Decentralized finance (DeFi) protocols are stepping in to freeze stolen funds, while centralized issuers face criticism for holding back.
AND recent intervention in the Arbitrum case experienced asset freezes associated with the attacker following a major exploit, while some stablecoin issuers, including Circle, met with a edged reaction from the public opinion for slower or more narrow reactions in similar situations.
Connor Howe, CEO and co-founder of cross-chain infrastructure project Enso, said cryptographic protocols are not much different from centralized platforms or banks if a compact group of people can freeze funds.
“The gap between a bank compliance officer is smaller than DeFi idealists will ever admit,” Howe told Cointelegraph.
The debate is not simply one between decentralization and centralization, but a question of who can intervene and how quickly they can act. In practice, it can determine whether stolen funds were retained or slipped through.
Cryptocurrency community divided over Arbitrum’s decision to freeze stolen funds. Source: Yo Hall
The limits of decentralization in DeFi
Put simply, the industry is divided over whether protocols that call themselves decentralized should be able to freeze funds during exploits.
Protocols like THORChain state that by design they cannot freeze funds, even during exploits. Security researchers have disputed this claim, pointing to past cases where intervention has occurred.
Defending the founder of THORChain to the security community. Source: JP Thorbjornsen
Related: Crypto projects shut down as token models fail under pressure
Bernardo Bilotta, CEO of stablecoin infrastructure platform Stables, said the feature is necessary but must operate within clear constraints.
“Freezing capabilities must be narrow in scope, time-bound, and subject to transparent criteria that existed before the breach occurred,” Bilotta told Cointelegraph. “Protocol shouldn’t make rules when the house is on fire.”
Bilotta characterized the choice of “philosophical purity” over user protection as “negligence.”
The last $293 million Kelp DAO exploit brought these discussions back into the spotlight when Arbitrum froze some of the stolen funds linked to suspected North Korean hackers. Some in the industry say the decision to cut is in the grain of DeFi.
The Layer 2 Ethereum network has a 12-person security council with the ability to make certain changes to the protocol. In emergency situations, it can do this via nine of its 12 multisig wallets.
The members of the Arbitrum Security Council are elected by a decentralized autonomous network organization. Source: Decision
Howe said transparency in the operation of such safety boards could continue to separate DeFi platforms from conventional finance or their centralized counterparts.
“This is significantly different from the TradFi institution, which invokes discretionary powers hidden in its terms of service and protected by its legal team,” Howe said.
“Any protocol should provide transparency about who holds the keys and put in place safeguards to prevent fraud. If there is no clear distinction, it is a vague claim of decentralization.”
Centralized issuers face various constraints
Centralized stablecoins are among the most traded cryptocurrencies in the world. The largest ones include Tether USDt and Circle USDC, whose total market capitalization is over $266 billion.
Both issuers have the option to freeze their stablecoins, but they approach it differently.
During Tether freezes funds faster For most security breaches, Circle emphasizes legal process and jurisdiction before intervening.
“Let me clarify something that is often misunderstood: when Circle freezes USDC, it is not because we have unilaterally or arbitrarily decided that someone’s assets should be taken,” Dante Disparte, the company’s head of global policy, he wrote in a recent blog post.
“Our ability to freeze funds is based on a compliance obligation – exercised only if we are legally obliged to do so by the appropriate authority through a lawful process,” he continued.
Circle was forced to clarify its position following the recent $280 million exploit of the Solana-based Drift protocol, also attributed to North Korea.
Circle’s explanation did not go down well with security experts demanding answers. Source: ZachXBT
Related: Ethereum’s WSE may drag other blockchains into its orbit
Bilotta said waiting for formal legal orders in cases where there is clear evidence of an exploit is “irresponsible.”
Who decides what counts as “extreme”
Large-scale exploits, including those linked to North Korean entities, have pushed the industry into what most would consider extreme situations, where hundreds of millions of dollars can be siphoned and laundered in real time.
In such cases, the question arises of who defines what qualifies as “extreme” and when intervention is warranted.
“This is the question the industry has been avoiding for the longest time,” said Wish Wu, CEO of institution-focused Tier 1 Pharos.
“In practice, the word ‘extreme’ is too often defined after the fact by whoever holds the keys, which is exactly what the decentralization of emergency mode was intended to avoid,” he added.
Wu said a more credible approach is to define these terms in advance and code them into management, even if that means accepting that some edge cases fall outside these rules.
“Can a small, identifiable group transfer users’ funds before users have a real chance to exit?” Wu asked.
“If the answer is yes, then no matter what the marketing says, the system is actually caring. If the answer is no, only then do we have an honest conversation about what management and security trade-offs make sense for different use cases.”
Below this line, decentralization loses its substantive meaning, he added.
Warehouse: AI-powered hacks could kill DeFi – unless projects start acting now
