September 21, 2023

Threats of cryptocurrency decentralization. Part II. Development, storage and trade

Article reading time:
12 min.

Threats of cryptocurrency decentralization. Part II. Development, storage and trade

This is the second part of an overview article on centralizationcryptocurrency projects and it is devoted to indirect methods of control. Hidden influence does not disrupt the operation of the blockchain, but also leads to risks for the entire ecosystem.

Everyone who works withcryptocurrencies. However, the threat of centralization can manifest itself not only in direct attacks on the underlying level of the blockchain. Such dumb tricks are suitable only in the most extreme situations, when the attacker seeks not only to earn money, but to disrupt the system.

Brute-force attacks are hard to pull offonce on one blockchain, and they lead to a drop in the value of the underlying asset. More subtle implicit methods allow you to establish and maintain, albeit less complete, but at the same time hidden control. This makes it possible to reduce the cost of acquiring influence and the associated risks.

The most important advantage of covert control is that itdoes not interfere with other users and can go unnoticed for a long time. This means that the beneficiaries of such centralization can skim the cream for a long time, even if they are caught by overly curious researchers.

Development centralization

Some cryptocurrencies are developing commercialcompanies, others are supported by ostensibly non-profit organizations, the development of others is considered decentralized, that is, it is conducted publicly through a repository on GitHub. It would seem that these are different approaches: the first and the last differ very significantly. However, in all three cases there is also a single point of failure - a person or group with the right to build and publish the final version of the product in the "official repository".

We will not touch the legal side of ownershipdevelopments, as it is more transparent. Commercial projects usually keep the rights to the product, while open-source projects operate under free licenses that allow unrestricted use and modification of the code. In more than ten years of active development of cryptocurrency projects, legal disputes over them usually arose as a result of the conflict of the founders.

What depends on developers

First of all, it must be emphasized thatcentralization of development is a “default factor” that occurs naturally. It always exists, even if the founders of the project do not strive for it and try to distance themselves as much as possible, as Satoshi Nakamoto did, who publicly transferred the rights to the repository. It should also be taken into account that not only unscrupulous project developers can use the centralization of development. These can be hackers who stole keys and passwords, or other forces that influence developers offline by methods of persuasion and thermorectal cryptanalysis.

The degree of developer control depends on the levelproject in the technical architecture of the blockchain. In most cases, developers cannot directly manage the “zero level” blockchain, but they determine the development strategy of the protocol and are responsible for its security. At the same time, they do not always consult with the general community and conduct voting. For example, the team of Vitalik Buterin in 2016 accelerated the hard fork of Ethereum after the TheDAO hack in the presence of a serious conflict within the community.

Add-on developers (second-tier platforms)and smart contracts (decentralized applications, dapps) have a higher degree of control. They can, for example, remove the software, stop the contract entirely, or limit its functionality. In some cases, they can directly appropriate other people's tokens, as has repeatedly happened with fraudulent ICOs. Therefore, when buying any tokens, except for the base “zero level” cryptocurrency (ETH, BNB, ADA, SOL, etc.), you need to understand that the dependence on developers is higher and take on additional risks.

If you are a programmer or a professional investor- you can analyze the code yourself or hire competent specialists for this. If you do not have such an opportunity, you should at least search the web for information about the audit of the project code by third-party specialists or organizations.

Central repository

Access to a trusted central repositoryThe project is dangerous not by direct seizure of control. As soon as this becomes known, users will stop downloading files from it. Still, this is a dangerous point of failure, the capture of which will undermine the reputation of the project.

For example, the Bitcoin community quite truststhe main repository on Github. So far, it has never been hacked. Several people have access to the management of the repository, each of them can be considered a security professional. But these people are not heavily guarded and work on their own, so they are vulnerable.

Hacking the repository by hackers will enable them todistribute malicious code among thousands and even tens of thousands of users, steal their coins or cause other harm to the network. A developer can also disguise himself as a hacker, deciding in this way to quickly monetize his work. The damage will be one-time, but very serious.

In addition, ownership of access to the mainthe repository gives the right to part of the project team to dictate terms to the rest. For example, in 2017, during the conflict over the Bitcoin block size and the compromise project SegWit2x, part of the team, relying on the Blockstream company, actually crushed the opponents with their authority. Despite the fact that most of the large industry companies and a significant part of independent developers were the supporters of SegWit2x.

Team dependency

Although many investors believemore reliable projects backed by a registered company, in the cryptocurrency world it is often the other way around. The publicity of the development will help save the project or create an alternative based on the current blockchain.

For the most centralized care projectsthe main command, especially without the release of source codes to the public, means the actual closure. But even if the codes are open, other teams and unorganized enthusiasts may not be able to cope with the scale of the originally conceived product. This happened, for example, with the TON (Telegram Open Network) project.

The most famous representative of the fully publicDevelopment - Bitcoin. Its real creator retired from development two years after the blockchain was launched, handing over the repository and source codes to the community. Since 2014, the main Bitcoin repository has been managed by the Dutch programmer Vladimir van der Laan, funded by the Massachusetts Institute of Technology (MIT) Foundation. However, many key developments are being carried out by the commercial company Blockstream.

Supervised development formallyThe non-profit Ethereum Foundation is run in Ethereum. However, the fund has significant funds and actually manages both development and interaction with regulators and investors. Of course, if Vitalik Buterin and other key members of the team refuse to support the foundation, he may repeat the fate of the quietly deceased Bitcoin Foundation. It would not be superfluous to recall the Tezos Foundation, the infamous legal squabble of the project's co-founders who divided the proceeds from the ICO.

And finally, typical centralized andsemi-centralized projects that depend on a particular company are also in the top twenty in the cryptocurrency world. The most characteristic of them is Ripple. The company has all rights to the project and can close it without the consent of users and token holders. The dependence on the creator company in BNB Chain is also great. Less complete, but significant control is with the creators of EOS, Tron, Waves, Bitshares and other projects. Only basic blockchains are mentioned here, among add-ons and dapps platforms, the share of centralized ones is much larger.

Storage centralization

Cryptocurrencies emerged as a completely independenta means of payment and a payment system where each person has full control over their money through the possession of cryptographic keys. This worked great as long as they stayed in the narrow tech community. But the massive influx of unqualified retail investors has given rise to a tendency to trust their crypto assets to a “reliable company”, relieving themselves of responsibility for their storage. This method is common in the stock and other traditional markets, but with cryptocurrencies it is dangerous.

The safest place to store crypto assetsis a personal cold wallet connected to the network only when necessary, duplicated by backup copies of keys on a material carrier (paper, plastic, metal, etc.). But most users without hesitation sacrifice security for the sake of convenience and the possibility of additional earnings.

Thus, over time, it inevitably developedthe practice of transferring crypto assets to external storage. The largest custodians of most cryptocurrencies have actually become intermediaries: wallets, exchanges, custodial storage services, and even licensed banks.

The main risk of centralized storage isputting all the eggs in one basket. Large amounts of cryptocurrencies are becoming a tasty morsel. Exchange owners can simply steal coins, as was the case on Cryptsy, QuadrigaCX and other sites. Hackers can do it for them, as happened on MtGox, Bitfinex and many other exchanges - the number of relatively small hacks is in the tens. Also, cryptocurrencies on the exchange can be blocked or confiscated by special services, as happened on BTC-e (in fact, after almost seven years, the fate of the exchange wallets has not cleared up).

In addition to the banal theft, intermediaries in one way or anothercan take advantage of user crypto assets for their own benefit. The most common ones are described in the next chapter. This happens periodically in other markets, but there the transfer of assets under the control of an intermediary is a necessary measure. A cryptocurrency investor always has a choice.

What danger does the concentration of coins and tokens on centralized platforms pose for projects in general? It depends on the type of project and how it is managed.

How Storage Centralization Affects Management

Classical cryptocurrencies based on the Proof-of-work consensus are the least dependent on centralized storage. Owning coins does not provide any benefits at the blockchain level.

Even if we focus all existing BTC onone exchange, it will not be able to disrupt the blockchain. However, investors become dependent on the exchange operator, and he gets the widest opportunities for trading manipulations. Operations on centralized exchanges are not reflected in the blockchain and users do not see how the exchange disposes of their coins.

A much greater danger is the concentration of coins onone platform represents for cryptocurrencies on Proof-of-Stake. There is a direct relationship between management capabilities and the share of coins in the wallet. Therefore, researchers have repeatedly sounded the alarm about the centralized storage of ETH on several large exchanges, staking services, and even on certain cloud services such as AWS.

Let's say Amazon or Google is unlikely touse their abilities to capture the Ethereum blockchain, but by order of the authorities, they can block all virtual machines used for staking, and the number of validators will drop several times. This can be exploited by potential attackers to carry out a 51% attack. More focused actions can be expected from players involved in the cryptocurrency industry.

Finally, the most vulnerable to centralizedstorage are control tokens of various decentralized projects (Uniswap, SushiSwap, Aave, etc.). Their number is usually limited, and they do not work at the consensus level, but at the application level, and therefore are less protected. Such tokens circulate in a narrower community than large cryptocurrencies, which means that the degree of their distribution is much lower. Control over the majority of such tokens will lead to a takeover of the project. It will be possible to return it only by restarting the decentralized application, which will cause large material and reputational losses.

Centralization of trade

All financial assets are traded on exchanges, andCryptocurrencies are no exception. Direct P2P trading cannot satisfy even a small share of demand, let alone speculative appetites. This forces traders to congregate on exchanges, creating another natural form of centralization. Exchange centralization.

Controlling large amounts of a crypto asset, an intermediary can carry out the following manipulations.

  • Create fictitious trading volumes to increase your reputation, without creating fictitious coins, which will help to deceive the external audit.

  • Conduct almost unlimited purchases and sales of a crypto asset, changing its price in the right direction. The collusion of several major players will increase the possibilities of manipulation.

  • Transfer an asset to other exchanges, including DEX, and conduct simultaneous transactions on them and on your platform.

  • Take loans in fiat currencies secured by clients' crypto assets.

  • Use clients' crypto assets in collateral to create so-called wrapped tokens (WBTC, WETH, and so on).

  • As you know, cryptocurrency exchanges are divided intocentralized (CEX) and decentralized (DEX). Apart from intermediate options. The manipulations described above are mainly possible only for centralized services, since transactions on the DEX are impossible without the approval of the asset owner.

    However, the terminology should not introduce intodelusion. Although DEXs do not directly control the assets of their users, centralization cannot be completely avoided on them either. Any exchange between many people who are not in direct contact with each other gives rise to dependence on an intermediary, which is also played by decentralized exchanges.

    Yes.The DEX cannot "legally" freeze and confiscate a trader's assets. But the exchange itself or hackers can steal and withdraw their money in various indirect ways, from using price oracles to manipulating prices, commissions, conversions and other parts of the exchange trading process.

    To the manipulations peculiar only to the DEX,includes the so-called MEV (Maximized Extractable Value), that is, the maximization of extractable profits with the help of trading bots. This is a kind of analogue of high-frequency trading on the blockchain. In a few words, this is the automated interception by professional speculators of exchange orders of “ordinary users” that appear in the pool of unconfirmed transactions, and the execution of transactions at the most favorable price for themselves.

    This scheme originally arose as a manipulative,but gradually it was “legalized”, since it is impossible to fight it at the blockchain level, and platform operators had to put a good face on themselves with a bad game. Of course, DEX operators themselves have more opportunities to manipulate their clients' orders, because all transactions go through their smart contracts. And where the score goes to microseconds, even the opponent's minimal lag gives an advantage.

    The centralization of trade in itself does not pose a threat to the functioning of blockchains. However, it allows intermediaries to significantly increase their income in relatively fair ways.


    So we've looked at which sidecentralization can sneak up on cryptocurrencies and tokens, and how it can be used to destroy them or enrich a small group of players. Let's summarize:

    1. Centralization of issuance and confirmation of transactions. The most dangerous one can completely stop the blockchain and destroy the value of the underlying cryptocurrency, as well as all derivative assets.

    2. Development centralization. It can disrupt the development of the project and direct it in the direction needed by the group of beneficiaries. Hacking the main repository is dangerous as a covert attack and breach of trust.

    3. Centralization of storage carries the risks of market manipulation, major hacking, and potential attacks on PoS blockchains.

    4. The centralization of control resulting from othertypes of centralization is dangerous only for blockchains and derivative projects controlled by the vote of token holders. Capable of causing critical reputational and economic damage to a specific project.

    5. The centralization of trade carries the risks of largemarket manipulation and indirect losses for users of trading platforms, as well as enrichment of a small group of manipulators. Weakly depends on the type of crypto asset.

    First part of the article