Make no mistake about it, the cryptocurrency landscape is a bit of an investing Wild West, where brigands lurk at every corner waiting to execute the next rug pull, but just like any other frontier lands, heroes and sheriffs exist as well to bring law and order.
One of the biggest criticisms leveled against cryptocurrencies has often been the limited recourse investors have when things go wrong.
And nowhere is this more evident than in the swashbuckling decentralized finance or DeFi space.
Poly Network, which links some of the world’s most widely used blockchains, said on Tuesday that hackers absconded with about US$600 million worth of cryptocurrencies in one of the largest heists to date, by exploiting a vulnerability in its smart contracts, the stuff that powers DeFi.
Because DeFi does away with the need for a trusted intermediary, smart contract code automatically executes transactions.
But given that smart contract technology is still somewhat in its infancy when applied to finance, it’s often difficult to determine built-in vulnerabilities or foresee the consequences of multiple contract calls.
As a general rule, the more complex the code, the more vulnerable it becomes to exploitation and often it’s because software developers can’t see their own blind spots.
Poly Network allows users to transfer their cryptocurrencies across different blockchains, by transacting directly with each other and the alleged hacker exploited a vulnerability in “contract calls” a type of transaction that is not intended to be published on the blockchain, to access the cryptocurrencies held in the smart contracts and effect their transfers.
But the hack has also seen a groundswell of decentralized intervention – Poly Network made a plea to cryptocurrency miners to block the transfers of these stolen cryptocurrencies.
Tether, issuer of the dollar-based stablecoin USDT, has said it froze about US$33 million worth of its tokens, to prevent the hacked proceeds from being used.
USDC, operated by payments service company Circle was also among the hacked coins, as was Binance Coin.
Binance founder and CEO Changpeng Zhao conceded that because no one controls the Binance blockchain, the group has had to co-ordinate with its security partners to proactively help as far as possible, but with no guarantees that the lost funds could be recovered or frozen.
The grassroots-led intervention by some of the biggest names in the cryptocurrency industry should be seen as a welcome move.
In 2016, when the Ethereum blockchain was still in its infancy, the infamous DAO hack, or the exploit of the decentralized autonomous organization, saw the creators of Ethereum decide to execute a hard fork, so as not to recognize the proceeds of the hack, leading to the break-off into Ethereum and Ethereum Classic.
Today, not many investors have even heard of Ethereum Classic, whereas Ethereum has soared to become the world’s second largest cryptocurrency by market cap.
At the time, the ideological debate surrounded the belief that if the blockchain was supposed to be the final arbiter of truth, human intervention to rewrite a different version of the truth, no matter how magnanimous, would introduce moral hazard into the equation.
Over five years and countless hacks later, the cryptocurrency industry as a whole has matured and the value of being more flexible is self-evident, providing investors some comfort that there may potentially be some recourse, even if such recourse is not entirely satisfactory.
As decentralized finance continues to evolve and smart contracts become more complicated, hacks similar to the Poly Network exploit are likely to become more prevalent.
There is a genuine elegance in being able to own and manage your own funds, but there is an inherent responsibility as well.