The emergence of cryptocurrencies gave people a kind of freedom they have never had before. You can easily own your own wallet, transfer money to the other side of the world, buy and sell goods and merchandises, invest in startups, and much more.
However, can this power of freely holding and transferring assets really apply to all of the cryptocurrencies? With the emergence of various tokens (like the ERC20 tokens), and the popularity of numerous decentralized applications (such as in-game assets like CryptoKitties or speculative games like Fomo3D), we will soon begin to start holding a wide variety of crypto assets. When we hold these crypto assets, is it really the same as holding Bitcoin in terms of safety?
For the user, these crypto assets are no different in appearance or use. We are immersed in publicized words like decentralization, thinking that these emerging crypto assets are as trustworthy as cryptocurrency such as Bitcoin and Ethereum; but these emerging crypto assets have never been examined, and so the question is, how much control do we have over the crypto assets in our possession?
The reason why Bitcoin is so valuable is not because blockchain technology is immutable, nor is it because blockchain technology breaks the limits of traditional national boundaries. The main reason is because Bitcoin is “decentralized.”
Decentralization is actually about letting everybody have control over their own assets.
Why is “decentralization” so important?
Decentralization is a concept that is not easy to understand. To make it easier to comprehend, we can first think about what is “not decentralized”. As in, what is centralization?
The banking system we use every day is a centralized system. When we want to transfer money to somebody, we must go through the bank’s consent. The bank is the “center” of this system and has the power to control everything. The emergence of Bitcoin broke the concept of this center, and I can transfer Bitcoin to anybody’s account without the authorization or approval of a center.
The biggest disadvantage of centralization is that it is more vulnerable. A powerful “center” like a bank can easily control your assets. It might be abused by insiders and may be attacked by outside hackers. The centralized system has a single weakness, and an accident can cause the entire system to crash, and you might lose all your assets in the bank instantly. Think about it. Your assets are not actually yours. In a centralized system, you have no real control over your assets (for example, Lehman Brothers)
On the other hand, in a decentralized system, you have real control over your assets. No center has any special authority to abuse or mishandle my assets. In this ideal world, your assets are really owned by yourself, and no one can take them away.
However, decentralized systems are difficult to design and evaluate. For a cryptocurrency, there are too many aspects that need to be decentralized, starting from the development stage to the working operations, the composition of the development team, design of the algorithm rules, implementation of the programming code, distribution of the mining computing power, location of the computing nodes, to the distribution of assets, etc., as long as any one of these numerous features or components is centralized, it will enable a few individuals to control this system, and this entire system will become centralized.
Currently, the two most common cryptocurrencies with the highest degree of decentralization are Bitcoin and Ethereum. Although these cryptocurrencies are not considered to be perfectly decentralized, they are still currently the best running, large scale decentralized systems. Such systems would assist to change the traditional financial environment that was closed off, slow, and privileged in the past, and return the ability to control their own assets to everyone.
Let the rules to decentralize be implemented on decentralized machines.
We know that decentralization is to give everyone control over all of their assets. However, how does this concept work in Bitcoin and Ethereum?
Suppose that I want to send Bitcoin to another account today. I have to sign the transaction with my private key, and the transaction will be sent to the millions of nodes and computers that maintains the blockchain. Of course, there are many details about the sending of cryptocurrencies, but it can be seen as the establishment and execution of a set of rules: the development team writes a set of rules that the user can use according to the rules; and the computers that maintains the blockchain will execute this set of rules.
The set of rules themselves must adhere to the decentralized idea, to ensure that everyone’s assets are protected by private keys. That is to say: “No one other than myself can use my money without my permission.” And “When I want to transfer my assets, no one can stop me.” There is no private key in the system with privileges or special rights that can infringe on the rights of other private keys. Even the development team’s private key cannot transfer or limit the assets of other users.
In order to ensure that this set of rules will be implemented, it cannot be performed by the development team themselves. Instead, it is carried out by thousands and even millions of computers that voluntarily maintains the blockchain. In other words, the execution of the rules is also decentralized.
Andreas Antonopoulos, the author of Mastering Bitcoin, had a famous saying: “Your Keys, Your Bitcoin. Not Your Keys, Not Your Bitcoin.” He wanted people to not put their Bitcoins on exchanges, nor to keep it in someone else’s custody, because only by learning to take care of the private key, can you really control your own Bitcoin.
The reason why this sentence is valid is because Bitcoin first formulated decentralized rules, and then implemented them on decentralized machines.
Decentralized Applications (DApp) might not really be decentralized
In 2015, the Ethereum blockchain brought forth an important innovation. It allowed the blockchain to not only record transactions, but to also execute programs.
These programming codes, also known as smart contracts, are executed on virtual machines on the Ethereum blockchain. As a result, people no longer needed to build new blockchains, and there was no need to re-establish thousands of computer nodes, as long as they used Ethereum’s ready made blockchain nodes. An application written with a smart contract is called a Decentralized Application, abbreviated as “DApp”, because it is executed on a decentralized computer.
And so a variety of DApps were created. Smart contracts can be written using ERC20 standard tokens, so that new startup companies can issue tokens. These include CryptoKitties, a card game where each player can own their own virtual pet; Fomo3D, a blockchain speculative game, that allows players to buy lottery tickets for a chance of winning; as well as smart contract based exchanges that allow users to buy, trade and sell tokens.
Whether it’s a token, a gaming treasure or item, a lottery ticket, or a balance on an exchange, in the end, it is essentially a kind of ledger, recording how much assets I hold and how much assets you hold. The vast majority of DApps can be viewed as a new type of crypto asset. Although written in smart contracts, it is used much in the same way as the original Ethereum.
This brings us to a strange phenomenon: no one stipulated that the content of the smart contract must conform to the spirit of decentralization.
Using a more malicious example, the development team can write an ERC20 token, and hide a mechanism that can transfer tokens away from other users’ accounts. Or write a collectible and swapping card game, and the hidden mechanism can confiscate cards from other users. Or write a gambling game and set it up so that a particular user’s account is more likely and easier to win with. And so on.
In other words, you can write a set of centralized rules that executes on the decentralized blockchain and can still be called a DApp.
Some people will say that a developer’s account having privileges or special rights is a very common design, just for the convenience of management, and not for any malicious reasons. But as stated before, having privileges or special rights is a centralized design. It is difficult for users to distinguish which privileges or special rights are acceptable and which are unacceptable.
Especially when these DApps are under the banner of “decentralization” to attract more users. The user is unaware of this: holding the private key does not guarantee that the asset is yours. Not all crypto assets are the same as Bitcoin.
How do you determine whether a smart contract will protect your assets?
Unfortunately, if you don’t look at the programming source code of the smart contract, the average user will not be able to know whether a DApp’s crypto assets can only be accessed by themselves.
This is also related to our understanding that we should not fully believe in every contract.
In real life, we will not think that a contract on paper and cash are the same, but we should look at how the contract is written. Contracts always have some kind of asymmetry, which guarantees a particular party’s rights and interests. In comparison, cash is a more decentralized design. Let’s think about the insurance company’s deposit insurance. Although it seems that deposit insurance is very similar to bank deposits, as in there are dollar amounts and interest rates, it is in fact far more restrained than bank deposits. The contract limits your control over the funds, allowing the insurance company to stop you from using the funds or charge you for liquidated damages. You would think that the money in the contract is not entirely yours.
The same is true for smart contracts, with almost all DApps involved with a hint of centralization. Most DApp developments are done by single organizations or enterprises. For the sake of profit and management needs, creators and administrators must be given some centralized power to operate, or otherwise it would be very difficult to use. But to what extent can these powers be expanded? Perhaps the simplest criteria is the power of the administrators, which cannot directly infringe on the user’s control over their assets.
JOYSO is a good example. As a decentralized exchange, JOYSO carefully limits the administrator’s privileges in the smart contract. The administrator cannot use or freeze the user’s assets; only order matching can be made, and the handling fee agreed upon by both parties is charged. In hypothesis, one day, the administrator’s account is hacked; the hackers can only steal the fees that are originally owned by the administrator and cannot steal the user’s assets.
By consciously reducing its authority, JOYSO allows users to retain maximum control over their assets, which is in line with the design and spirit of decentralization. However, you cannot expect every DApp to be similar.
You can also write an exchange with a smart contract, but give administrator privileges to use user assets. This is no different from a centralized exchange, but you can still claim that the exchange is a “decentralized exchange” simply because your exchange is running on the blockchain. These kinds of DApps, which claims to be decentralized, but hides the centrally controlled mechanism and rules that harm user rights, are actually very common.
In July of this year, Bancor’s trading platform, a well-known blockchain project, was attacked by hackers and lost a large amount of cryptocurrency. Dogecoin founder Jackson Palmer immediately raised an important question regarding this event. The issue he brought to the forefront was that while a project like Bancor clearly claims to be decentralized, it has been proven that the administrator has the authority to freeze the user’s assets after being hacked. So, how many other “decentralized” projects also hide a centrally controlled mechanism?
In reality, such centrally controlled mechanisms are very common in DApps. In terms of the ERC20 token, in addition to the basic functions of the ERC20, the development team often adds in a variety of additional conditions to increase the administrator and manager’s control over the token. Like the above example, Bancor’s administrator can “freeze” the user’s tokens, making them non transferable. Some tokens use the “whitelist” or “blacklist” design to allow only the addresses on the whitelist to transmit transactions. Some token administrators can even directly “transfer” funds that are considered questionable.
There are good reasons for the existence of these mechanisms, such as ease of management or compliance with financial regulations. But the same mechanisms can also be used in completely wrong ways. The disadvantages of centralized design are often hidden, and the entire industry lacks a clear method of measurement and evaluation. People often don’t know what they are using when they use DApps, and they are unable to protect themselves.
What we can do is learn to think about decentralization and ways to protect ourselves when handling our assets.
When you trade Ethereum into tokens, you need to realize that this is an exchange to replace a highly decentralized asset with a less decentralized asset. When you put the Ethereum in a smart contract, you need to realize that this is moving assets from somewhere where you can easily control it to places you might have difficulty controlling it.
The idea of decentralization may take decades to become universal and to be understood and valued by everyone. We will need tools to help people check their assets and not be harmed by a centralized asymmetric design. People will need professionals to consult with, for example, legal professionals who know the intricate details of smart contracts. Or they will need a well-established contract template to create a secure, peer to peer smart contract.
We should treat hidden centralized blockchain projects as open source projects with possible hidden backdoors and loopholes. Perhaps not everyone has the ability to analyze and recognize these dangers, but the nature of the openness of the blockchain will give professionals the opportunity to expose those bad designs and protect all users.
We are not able to predict the future and how the decentralized technology is going to develop. But we know centralized systems will still be common in the long run. Technology philosopher Kevin Kelly said in his book <The Inevitable>, a fully-decentralized system is hard to be applied in reality, since centralized design is still needed to organize and lead the system. However, different from the past, the Internet provides us a more open environment and a convenient way to cooperate which can protect us from the control of centralized authority by limiting their power. The key point is not about the capability to become more decentralized and is about when people will acknowledge the importance of taking back the control.
Fortunately, history always seems to move towards decentralization. The old systems that protect the interest of minority will collapse, and the new systems that promote equality will rise. We saw countries move from Monarchy to Democracy while the world moves from centralism to devolution. The author of <Antifragile>, Taleb, once said that the best prediction is to find a defective system and bet it will collapse.
The centralized system will gradually be replaced by decentralization, as this progress along, everyone should be aware and be mindful of systems we choose to use.