Let's talk about the risks associated with the decentralization of cryptocurrencies

Decentralization is critical to the value of cryptocurrencies. It means increasing trust and using services without intermediaries. Nothing comes for free, however, as decentralization comes with serious risks, highlighted last week by a $ 320m Wormhole hack. This can reduce confidence in decentralized applications and contribute to further regulation.

In August Certus One, owned by the leading market maker Jump Crypto, a subsidiary of Jump Trading, launched Wormhole, an interoperability protocol that allows users to transfer tokens and use applications in various cryptocurrencies, such as Ethereum, Solana or terra. This application is also known as a bridge. The most popular of them - under the name of Wormhole - is the bridge from ethereum to saline. This bridge was targeted by hackers last week, which has turned into one of the biggest attacks on a decentralized financial protocol in the cryptocurrency market.

Robbery of a Wormhole for the amount of 120 ethers

On Wednesday, a hacker managed to rob the Wormhole Bridge between Ethereum and Saline for 120 ethers, which was then the equivalent of about $ 000 million. In short, the hacker was able to trick the protocol into making it look like the person had deposited ether in the contract to spend the equivalent in wETH, which is a tokenized ether on Solana's network secured with real ether via Wormhole. With wETH on Solana's network, the hacker returned to Wormhole to redeem most of the funds for real ether at Ethereum networks. The problem was that since the hacker's wETH were not secured, ether was securing the remaining wETHs. The hacker swapped the remaining wETH for other assets on the decentralized exchanges on the Solana network to quickly get rid of the insufficiently secured wETH.

The Wormhole platform quickly offered the hacker a $ 10 million bounty for detecting a bug on the condition that it refunds the money. The hacker didn't seem interested, however, as Jump Crypto was quick to fund Wormhole with the equivalent of 120 Ethers from its own resources, reporting on Twitter: "Jump Crypto believes the future lies in multi-chain systems and that Wormhole provides the necessary infrastructure. That is why we exchanged 120 thousand. ETH to make up for the losses of our community members and ensure their support for the further development of Wormhole". The hacker has yet to transfer the stolen ethers, and cashing in such an amount will be a major challenge, as the few exchanges, brokers or OTC platforms capable of liquidating such an amount will freeze it immediately as soon as it reaches their ethereum wallet, as they know the source of the funds.

The attack on the Wormhole highlights the risk of decentralization

In 2021, $ 1,3 billion of funds were lost from attacks on decentralized applications, more than double the amount in 2020, with an increase in the value locked in decentralized applications. As a result, hacking a Wormhole is certainly not the first and last such attack. This has proved the vulnerability of decentralized applications both now and possibly in the years to come.

In addition, it should be emphasized that the Wormhole platform was not developed by a teenager living in the basement of his parents. It was created by Jump Trading, one of the largest market makers in the field of stocks, options, futures and cryptocurrencies. If a protocol developed by a corporation of this size can be the target of such a successful attack, you can imagine the challenge of developing secure decentralized applications for a small start-up. Moreover, in a situation where such an attack actually affects a smaller startup, it will mean the immediate "end of the game", because in this case funding the protocol for the equivalent of more than USD 300 million in ether in less than 24 hours will not be possible. This will ultimately limit innovation in the cryptocurrency area as fewer people will be willing to risk their startup and reputation in this market.

And here we come to the issue of decentralization. While decentralization is key to the value of cryptocurrencies, allowing the use of services usually offered by various intermediaries, such as international transfers or decentralized trading in non-exchangeable tokens (NFT), it is also a noticeable weakness in the cryptocurrency market. This is evident in the case of decentralized hacking attacks as authors and users are unable to recover stolen funds, unlike a centralized system where the company in question is often able to reverse a transaction. This means that fraud and cyber attacks can have proportionately much worse consequences in the case of decentralized systems.

Will the cryptocurrency market draw the right conclusions?

After each attack, the community often tries to present it as positive, arguing that the protocol learns from the attack with others in order to develop resistant protocols in the future. While the learning argument is true, it is imaginable in many ways that different decentralized applications can be abused, so potentially developing secure decentralized applications through the learning phase is not a quick fix.

It could be argued that decentralized applications will undergo the same learning and development phase as cryptocurrency wallets, for example. In the early days of bitcoin, good wallets did not exist, which meant that many bitcoins were irretrievably lost in the early years of its existence. Back then, it was hard to imagine that institutions would ever be able to trust cryptocurrency companies to hold billions of currencies. It is no longer unimaginable today. On the contrary, it is already happening. To quote Søren Kierkegaard: "Life can only be understood by looking back at it. But one must live on".

It should be remembered that the first decentralized applications started in 2018, so this is, in a sense, a new phenomenon. This means that this industry is still in an early learning phase. In addition, a series of code audits of decentralized applications such as OpenZeppelin have started in recent years, further improving security. In addition to carrying out audits, OpenZeppelin has published a framework of proven smart contracts to be used by new decentralized applications. This means that as the industry matures, different frameworks and infrastructure may be developed that can be used to improve application security.

On the other hand, even if the industry in the future can guarantee near-zero risk of attacks, the question remains as to whether ordinary people will trust decentralized applications given their history. In addition, the potential ramifications of attacks grow rapidly with increasing usage and value locked in decentralized applications. This could lead to strict regulations being imposed by regulators before the industry can prove that its applications are safe to use.

More cryptocurrency market analysis is available here.

About the author

Mads Eberhardt, Cryptocurrency Market Analyst, Sax Banks. Cryptocurrency Market Analyst at Saxo Bank. He gained experience as a trader at Bitcoin Suisse AG and founder http://BetterCoins.dk (website taken over by Coinify).