 Ether from their own book, saying on Twitter: “Jump Crypto believes in a multichain future and that Wormhole is essential infrastructure. That’s why we replaced 120k ETH to make community members whole and support Wormhole now as it continues to develop.” The hacker has not moved the stolen Ether yet, and to cash out such an amount will be severely challenging, as the few exchanges, brokers, and OTC desks able to liquidate such an amount will freeze it instantly if it suddenly hits their Ethereum wallet, as they know the source of the funds.

The Wormhole exploit stresses the risk of decentralization

In 2021, $1.3bn was lost in decentralized application exploits, which was more than double the amount of 2020 upon an increasing value locked in decentralized applications. Hence, the Wormhole exploit is surely not the first and most critically, it is presumably not the last exploit. The latter stresses that decentralized applications are fragile and that they will likely continue to be that for years to come. This is further enhanced upon the fact that Wormhole was not developed by a teenager living in his or her parents’ basement. It was virtually developed by Jump Trading, one of the largest market makers within equities, options, futures, and cryptocurrencies. If a protocol developed by a corporation of that size can be exploited, imagine how challenging it is for a minor start-up to develop safeguarded decentralized applications. Moreover, imagine if an exploit in fact happens for a minor start-up, it is immediately game over as they cannot in this case fund the protocol with over $300mn worth in Ether in under 24 hours. This ultimately limits innovation within crypto as fewer want to risk their start-up and reputation in the space.
Source: Defi Llama

Here, decentralization enters the equation. While decentralization is the key value proposition of crypto because it empowers services normally facilitated by various intermediaries such as international transfers and decentralized trading of non-fungible tokens (NFTs), it is also a notable shortcoming of crypto. This is the case with decentralized exploits, as developers and users cannot recover funds when exploits occur, compared to a centralized system where the company behind can often reverse the transaction. This means that exploits and cyberattacks can have proportionally much worse consequences when dealing decentralized.

Does crypto learn from it?

Whenever an exploit takes place, the community often makes a u-turn and presents it as somewhat positive with the main argument being that the protocol in question alongside other protocols learn from the particular exploit to develop future-proof protocols. The learning view is likely true, however, imagine in how many ways various decentralized applications can be exploited, so to potentially develop safeguarded decentralized applications through a learning phase will not be a quick fix.

One might argue that decentralized applications will experience the same learning phase and development as e.g., crypto wallets. In the early days of Bitcoin, there were no great wallets, which meant that many Bitcoins were lost forever in the first years of its lifetime. At the time, it was likely hard to imagine that institutions would ever trust crypto companies to custody billions worth of value. This is not unimaginable anymore. Quite the contrary, it is the case today. As Søren Kierkegaard said: “Life can only be understood backwards, but it must be lived forwards”.

It is important to remember that the first decentralized applications launched in 2018, so it is somewhat of a new phenomenon. This means the industry is still quite early in its learning phase. Furthermore, over the past years, several consultancies have launched making audits in the code of decentralized applications, such as OpenZeppelin, which further enhances security. Besides doing audits, OpenZeppelin has released a framework of battle-tested smart contracts intended to be used by new decentralized applications. This effectively means that as the industry matures there will perchance be various frameworks and infrastructure to be leveraged in making applications more secure.

On the other hand, even if the industry can present a near-zero exploit risk in the future, the question is whether everyday people will trust decentralized applications with their history of exploits. Not to mention that the potential consequences of exploits are rapidly intensified upon increasing usage and value locked in decentralized applications. This may enforce tough regulation by regulators before the industry proves that it is safe to interact with.


Saxo Capital Markets (Australia) Limited prepares and distributes information/research produced within the Saxo Bank Group for informational purposes only. In addition to the disclaimer below, if any general advice is provided, such advice does not take into account your individual objectives, financial situation or needs. You should consider the appropriateness of trading any financial instrument as trading can result in losses that exceed your initial investment. Please refer to our Analysis Disclaimer, and our Financial Services Guide and Product Disclosure Statement. All legal documentation and disclaimers can be found at https://www.home.saxo/en-au/legal/.

The Saxo Bank Group entities each provide execution-only service. Access and use of Saxo News & Research and any Saxo Bank Group website are subject to (i) the Terms of Use; (ii) the full Disclaimer; and (iii) the Risk Warning in addition (where relevant) to the terms governing the use of the website of a member of the Saxo Bank Group.

Saxo News & Research is provided for informational purposes, does not contain (and should not be construed as containing) financial, investment, tax or trading advice or advice of any sort offered, recommended or endorsed by Saxo Bank Group and should not be construed as a record of our trading prices, or as an offer, incentive or solicitation for the subscription, sale or purchase in any financial instrument. No representation or warranty is given as to the accuracy or completeness of this information. All trading or investments you make must be pursuant to your own unprompted and informed self-directed decision. No Saxo Bank Group entity shall be liable for any losses that you may sustain as a result of any investment decision made in reliance on information on Saxo News & Research.

To the extent that any content is construed as investment research, such content was not intended to and has not been prepared in accordance with legal requirements designed to promote the independence of investment research and as such, would be considered as a marketing communication.

None of the information contained here constitutes an offer to purchase or sell a financial instrument, or to make any investments.Saxo Capital Markets does not take into account your personal investment objectives or financial situation and makes no representation and assumes no liability as to the accuracy or completeness of the information nor for any loss arising from any investment made in reliance of this presentation. Any opinions made are subject to change and may be personal to the author. These may not necessarily reflect the opinion of Saxo Capital Markets or its affiliates.

Please read our disclaimers:
- Full Disclaimer (https://www.home.saxo/en-au/legal/disclaimer/saxo-disclaimer)
- Analysis Disclaimer (https://www.home.saxo/en-au/legal/analysis-disclaimer/saxo-analysis-disclaimer)
- Notification on Non-Independent Investment Research (https://www.home.saxo/legal/niird/notification)

Saxo Capital Markets (Australia) Limited
Suite 1, Level 14, 9 Castlereagh St
Sydney NSW 2000

Contact Saxo

Select region


The Saxo trading platform has received numerous awards and recognition. For details of these awards and information on awards visit www.home.saxo/en-au/about-us/awards

Saxo Capital Markets (Australia) Limited ABN 32 110 128 286 AFSL 280372 (‘Saxo’ or ‘Saxo Capital Markets’) is a wholly owned subsidiary of Saxo Bank A/S, headquartered in Denmark. Please refer to our General Business Terms, Financial Services Guide, Product Disclosure Statement and Target Market Determination to consider whether acquiring or continuing to hold financial products is suitable for you, prior to opening an account and investing in a financial product.

Trading in financial instruments carries various risks, and is not suitable for all investors. Please seek expert advice, and always ensure that you fully understand these risks before trading. Saxo Capital Markets does not provide ‘personal’ financial product advice, any information available on this website is ‘general’ in nature and for informational purposes only. Saxo Capital Markets does not take into account an individual’s needs, objectives or financial situation. The Target Market Determination should assist you in determining whether any of the products or services we offer are likely to be consistent with your objectives, financial situation and needs.

Apple, iPad and iPhone are trademarks of Apple Inc., registered in the US and other countries. AppStore is a service mark of Apple Inc.

The information or the products and services referred to on this website may be accessed worldwide, however is only intended for distribution to and use by recipients located in countries where such use does not constitute a violation of applicable legislation or regulations. Products and Services offered on this website is not intended for residents of the United States and Japan.

Please click here to view our full disclaimer.