Butterfly effect: How does exchange hacking lead to the centralization and censorship of decentralized projects?
In late September 2020, the KuCoin exchange was hacked, amounting to more than $250 million. Although cryptocurrencies should be decentralized, many affected projects have begun to freeze or recover stolen funds. Therefore, some people believe that cryptocurrencies are more concentrated than they seem.
On September 26, 2020, KuCoin announced in a blog post that they detected someone withdrawing money from its hot wallet. The hacking caused a loss of US$281 million in many different cryptocurrencies, including Bitcoin, Ethereum, XRP and a large number of ERC20 tokens. Despite the heavy losses, KuCoin responded quickly and promised users that they would repay their funds through the insurance fund. They also cooperated with other exchanges such as Binance, Huobi, and Crypto.com to blacklist all addresses related to hackers, so hackers will not be able to trade any stolen cryptocurrencies. Subsequently, on October 3, KuCoin CEO Johnny Lyu announced that the authorities had found a suspected hacker. The investigation is still ongoing, but KuCoin seems to have successfully prevented hackers from sabotaging their exchanges, which is very common in the cryptocurrency field.
Even if users will get their funds back, and it seems that hackers have been found, their actions have already caused an irreversible impact on the cryptocurrency field. For example, exchanges that blacklisted addresses related to hackers have spread this concern that they are centralizing and establishing censorship. These concerns about censorship have led many users to use decentralized transactions as an alternative. In fact, hackers use the decentralized exchanges Uniswap and Kyber to launder money in complex ways to get rid of the control of the authorities. Since these exchanges are decentralized and do not require any authentication requirements, anyone can use them for any purpose, including washing away ill-gotten gains.
Although some privacy advocates may believe that hackers’ actions prove that decentralized exchanges pay more attention to privacy than centralized exchanges, many people are concerned about the lack of regulation and the public’s perception of these exchanges. Just like in the early 2010s, due to the proliferation of websites such as Silk Road, Bitcoin was classified as a “currency for buying drugs.” People will start to look at decentralized exchanges in a similar way, like the “Wild West” of cryptocurrency trading, where there is no regulation. No one knows what actions the regulator may take, but any form of regulation is not good for decentralized exchanges, and all these transactions may be required to be completely closed. Such actions will completely destroy the budding DeFi movement and change the public’s view of decentralized exchanges in the next few years.
This highlights the complex relationship between CeFi and DeFi exchanges. In this case, CeFi seems to be more strictly regulated. It has an insurance function to ensure that only verified users can trade cryptocurrencies and become part of this global financial movement. On the other hand, DeFi looks like an anarchic area that is unregulated and unsupervised, where anyone (including hackers and terrorists) can launder money without any consequences. However, things are not that simple: CeFi is now also weak and easily hacked. No one wants to put their money in a place where it is easy to be stolen. This hacking attack broke the trust of many users, who kept their funds in exchange wallets. Decentralized finance seems to be the ideal choice to keep funds in the hands of the owner, and the only risk is that the wallet owner leaks his private key. Depending on the individual and their comfort with cryptocurrency, the hackers either consolidated their position that CeFi is the right place to store funds, or encouraged them to use DeFi only in the future.
The most controversial and concentrated measure taken by the affected cryptocurrency projects is to freeze or reissue their currencies. Tether is an example. It froze $22 million in EOS and Ethereum wallets used by hackers. Tether is essentially centralized because they store all pegged U.S. dollars in a bank, requiring users to trust them to back up their funds in a 1:1 ratio. However, this behavior will cause people to worry about what other reasons Tether will use to censor users’ transactions. Other projects, such as NOIA Network, Orion and Silent Notary, have created brand new ERC20 tokens and issued these tokens in the block before the hack. This behavior of decentralized projects confuses many people. If these projects have the ability to reissue and review that their tokens are not being used, it is difficult to explain the decentralization of these projects. The lack of censorship is one of the key features of decentralized currencies. Without censorship, the entire network will be in the hands of a few people (developers). Other projects that did not conduct token transactions have frozen the affected tokens and plan to reissue new tokens. This is a very centralized and controversial solution.
If any project can simply reissue funds at any time, what is the value proposition of these currencies? Many people will not buy the company’s stock if they know that a company can invalidate its stock at any time for any reason. These projects did not even hold a community vote to decide the fate of their network, but committed to their actions without any responsibility. Even if the hacking is not their fault, all responsibility should be attributed to KuCoin, but many people believe that the irreversibility and immutability of cryptocurrency are no exception. The incident set a precedent that these cryptocurrencies can be controlled by a few people, which will undoubtedly arouse the attention of regulators everywhere.
Many affected projects are still under development. Without control, they will not be able to continue to develop their projects and will have to rely on time-consuming and complex community governance decisions, which will stifle innovation. In addition, many of these projects have a very small market value (at the time of the hack, Silent Notary had a market value of $100,000 and Orion had a market value of $19 million), and any large transactions would significantly affect their prices. If hackers were able to sell their tokens, that would cause the price to fall drastically, and these projects may never recover. We cannot expect these projects to achieve all their goals in the early stages of their development. Uniswap is a good example, it has delivered its project and achieved decentralization. First, they created a world-class decentralized exchange, but allowed them to have full control over governance to ensure that any unexpected failures or errors can be handled appropriately so that any new features can be easily added. They then released their governance token UNI to platform users and allowed the community to control the future of the project.
Another consideration that these projects must consider is the ethics of their behavior. They know that hackers maliciously steal user funds. If they can stop it, will they stand by and let them get away with it? It can be said that these decisions should not be made by project developers, because they created a project with the purpose of not supervising user transactions, but found themselves in supervision. However, when their project is successful, they will do their best to ensure that the developer’s funds and tokens do not become worthless.
Although this seems unprecedented, Ethereum also experienced similar controversies in 2016 after the DAO was hacked. The hacker attack exploited a vulnerability found in a smart contract worth 150 million US dollars.
Due to the vulnerability, the hacker was able to crack the smart contract and use up all funds. Investors panic and the future of Ethereum is uncertain. If hackers decide to sell their stolen ETH, it will depress the price of Ethereum, and it will be difficult for the Ethereum Foundation to continue to fund the development process.
The founders of Ethereum (including Vitalik Buterin) proposed a hard fork to return all funds to users as if the hacker never happened and the smart contract did not exist. This is a highly controversial decision, because many people believe that blockchain is immutable. Despite this, Ethereum still followed their decision, which is likely to save the project. Even if most people support the decision of Ethereum, a few people continue to support the original blockchain, Ethereum Classic. Vitalik still believes this is the right approach, as he said:
“When a large part of the ecosystem is threatened, it is worth reconsidering…part of the community did not download these patches and did not implement a fork, they just said that we will continue to run our own old chain.”
In fact, this is happening now in Ethereum Classic, because its blockchain is at a standstill due to frequent 51% attacks. Due to some centralized actions taken by the main development team, Ethereum has become stronger, more decentralized, and eligible for the title of “World Computer”.
For this reason alone, centralized action can be taken in many projects. Even if it looks bad for the project, it saves many projects from becoming useless blockchains and is expected to become the mainstream in the cryptocurrency field someday.
In order to prevent another hacking attack and dispute, users, exchanges and cryptocurrency projects need to work together to protect their platforms. All users should strongly consider purchasing a hardware wallet to store most of their funds, as this is the safest place to store any amount of cryptocurrency. Exchanges need to implement stricter security standards and purchase larger insurance plans to mitigate potential risks and losses. Finally, cryptocurrency projects should consider creating a governance system to vote on the future of the platform. Through these changes, cryptocurrencies can take a step toward greater decentralization and democratization.
