Latest

Unveiling Centralization in Cryptocurrency Projects: Indirect Methods of Control

This is the second part of the overview article about centralization of cryptocurrency projects and it is devoted to indirect methods of control.
Hidden influence does not disrupt the blockchain, but it also leads to risks for the entire ecosystem.

Everyone who works with cryptocurrencies knows about the 51% attack. But the threat of centralization can manifest itself not only in direct attacks on the underlying blockchain layer.

Brute-force attacks are difficult to pull off more than once on a single blockchain and will drive down the value of the underlying asset.

More subtle implicit methods allow for the establishment and maintenance of less complete, but covert, control.

This provides an opportunity to reduce the cost of acquiring influence and the associated risks.

The greatest advantage of covert control is that it does not interfere with other users and can go unnoticed for a long time.

Which means that the beneficiaries of such centralization can skim off the cream for a long time, even if they get caught by overly curious researchers.

Centralization of development

Some cryptocurrencies are developed by commercial companies, others are supported by ostensibly non-profit organizations, while the development of others is considered decentralized, that is, conducted publicly through a repository on GitHub.

It would seem that these are different approaches: the first and the last are very different.

However, in all three cases, there is also a single point of failure: the person or group who has the right to build and publish the final version of the product in the “official repository.

We won’t touch the legal side of development ownership, because it is more transparent.

Commercial projects usually keep the rights to the product for themselves, while open projects operate under free licenses that permit unrestricted use and modification of the code.

In more than a decade of active development of cryptocurrency projects, legal disputes over them usually arose as a result of founder conflict.

What depends on developers

The first thing to emphasize is that the centralization of development is a “default factor” that arises naturally.

It is always there, even if the founders of the project do not seek it and try to distance themselves as much as possible, as Satoshi Nakamoto did when he publicly transferred the rights to the repository.

Also note that the centralization of development can benefit not only unscrupulous developers of the project.

It could be hackers who steal keys and passwords, or other forces influencing developers offline with persuasion and thermorectal cryptanalysis techniques.

The degree of developer control depends on the level of the project in the technical architecture of the blockchain.

In most cases, developers cannot directly manage the zero-level blockchain, but they do set the strategy for the development of the protocol and are responsible for its security.

And they do not always consult with the broader community and take votes.

For example, Vitalik Buterin’s team accelerated the Efirium hardforward in 2016 after TheDAO was hacked in the presence of serious conflict within the community.

Developers of add-ons (second-tier platforms) and smart contracts (decentralized applications, dapps) have a higher degree of control.

They can, for example, withdraw collateral, stop the contract completely, or limit its functionality.

In some cases, they can even directly appropriate other people’s tokens, as has repeatedly happened with fraudulent ICOs.

Therefore, when buying any tokens other than the basic “zero-tier” cryptocurrency (ETH, BNB, ADA, SOL, etc.), one must understand that dependence on developers is higher and take on additional risks.

If you’re a programmer or professional investor, you can analyze the code yourself or hire competent professionals to do so.

If you can’t, you should at least look on the web for information about auditing project code by outside experts or organizations.

Central repository

Access to a trusted central repository for a project is not a straightforward control takeover. As soon as this becomes known, users will stop downloading files from it.

Still, it is a dangerous point of failure, the seizure of which would shake the reputation of the project.

For example, the Bitcoin community is quite trusting of the main repository on Github. So far, it has never been broken into.

Several people have access to the management of the repository, each of them can be considered a security professional.

But these people are not heavily guarded and work on their own, so they are vulnerable.

Hackers breaking into a repository will enable them to distribute malicious code to thousands, even tens of thousands, of users, steal their coins, or do other damage to the network.

A developer can also masquerade as a hacker, deciding in this way to accelerate the monetization of their work. The damage would be one-time, but very serious.

In addition, having access to the main repository gives part of the project team the right to dictate terms to the rest.

For example, in 2017, during the conflict over the size of the Bitcoin block and the compromise project SegWit2x, part of the team backed by Blockstream actually crushed the opponents with its authority.

Despite the fact that SegWit2x was supported by most major industry companies and a significant portion of independent developers.

Dependence on the team

Despite the fact that many investors consider projects with a registered company behind them more reliable, the opposite is often true in the cryptocurrency world.

The publicity of the development will help keep the project alive or create an alternative based on a functioning blockchain.

For the most centralized projects, the departure of the core team, especially without making the source codes public, means the de facto closure of.

But even if the codes are opened, other teams and disorganized enthusiasts may not be able to handle the scale of the product originally conceived.

This happened, for example, with the TON (Telegram Open Network) project.

The most famous representative of fully public development is Bitcoin.

Its real creator stepped away from development two years after the blockchain’s launch, handing over the repository and source codes to the community.

Since 2014, the main Bitcoin repository has been run by Dutch programmer Vladimir van der Laan, funded by the Massachusetts Institute of Technology (MIT) Foundation.

However, many of the key developments are led by a commercial company, Blockstream.

Development under the watchful eye of the formally nonprofit Ethereum Foundation is conducted at Ethereum.

Nevertheless, the fund has significant funds and actually manages both the development and the interaction with regulators and investors.

Of course, if Vitalik Buterin and other key members of the team refuse to support the foundation, it can repeat the fate of the quietly dead Bitcoin Foundation.

It is not superfluous to recall the Tezos Foundation, notorious litigation between the co-founders of the project, who shared the profits from the ICO.

And finally, there are typical centralized and semi-centralized projects, dependent on a particular company, in the cryptocurrency world and in the top twenty.

The most distinctive of these is the Ripple. The company has all the rights to the project and can close it without the consent of users and token holders.

Just as great is the dependence on the company-creator in the BNB Chain. Less complete, but significant control has the creators of EOS, Tron, Waves, Bitshares and other projects.

Only basic blockchains are mentioned here; among superstructures and dapps platforms, the share of centralized ones is much higher.

Storage centralization

Cryptocurrencies have emerged as a completely independent means of payment and payment system, where everyone has full control over their money through ownership of cryptographic keys.

It worked fine as long as they stayed in the narrow community of technicians.

But the mass arrival of unqualified retail investors has created a tendency to entrust their crypto-assets to a “reliable company,” relieving themselves of responsibility for their storage.

This method is familiar in the stock market and other traditional markets, but with cryptocurrencies it is dangerous.

The safest place to store cryptoassets is a personal cold wallet, plugged in only when necessary, backed up with backup keys on a tangible medium (paper, plastic, metal, etc.).

But most users don’t hesitate to sacrifice security for the sake of convenience and the opportunity to earn extra income.

Thus, the practice of transferring cryptoassets to external storage has inevitably evolved over time.

The largest custodians of most cryptocurrencies have actually become intermediaries: wallets, exchanges, custodial storage services and even licensed banks.

The main risk of centralized storage is putting all the eggs in one basket. Large amounts of cryptocurrencies become a tidbit.

Exchange owners can simply steal coins, as was the case with Cryptsy, QuadrigaCX, and other venues.

Hackers can do it for them, as it happened on MtGox, Bitfinex and many other exchanges – the number of relatively small hacks runs into the dozens.

Also cryptocurrencies on the exchange can be blocked or confiscated by intelligence agencies, as happened at BTC-e (in fact, after almost seven years, the fate of the wallets of the exchange has not been clarified).

In addition to trivial theft, intermediaries in one way or another can take advantage of users’ crypto-assets for their own benefit. The most common ones are described in the next chapter.

It happens from time to time in other markets as well, but there the transfer of assets under the control of an intermediary is a forced measure. The cryptocurrency investor always has a choice.

What risks does the concentration of coins and tokens on centralized platforms pose to projects in general? It depends on the type of project and how you manage it.

How storage centralization affects management

Classic cryptocurrencies on Proof-of-work consensus are the least dependent on centralized storage. There is no blockchain-level advantage to owning coins.

Even if you concentrate all existing BTC on one exchange, it will not be able to disrupt the blockchain.

However, investors become dependent on the exchange operator, and he gets the broadest possible opportunities for trade manipulation.

Transactions on centralized exchanges are not reflected on the blockchain, and users cannot see how the exchange handles their coins.

The concentration of coins on one platform is much more dangerous for Proof-of-Stake cryptocurrencies.

There is a direct correlation between management capabilities and the share of coins in the wallet.

So researchers have repeatedly beaten the alarm about centralized ETH storage on several major exchanges, steaming services, and even certain cloud services like AWS.

Let’s say Amazon or Google are unlikely to use their capabilities to take over the Ethereum blockchain, but they could block all virtual machines used for stacking by order of the authorities, and the number of validators would drop several times.

Potential attackers can take advantage of this to launch a 51% attack. More targeted actions can be expected from players involved in the cryptocurrency industry.

Finally, the most vulnerable to centralized storage are the control tokens of various decentralized projects (Uniswap, SushiSwap, Aave, etc.).

Their number is usually limited, and they do not work at the consensus level, but at the level of the application, and therefore are weaker protected.

Such tokens circulate in a narrower community than large cryptocurrencies, which means the degree of their distribution is much lower.

Control over most of these tokens will lead to the hijacking of project management.

The only way to get it back would be to restart the decentralized app, which would cause major material and reputational losses.

Centralization of commerce

All financial assets are traded on exchanges, and krpitocurrencies are no exception. Direct P2P trading cannot satisfy even a small fraction of demand, much less speculative appetites.

This forces traders to gather at the exchanges, creating another natural kind of centralization. The centralization of the exchange.

By controlling large amounts of crypto-assets, an intermediary can perform the following manipulations.

  • Create fictitious trading volumes, enhancing your reputation, without creating fictitious coins, which will help deceive external audits.
  • Conduct almost unlimited buying and selling of a crypto-asset, changing its price in the right direction. Collusion by a few big players will increase the possibility of manipulation.
  • Move the asset to other exchanges, including DEX, and conduct simultaneous trades on them and their platform.
  • Take out loans in fiat currencies secured by customers’ crypto assets.
  • Use customer crypto-assets in collateral to create so-called wrapped tokens (WBTC, WETH and so on).

As you know, cryptocurrency exchanges are divided into centralized (CEX) and decentralized (DEX). Not including intermediate options.

The manipulation described above is basically only possible for centralized services, because transactions on DEX are not possible without the approval of the owner of the asset.

However, the terminology should not be misleading. Although the DEX does not directly control the assets of its users, centralization cannot be completely avoided and on them.

Any exchange between many people who are not in direct contact with each other generates dependence on an intermediary, which is also the role of decentralized exchanges.

Yes. DEX cannot “legally” block and confiscate a trader’s assets.

But the exchange itself or hackers can steal and withdraw their money in a variety of indirect ways, from using price oracles to manipulating prices, commissions, conversions, and other parts of the exchange trading process.

Among the manipulations unique to DEX is the so-called MEV (Maximized Extractable Value), which is the maximization of profits made by trading bots.

This is a kind of analog of high-frequency trading on the blockchain.

In a few words – it is an automated interception by professional speculators of exchange orders of “ordinary users”, which appear in the pool of unconfirmed transactions, and execution of transactions at the most favorable price for themselves.

This scheme originally appeared as a manipulative one, but was gradually “legalized” because it is impossible to fight it at the blockchain level, and the platform operators had to put a good minefield for a bad game.

Of course, DEX operators themselves have more opportunities to manipulate the orders of their customers, because all transactions pass through their smart contracts.

And where microseconds count, even the opponent’s minimal lag gives you an advantage.

The centralization of trading itself does not threaten the functioning of blockchains. However, it allows middlemen to significantly increase their profits in relatively honest ways.

Conclusions

So we’ve looked at where centralization can creep up on cryptocurrencies and tokens, and how it can be used to destroy them or enrich a small group of players. To summarize:

  1. Centralization of transaction release and confirmation. The most dangerous, can completely stop the blockchain and destroy the value of the underlying cryptocurrency, as well as all derivative assets.
  2. Centralization of development. Can disrupt the development of the project and direct it in the direction desired by a group of beneficiaries. Breaking into the main repository is dangerous for stealth attacks and undermining trust.
  3. Centralizing storage carries risks of market manipulation, major hacking, and potential PoS blockchain attacks.
  4. Centralization of governance derived from other types of centralization is only dangerous for blockchains and derivative projects driven by token owner voting. Capable of causing critical reputational and economic damage to a particular project.
  5. Centralization of trading carries the risks of major market manipulation and indirect losses for users of trading platforms, as well as the enrichment of a small group of manipulators. It weakly depends on the type of crypto-asset.