When the well-known crypto industry lawyer Preston Byrne found his Twitter profile had been used to create one of some 20,000 profiles prepopulating a new decentralized social media app, he sent a cease-and-desist note via Twitter to the project’s lead developer.
A day later, his profile had been removed.
“How did that happen if it’s a decentralized system, I wonder?” Byrne, a partner at Brown Rudnick, tweeted.
https://twitter.com/prestonjbyrne/status/1373835451354775552?s=20&t=7lKJNNUxApgQqgseGgmcmg
“‘Decentralization theater’ is something that crops up in my inbox on an almost daily basis,” Byrne wrote about the incident in a CoinDesk column last March, defining it as a project in which some but not all parts are truly decentralized — that is, run by a decentralized autonomous organization (DAO) that is managed solely by smart contracts controlled by a vote of holders of “governance tokens.”
See also: DeFi Series: Unpacking DeFi and DAO
“The principal reason why an entrepreneur might decentralize most, but not all, of the things, is obvious,” Byrne wrote. “Although calling a product ‘decentralized’ is edgy and in vogue, writing software is a messy business that is never truly complete. Writing software on a blockchain is an especially messy business that is very difficult to fix.”
God Mode
That reality about creating and coding a decentralized finance, or DeFi, project is why many if not most DeFi projects have, at least for a while, administrators with “god-mode” access keys.
A month after Byrne’s tweets, another DeFi project, EasyFi, was hacked for $66 million after a “targeted attack on the founder’s machine [and metamask digital wallet] to access admin keys and execute the well-planned hack,” project founder Ankitt Gaur admitted on Twitter.
While that was criticized as a failure to spread out admin control among a group, with multiple keys needed for access, it was not unique.
After cross-chain payments bridge Poly Network was hacked for $610 million in August 2021, its developers posted a $500,000 reward for the return of the funds and promised that charges would not be filed. While the surprising thing was that it worked — the attacker claimed to be a “white hat” proving a point — the point is that there was a centralized controller able to do so.
Read more: Poly Network Hacker Returns $610M In Stolen Crypto
Several years before it was sanctioned by the Office of Foreign Assets Control (OFAC), the founders of the Tornado Cash mixing service the government alleged was used to launder North Korean hackers’ stolen crypto did something that rated an article on a leading crypto news site, CoinDesk.
The project’s founders held a “trusted setup ceremony,” with 1,114 contributors destroying the key codes that gave them access to and control of the multi-signature wallet holding users’ funds. It turned the project into a truly decentralized one, founder Roman Semenov said in January.
See more: Tornado Cash Arrest Signals Gathering AML Storm for DeFi Developers
“There is not much we can do in terms of helping investigations because the team doesn’t have much control over the protocol,” he said at the time. “The Tornado Cash team mostly does research and publishes the code to GitHub. All the deployments, protocol changes and important decisions are made by the community via Tornado Governance DAO and deployment ceremonies,” when the code changes go live on the DAO.
Tornado Cash was “specifically designed this way to be unstoppable,” he said.
But given cryptocurrency mixers’ unpopularity with law enforcement, Tornado Cash developers and founders had reason to drop control expeditiously.
An Illusion
None of this has escaped the notice of regulators. Even when a DeFi project’s creators have relinquished their god-mode encryption keys, there’s often de facto control via mechanisms like possession of a large percentage of the governance tokens that control DAO voting.
DeFi is “a bit of a misnomer,” Securities and Exchange Commission Chairman Gary Gensler told The Wall Street Journal in August. ”These platforms facilitate something that might be decentralized in some aspects but highly centralized in other aspects. There’s still a core group of folks that are not only writing the software, like the open source software, but they often have governance and fees.”
That’s an opinion shared by the Bank for International Settlements head of financial markets, Andreas Schrimpf, who said last December that “although DeFi’s main vision is to be decentralized, providing financial services without intermediaries, full decentralization in DeFi is illusory.”
For all PYMNTS Crypto coverage, subscribe to the daily Crypto Newsletter.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More