What a reverse-theft of $140 million teaches about the myth of blockchain decentralization
What a reverse-theft of $140 million teaches about the myth of blockchain decentralization
Jump Capital stole back the money a hacker robbed last year. Though good news, the heist once more exposes the radical crypto-narrative of decentralization to be a pipe dream.
For more than a decade a deep ideological rift has divided two groups on blockchain technology. The groups could be no more different by default, but their views on the new tech also represent two irreconcilable visions about the future of finance. In one corner stands the crypto-crowd who sees in the blockchain a long-awaited revolution that will rid the world of centralized and trusted institutions. In the other corner of the ring you have exactly those institutions – banks, corporations, and governments – that have been driving centralized blockchains and hail them as a tool to truly digitalize their core business. They see the dawn of a new era in finance and business too, but one that will be built and run by the most powerful gatekeepers.
In their view blockchains will be underpinning the potency of this system, whereas crypto-believers refuse even to use the term “blockchain” but refer to centralized blockchains as “distributed ledgers” or more derogatively as “expensive databases.”
Most crypto-enthusiasts subscribe to the creed that “code is law.” Neither businesses nor governments should be allowed or capable to tamper with whatever is written in the code. It means that even if an attacker steals money – for example because your code was bug-ridden and was exploited – there should be no means of reversing this action. There should be no higher authority than the code itself that can decide what is a legitimate claim and what not.
This extreme stance has led to the splitting of the Ethereum chain in 2016, when attackers exploited a vulnerability in the first DAO and stole 3,6 million ETH. One group (today the ETH-version) opted for reversing the action and another (today ETC) decided to carry on with the untampered version. With the Jump Capital case we are having a deja-vu, at least in terms of the debate about whether to allow centralized influence.
How Jump Capital got back its money
So, what exactly happened? You can read all the details in this extensive report by Molly White, but to cut a long story short, the venture capital firm Jump was the target of a hacker who moved 120,000 ETH by exploiting a vulnerability in a software called Wormhole Bridge. The stolen assets were then moved through a number of DeFi protocols. Thanks to the transparent nature of blockchain, Jump Capital was able to trace the funds to a DeFi wallet provider called Oasis.
The point is that Oasis assisted Jump Capital in retrieving the assets. How? By exploiting a backdoor in the setup – or an unknown vulnerability as the euphemism goes. Whether the vulnerability was designed on purpose or just an imperfection is one thing the crypto-world speculates about. Whether Oasis knew about it beforehand and let it persist is another.
If a crypto-firm knowingly keeps backdoors in its smart contracts there is another serious discussion to be had, but let us give Oasis the benefit of the doubt and believe its claim that it only found out about the vulnerability when it was approached by a whitehat hacker group. Even in this case we have a centralized corporation actively helping another one to circumvent the “code is law” maxim. It was the morally right thing to do. Jump had reportedly even obtained a court order from the High Court of England and Wales to retrieve the assets, so it was also the legally right thing to do. But the mere fact that the reverse-hack could happen undermines the absolute decentralization narrative.
Awaking from the pipe dream
The deeper you look at the case the more holes appear in the decentralization narrative. Just look at the smart contracts Oasis uses for its automation tools. The idea of smart contracts is so appealing because no one can alter the rules which are executed by a smart contract. If an insurance company signs a smart contract with me, it cannot block the transfer of funds once I submit a valid insurance claim. Though the practical implementation of such a scenario might be tricky, the value proposition for deploying smart contracts is clear.
Nowadays, however, Oasis and many other crypto projects use so-called upgradeable smart contracts. Whatever was immutable in a classic smart contract becomes mutable. Of course, this makes sense, because even the most die-hard crypto purists are realizing that writing perfect code is a dream at best. There will always be bugs and mistakes that have to be remedied. Migrating everything to new contracts is a nightmare.
In short, this means that you still have to trust people and by that also centralized entities, whether it is banks, corporations, or courts. Smart contract code cannot be law. In my upcoming new book I have an entire chapter dedicated to this “decentralization delusion” as understanding the need for a trusted entity is the basis for understanding the future of finance.
Hacks and protocol glitches are those events that put the magnifying glass on decentralization problems, but they are only the peak of the iceberg. Who is developing and improving the protocol? Who is having an outsized impact when the network votes on the truth? How is commercial centralization eliminating technological decentralization? Everywhere you look centralization tendencies abound – whether it is on the level of miners, stakers, wallets, exchanges, or smart contract providers.
So what does it mean for the future of the money business?
This is not to say that DeFi is a fad. Decentralized protocols and organizations will find their place in tomorrow’s world of banking and business. But definitively not in their purist form. And they will definitively not make banks obsolete.
Banks will deploy centralized blockchains to massively bring down costs and processing times for areas such as clearance, settlement, or compliance. They will use it to add new capabilities in lending or asset management. Central banks will push forward the digitalization of economies by deploying central bank digital currencies (CBDCs). And Big Tech challengers have found in the blockchain a tool to challenge banks in a way that crypto always dreamt about.