PYMNTS-MonitorEdge-May-2024

DeFi’s Achilles’ Heel on Display: Vote Could Take $100M in Crypto from an Investor

On March 15, the token-holders of a decentralized blockchain are going to reveal the big Achilles’ heel at the heart of DeFi.

The token-holders of Juno, a sub-blockchain built on the Ethereum-killer Cosmos, are voting to take away more than $100 million in JUNO tokens from a rich fellow investor they feel cheated them.

See also: PYMNTS Blockchain Series: What is Cosmos?

Like virtually all decentralized blockchain projects, decentralized finance (DeFi) projects are governed by smart contracts that control all management functions via toke holder votes. These decentralized autonomous organizations, or DAOs, are supposed to make decentralized projects free from individual, central controlling authority.

See more: PYMNTS DeFi Series: Unpacking DeFi and DAO

But by running everything on a fully democratic one-token, one-vote method, DAOs are subject to two big problems: First, they are in danger of being controlled by holders of large blocks of tokens.

And second, due to the largely anonymous (technically “pseudonymous”) nature of blockchain, they can be controlled by large groups of angry token-holders unconstrained by any national legal framework — effectively handing out mob justice.

That’s what — potentially — happening Wednesday. And while there’s an argument that preventing alleged cheaters from exploiting smart contract flaws to unfairly enrich themselves, it also shows why DeFi may be a very questionable foundation for any financial project — or really any business venture.

Juno’s outrage

The Juno situation went like this: As many centralized and decentralized crypto projects do, the smart-contract platform’s initial developers planned an airdrop — giveaway — of tokens to early supporters. In effect, paying them a profit for backing the project in its early days.

When the Juno airdrop was announced — as of Feb. 18 — anyone holding tokens at that date would get 50,000 JUNO — which was worth about $20 then for each token and as of March almost $34. That means those 50,000 tokens would be worth about $1.7 million based on today’s market. The rules capped the airdrop at 50,000 JUNO, meaning if your wallet held 100,000 tokens you’d still only get 50,000.

When that happened, it was discovered that the airdropped tokens from 50 wallets holding at least 50,000 Juno as of the “snapshot” date were all transferred to a single wallet. Meaning one early supporter allegedly gamed the system to the tune 2.5 million tokens which had climbed as high as $40 million to $100 million.

This outraged some prominent Juno supporters who quickly passed a resolution to hold a vote to strip all but 50,000 JUNO from the wallet holding them all.

Because getting a proposed change in the project up for a vote generally takes a small percentage of the total tokens, getting a vote was scheduled was relatively easy. It failed, miserably, getting less than 10%.

But now another one is being taken as it became clear that the “whale” in control of the wallet was just selling them off for a profit as opposed to building some project on the blockchain — and, the angry voters hope, giving time for wider outrage to have built.

Whatever the outcome, what’s clear is that the community — and a fairly small percent of all tokens generally constitute a quorum — is that it could happen. By the same token, CoinDesk noted that the whale targeted by Juno’s “Proposition 16” would have almost half of the amount needed for a quorum, endangering the decentralized governance.

STEEMed voters

A similar issue arose in 2020 with the STEEM social media project. In that case, the project’s consensus mechanism was controlled by a variety of proof-of-stake, or PoS, that is run by 20 elected validators — who control the project.

See more: PYMNTS DeFi Series: What is Staking?

In that case, the founders secretly pre-mined 80% of all the projects tokens, which upset the social media project’s stakeholder community. But, at least they promised not to vote it.

However, they sold the stake to Justin Sun, the extremely wealthy and high-profile founder of the Tron blockchain, for about  $8 million.

Again, a core of active community members were upset, and secretly arranged a vote taking the voting rights away from Sun’s tokens.

He was outraged, and he reportedly told the CEOs of a number of top cryptocurrency exchanges that the blockchain had been hacked and got them to vote the tokens they held for customers, to oust the validators.

A back-and-forth battle for control erupted, and Sun eventually won, reversing the vote freeze. But, he also lost in that his opponents forked the blockchain and created an identical project called Hive. As forks do, it created new tokens one-for-one and airdropped them to all token-holders — but not to the Sun-controlled tokens. The move took a fair chunk of the project’s users with them.

But in both cases, a small number of activist project members sought to block the control of a wealthy holder of a large number of tokens. And both were able to dominate the project.

No conscience

One other incident is worth looking at: MakerDAO, a DeFi lending project.

See also: PYMNTS DeFi Series: What is Yield Farming and Liquidity Mining?

In that case, a sudden drop in the value ether tokens caused the collateral put up by borrowers to be liquidated at the bottom of the market. Worse, a flaw in the contract led the smart contract controlling the liquidation to sell off the collateral for literally nothing — $0 bids won — leaving the borrowers on the hook for about $8 million in total.

After an initial vote to compensate them for the loss that was entirely the fault of the controlling DAO’s smart contract, voters later voted against it. Leaving them with very little recourse for being cheated.

The lesson being, DAOs don’t have to be good citizens — or even compensate defrauded customers.

PYMNTS-MonitorEdge-May-2024