Threats of cryptocurrency decentralization. Part II. Development, storage and trading

Article Reading Time:
12 min.

This is the second part of a review article aboutcentralization of cryptocurrency projects and it is devoted to indirect methods of control. Hidden influence does not disrupt the functioning of the blockchain, but also leads to risks for the entire ecosystem.

Everyone who works with the 51% attack knows aboutcryptocurrencies. However, the threat to centralization may not only manifest itself in direct attacks on the base layer of the blockchain.  Such clumsy techniques are only suitable in the most extreme situations, when the attacker seeks not so much to make money as to disrupt the operation of the system.

Brute force attacks are difficult to pull offmore than once on the same blockchain, and they cause the value of the underlying asset to fall. More subtle implicit methods allow you to establish and maintain, albeit less complete, but at the same time hidden control. This makes it possible to reduce the cost of acquiring influence and the associated risks.

The most important advantage of hidden control isit does not interfere with other users and can remain undetected for a long time. This means that the beneficiaries of such centralization can skim the cream for a long time, even if they are caught by overly curious researchers.

Development centralization

Some cryptocurrencies are being developedcommercial companies, others are supported by supposedly non-profit organizations, the development of others is considered decentralized, that is, carried out publicly through a repository on GitHub. It would seem that these are different approaches: the first and last differ very significantly. However, in all three cases there is also a single point of failure - the person or group who has the right to build and publish the final version of the product to the "official repository".

Let's not touch on the legal side of ownershipdevelopments, as it is more transparent. Commercial projects usually retain the rights to the product themselves, while open source projects operate under free licenses that allow unrestricted use and modification of the code. For more than ten years of active development of cryptocurrency projects, legal disputes on them usually arose as a result of a conflict between the founders.

What depends on developers

First of all, it is necessary to emphasize thatcentralization of development is a “silent factor” that arises naturally. It always exists, even if the founders of the project do not strive for it and try to distance themselves as much as possible, as did Satoshi Nakamoto, who publicly transferred the rights to the repository. You also need to take into account that centralization of development can be taken advantage of not only by unscrupulous project developers. These could be hackers who have stolen keys and passwords, or other forces influencing developers offline using persuasion and thermorectal cryptanalysis.

The degree of control developers have depends onproject level in the technical architecture of the blockchain. In most cases, developers cannot directly manage the level-0 blockchain, but they determine the development strategy for the protocol and are responsible for its security. However, they do not always consult with the wider community and conduct voting. For example, in 2016, Vitalik Buterin’s team carried out an accelerated hard fork of Ethereum after TheDAO was hacked in the presence of a serious conflict within the community.

Developers of add-ons (platforms of the secondlevel) and smart contracts (decentralized applications, dapps) have a higher degree of control. They may, for example, withdraw collateral, stop the contract completely, or limit its functionality. In some cases, they can directly appropriate other people’s tokens, as has happened many times with fraudulent ICOs. Therefore, when purchasing any tokens other than the basic “zero-level” cryptocurrency (ETH, BNB, ADA, SOL, etc.), you need to understand that the dependence on developers is higher and take on additional risks.

If you are a programmer or professionalinvestor - you can analyze the code yourself or hire competent specialists for this. If you do not have such an opportunity, you should at least search the Internet for information about auditing the project code by third-party specialists or organizations.

Central repository

Access to a trusted central repositoryThe danger of a project is not the direct seizure of control. As soon as this becomes known, users will stop downloading files from it. Yet this is a dangerous point of failure, the capture of which will undermine the reputation of the project.

For example, the Bitcoin community is quite trustingmain repository on Github. Until now it has never been hacked. Several people have access to managing the repository, each of whom can be considered a security professional. But these people are not under heavy security and work on their own, therefore they are vulnerable.

Hacking the repository by hackers will give them the opportunitydistribute malicious code to thousands or even tens of thousands of users, steal their coins, or cause other harm to the network. A developer who decides to quickly monetize his work can also disguise himself as a hacker. The damage will be one-time, but very serious.

In addition, having access to the mainthe repository gives the right to part of the project team to dictate terms to the rest. For example, in 2017, during the conflict over the Bitcoin block size and the compromise project SegWit2x, part of the team relying on the Blockstream company actually crushed opponents with their authority. Despite the fact that the majority of large industry companies and a significant part of independent developers were supporters of SegWit2x.

Team dependency

Despite what many investors believeprojects that are backed by a registered company are more reliable; in the cryptocurrency world, the opposite is often the case. Publicity of the development will help save the project or create an alternative based on the existing blockchain.

For the most centralized care projectsthe main team, especially without releasing the source code to the public, means actual closure. But even if the codes are open, other teams and unorganized enthusiasts may not be able to cope with the scale of the originally conceived product. This happened, for example, with the TON (Telegram Open Network) project.

The most famous representative in fullpublic development - Bitcoin. Its real creator retired from development two years after the blockchain's launch, handing over the repository and source codes to the community. Since 2014, the main Bitcoin repository has been managed by the Dutch programmer Vladimir van der Laan, funded by the Massachusetts Institute of Technology (MIT) foundation. However, many key developments are being carried out by the commercial company Blockstream.

Formally supervised developmentThe non-profit Ethereum Foundation is conducted on Ethereum. However, the fund has significant funds and actually manages both development and interaction with regulators and investors. Of course, if Vitalik Buterin and other key members of the team refuse to support the foundation, it could repeat the fate of the quietly deceased Bitcoin Foundation. It would not be amiss to remember the Tezos Foundation, notorious for the legal squabble of the project co-founders who divided the proceeds from the ICO.

And finally, typical centralized andSemi-centralized projects, depending on a specific company, are also in the top twenty in the cryptocurrency world. The most typical of them is Ripple. The company has all rights to the project and can close it without the consent of users and token owners. The dependence on the creator company in BNB Chain is also great. The creators of EOS, Tron, Waves, Bitshares and other projects have less complete, but significant control. Only basic blockchains are mentioned here; among add-ons and dapps platforms, the share of centralized ones is much larger.

Storage centralization

Cryptocurrencies have appeared completelyan independent means of payment and payment system where each person has full control over their money through ownership of cryptographic keys. This worked great as long as they remained in a small community of technical specialists. But the massive arrival of unqualified retail investors has created a tendency to trust their crypto assets to a “reliable company”, relieving themselves of responsibility for their custody. This method is common in the stock market and other traditional markets, but with cryptocurrencies it is dangerous.

The safest place to storecrypto assets is a personal cold wallet, connected to the network only when necessary, duplicated with backup copies of keys on a material medium (paper, plastic, metal, etc.). But most users without hesitation sacrifice security for the sake of convenience and the possibility of additional income.

Thus, over time, it inevitably developedthe practice of transferring crypto assets to external storage. The largest custodians of most cryptocurrencies have actually become intermediaries: wallets, exchanges, custodial storage services, and even licensed banks.

The main risk of centralized storage isputting all your eggs in one basket. Large amounts of cryptocurrency are becoming a tasty morsel. Exchange owners can simply steal coins, as happened on Cryptsy, QuadrigaCX and other sites. Hackers can do this for them, as happened on MtGox, Bitfinex and many other exchanges - the number of relatively small hacks is in the dozens. Also, cryptocurrencies on the exchange can be blocked or confiscated by intelligence services, as happened on BTC-e (in fact, after almost seven years, the fate of the exchange’s wallets has not become clear).

In addition to banal theft, intermediaries of those ormay otherwise take advantage of users’ cryptoassets for their own benefit. The most common ones are described in the next chapter. This periodically happens in other markets, but there the transfer of assets under the control of an intermediary is a forced measure. A cryptocurrency investor always has a choice.

What danger does concentrating coins and tokens on centralized platforms pose for projects as a whole? This depends on the type of project and how it is managed.

How storage centralization affects management

Classic cryptocurrencies based on Proof-of-work consensus are the least dependent on centralized storage. Owning coins does not provide any benefits at the blockchain level.

Even if you concentrate all existing BTCon one exchange, it will not be able to disrupt the blockchain. However, investors become dependent on the exchange operator, and he receives the widest opportunities for trading manipulations. Transactions on centralized exchanges are not reflected in the blockchain and users do not see how the exchange manages their coins.

A much greater danger is the concentration of coinson one platform represents Proof-of-Stake cryptocurrencies. There is a direct relationship between management capabilities and the share of coins in the wallet. Therefore, researchers have repeatedly sounded the alarm about centralized storage of ETH across several large exchanges, staking services, and even certain cloud services such as AWS.

Let's say Amazon or Google are unlikely touse their capabilities to take over the Ethereum blockchain, but by order of the authorities they can block all virtual machines used for staking, and the number of validators will drop several times. Potential attackers can take advantage of this to carry out a 51% attack. More targeted actions can be expected from players involved in the cryptocurrency industry.

Finally, those most vulnerable to centralizedstorage are control tokens of various decentralized projects (Uniswap, SushiSwap, Aave, etc.). Their number is usually limited, and they work not at the consensus level, but at the application level, and therefore are less secure. Such tokens circulate in a narrower community than large cryptocurrencies, which means their distribution is much lower. Control of most of these tokens will lead to the takeover of project management. It can only be returned by restarting the decentralized application, which will cause major material and reputational losses.

Centralization of trade

All financial assets are traded on exchanges, andCryptocurrencies are no exception. Direct P2P trading cannot satisfy even a small share of demand, much less speculative appetites. This forces traders to congregate on exchanges, creating another natural form of centralization. Centralization of exchange.

Controlling large amounts of crypto assets, an intermediary can carry out the following manipulations.

</p>

Create fictitious trading volumes, increasing your reputation, without creating fictitious coins, which will help deceive external audits.

Carry out almost unlimited purchases and sales of a crypto asset, changing its price in the desired direction. The collusion of several large players will increase the possibilities of manipulation.

Transfer an asset to other exchanges, including DEX, and conduct simultaneous transactions on them and on your platform.

Take out loans in fiat currencies secured by clients’ crypto assets.

Use clients' cryptoassets as collateral to create so-called wrapped tokens (WBTC, WETH, and so on).

As you know, cryptocurrency exchanges are divided intocentralized (CEX) and decentralized (DEX). Not counting intermediate options. The manipulations described above are mainly possible only for centralized services, since transactions on DEX are impossible without the approval of the asset owner.

However, the terminology should not introducedelusion. Despite the fact that DEXs do not directly control the assets of their users, centralization cannot be completely avoided on them. Any exchange between many people who are not in direct contact with each other creates dependence on an intermediary, which is also played by decentralized exchanges.

Yes.A DEX cannot “legally” block and confiscate a trader’s assets. But the exchange itself or hackers can steal and siphon off their money in a variety of indirect ways, from using price oracles to manipulating prices, commissions, conversions and other parts of the exchange trading process.

To manipulations unique to DEX,refers to the so-called MEV (Maximized Extractable Value), that is, maximizing the extracted profit using trading bots. This is a kind of analogue of high-frequency trading on the blockchain. In a few words, this is the automated interception by professional speculators of exchange orders of “ordinary users” that appear in the pool of unconfirmed transactions, and execution of transactions at the most favorable price for themselves.

This scheme originally arose asmanipulative, but was gradually “legalized”, since it is impossible to fight it at the blockchain level, and platform operators had to put a good face on themselves in case of a bad game. Of course, DEX operators themselves have greater ability to manipulate their clients’ orders, since all transactions go through their smart contracts. And where microseconds count, even the opponent’s minimal lag gives an advantage.

Centralization of trade in itself does not pose a threat to the functioning of blockchains. However, it allows intermediaries to significantly increase their income in relatively fair ways.

findings

So, we looked at which sidecentralization can sneak up on cryptocurrencies and tokens, and how it can be used to destroy them or enrich a small group of players. Let's summarize:

</p>

Centralization of transaction release and confirmation. The most dangerous one can completely stop the blockchain and destroy the value of the underlying cryptocurrency, as well as all derivative assets.
Centralization of development. It can disrupt the development of the project and direct it in the direction desired by the group of beneficiaries. Hacking the main repository is dangerous due to a sneak attack and breach of trust.
Centralization of storage carries risks of market manipulation, major hacking, and potential attacks on PoS blockchains.
Centralization of management resulting fromother types of centralization, is dangerous only for blockchains and derivative projects governed by voting of token owners. Capable of causing critical reputational and economic damage to a specific project.
Centralization of trade carries risks of largemarket manipulation and indirect losses for users of trading platforms, as well as the enrichment of a small group of manipulators. Slightly depends on the type of crypto asset.