DeFi has a lose-lose problem with freezing stolen funds
Decentralized finance (DeFi) protocols are stepping in to block stolen funds, while centralized providers face criticism for holding back.
A Recent intervention on the Arbitrum Attacker-related assets have seen a freeze after a major exploit, some stable coin issuers, Circle, They faced public opposition. Slower or more limited responses to similar situations.
According to Conor Howe, CEO and co-founder of cross-chain infrastructure project Enso, cryptocurrency protocols are not that different from centralized platforms or banks if a few people can block funds.
“The difference from a bank compliance officer is less than DeFi ideas can ever receive,” Howe told Cointelegraph.
The debate is not the usual kerfuffle between decentralization and centralization, but over who should intervene and how quickly they can act. In practice, stolen funds can determine whether they stand or slide.
The Crypto community is divided over Arbitrage's decision to block looted funds. Source: Joe Hall
Limitations of Decentralization in DeFi
To put it simply, the industry is divided over whether self-proclaimed decentralized protocols can block funds during exploitation.
Protocols like THORChain cannot block funds by design, even during exploits. Security researchers have asked that question, pointing to past cases in which they have intervened.
THORChain founder's engagement with the security community. Source: JP Thorbjornsen
Related: Crypto projects are shut down when token models collapse under pressure.
According to Bernardo Bilotta, CEO of stablecoin infrastructure platform Stables, the function is important but must work within clear limits.
“Cooling capabilities should be narrow, time-bound and guided by clear criteria that existed before the breach occurred,” Bilotta told Cointelegraph. Protocol should not set the rules while the house is on fire.
Bilotta described his preference for “philosophical purity” as “indifference” over consumer protection.
of Recent $293 million Kelp DAO Arbitrum's use of blocking some stolen funds linked to suspected North Korean hackers has brought those discussions into focus. Some in the industry said the decision cut across the grain of Defy.
The Ethereum layer-2 network has a 12-member security council with the ability to make certain changes to the protocol. In emergencies, it can make it through nine of the 12 in a multi-sig wallet.
Members of the Arbitrum Security Council are voted by the network's decentralized autonomous organization. Source: Decision
Howe said the transparency of how such security councils work could still differentiate DeFi platforms from their traditional financial or centralized counterparts.
“This is particularly different from the TradFi facility, which is buried in their terms of service and protected by their legal team,” he said.
“There needs to be transparency in every protocol that holds the keys and the safeguards that prevent them from going to criminals. Without a clear distinction, decentralization is a question of lack of transparency.”
Centralized issuers face various limitations.
Centralized stablecoins are among the most traded cryptocurrencies in the world. Tether's USDt and Circle's USDC are the largest, with a combined market capitalization of over $266 billion.
Both issuers have the ability to freeze their stable coins, but they approach it differently.
While Tether It stops money more quickly In most security breaches, the Circle emphasizes due process and jurisdiction before intervening.
“Let me be clear about one thing that has been said repeatedly: When Circle USDC freezes, it's not because we unilaterally or arbitrarily decided to take someone's assets away from them,” said Dante Departe, the company's head of global policy. He wrote In a recent blog post.
“Our ability to freeze funds is an obligation to comply – only when we are legally compelled to do so by the appropriate authority through legal process,” he continued.
Circle has been pushed to justify its position after the recent exploit of its $280 million Solana-based Drift Protocol, which was also awarded to North Korea.
Circle's explanation didn't cut it for security experts looking for answers. Source: ZachXBT
Related: Ethereum's EEZ can pull other blockchains into orbit.
Bilotta said it was a “failure of responsibility” to wait for formal legal orders in cases where there was clear evidence of exploitation.
Who decides as “extreme”.
Large-scale exploits, including those linked to North Korean actors, have put the industry in dire straits, where hundreds of millions can be drained and washed away in real time.
Such cases raise the question of who defines what is called “extreme” and when intervention is justified.
“This is the question that has been plaguing the industry for the longest time,” said Wish Wu, CEO of institutional-focused Layer-1 Pharos.
“In practice, the term ‘extreme' is defined by whoever holds the keys after the fact, which is exactly what crash mode decentralization was meant to do,” he added.
A more credible approach, says Wu, is to define those conditions in advance and subject them to management, even if it means accepting that some edge cases fall outside those rules.
“Could a small detection group move users' funds before users have a fair chance to withdraw?” Wu asked.
“If the answer is yes, then regardless of the transaction system, the system is inherently a custodian. If the answer is no, then we're just having a conversation about which management and security trade-offs make sense for different use cases.”
Below this line, decentralization loses its real meaning, he added.
Magazine: AI-driven hacks could kill DeFi – unless projects act now
