Litecoin creator Charlie Lee said an attack on a DeFi platform demonstrates DeFi is centralized and complicated, the ‘worst of both worlds’.
The value of funds locked in Decentralized Finance has just topped $1 billion but that hasn’t given Litecoin creator Charlie Lee any more confidence in the concept.
He took to Twitter this morning to express his reservations in response to the fall out from the attack on the bZx Fulcrum protocol during ETH Denver.
In that instance the attacker was able to exploit the complexity of various DeFi protocols and pricing oracles to trick bzX into giving up $350,000.
Perhaps more damaging for bZx was the fact it used an ‘admin key’ to access $600,000 of wrapped BTC the attacker had left on the exchange.
The very existence of an ‘admin key’ highlights a centralized point of failure for a protocol that claims to be ‘decentralized’.
“This is why I don’t believe in DeFi,” Lee said. “It’s the worst of both worlds.
“Most DeFi can be shut down by a centralized party, so it’s just decentralization theatre. And yet no one can undo a hack or exploit unless we add more centralization.
So how is this better than what we have now?”
This is why I don't believe in DeFi. It's the worst of both worlds. Most DeFi can be shut down by a centralized party, so it's just decentralization theatre. And yet no one can undo a hack or exploit unless we add more centralization.
So how is this better than what we have now? https://t.co/F1HMSeqb6q
— Charlie Lee Ⓜ️🕸️ (@SatoshiLite) February 16, 2020
It’s going to get better
Other Twitter users made the point that DeFi is relatively new and will become progressively more decentralized over time.
“DeFi is a spectrum with many dApps decentralizing over time,” wrote @chainlinkgod in response. “But there’s also dApps like Uniswap where there’s no admin keys, no Oracles, no central point of failure, no way to shut down
“Dismissing all of DeFi because of this is like dismissing the internet because of email spam.”
But Lee said he doubted DeFi would ever work in practice as its complexity resulted in exploit opportunities.
“I don’t think it will work in practice. Truly decentralized finance, that is. Complexity will always lead to bugs and exploits. And it will always be semi centralized.”
He added “I didn’t say people shouldn’t try to do DeFi. I just don’t believe it will revolutionize finance.
It’s going to get worse before it gets better
Kain Warwick, from Australian DeFi project Synthetix knows all about how hard it is to secure DeFi platforms against front runners and bad actors.
The project was forced to step in last June to zero out the balance of a front running bot owner who’d amassed a billion dollars of Synthetic Ether.
The bot owner later complained on Reddit: “Kaine and the team decided they didn’t want to pretend they had a decentralized system any more and deleted my balance.”
Warwick said there was no ‘risk free yeild’ in DeFi and predicted attacks would increase.
“This is going to get worse before it gets better … The DeFi attack surface is very large right now…
“The solution space for exploits in DeFi is vast and unexplored. Something we have seen with Synthetix is each attack emboldens new attackers, it’s an arms race and it’s tough to win given the adversarial nature of the space.
“Preventing these attacks without resorting to a legal system is f—ing hard. But that is where the opportunities lies. If we can pull it off we unlock orders of magnitude more efficiency.”
This is going to get worse before it gets better. Synthetix + Uniswap have been the target of choice for oracle manipulators and frontrunners for a while. As @synthetix_io is hardened people will look for other opportunities. The DeFi attack surface is very large right now… https://t.co/uIzpHKF2PB
— kain.eth (@kaiynne) February 15, 2020