| The $320 million hack of the Jump Crypto-backed decentralized finance bridging platform Wormhole last February was one of the earliest of this bear market's many disruptions, and it remains one of DeFi's biggest. Twelve months on, with the crypto winter as cold as ever, Wormhole's supporters appear to have gotten back some of what was lost — but at the expense of the industry's decentralized dreams. As a refresher, a flaw in the code underlying the Wormhole bridge — which allows for crypto trading between different blockchains — enabled a hacker to drain the platform of around 120,000 wrapped Ether. Jump stepped in to foot the bill for the missing tokens in its entirety, and since then the attacker has steadily spread the stolen coins around on various DeFi protocols. Fast forward to last Friday, when DeFi lending app Oasis said that it had complied with a court order to use a previously undiscovered back door in its code. Unlike the Wormhole vulnerability, this flaw allowed an admin address with multiple overseers, known as a multisig, to act on a third party's behalf and reclaim assets that the attacker had invested on Oasis's platform, worth around $225 million according to Blockworks Research. In a normal world, this would be considered good news. The hacker has been deprived of the money they stole, and its original owners have gotten their funds back — even if at a lower value due to declining prices since the theft. But crypto acolytes weren't so convinced, and immediately, the big question was raised: Isn't DeFi, the world where code rules all and courts or CEOs can't force networks to do their bidding, supposed to be immune from — or at least resistant to — this sort of human intervention? "In crypto, it's sort of accepted that people take on the risk of irreversible hacks and theft in the pursuit of trustlessness and censorship-resistance," said Molly White, a crypto researcher and critic. "But now we see that when it comes to projects like Oasis, most users are up a creek if their assets are stolen, but entities that are wealthy and powerful enough to coerce the multisig (in this case via a court), play under a different set of rules entirely." MakerDAO, one of DeFi's biggest organizations and the former overseer of Oasis, is a clear example of a similar decentralization dilemma. Despite a complex structure involving multiple teams and hundreds of members, the DAO has largely grown to its current size under the guiding hand of a single person: Rune Christensen, its co-founder and de facto leader. When asked last week if members are supposed to simply trust that Christensen has fully thought out a new complicated proposal to make the DAO more, well, DAO-like, Christensen was blunt. "Considering that I have been single handedly protecting the system for almost its entire existence you do seem to have quite a lot of trust in me," he replied to a skeptic on the group's Discord server. Ultimately, the situations at both MakerDAO and Oasis show just how far DeFi is from true decentralization. In part that's by design: Blockchains controlled by multisig addresses are safer than unstoppable code, and crypto loves a charismatic leader. It's up to investors to decide whether that status quo might be preferable to the DeFi ideal — at least while they await the next thaw. | 
No comments:
Post a Comment