Can Crypto Thieves Use DeFi to Profit from Stolen Funds?

Hello defiers! Here’s what’s going on in decentralized finance

• DeFi debate over Upbit hack
• Stake Capital revenue-sharing DAO

Can (and Should) DeFi Enable Crypto Thieves to Profit?

Another day, another centralized exchange hack. This time 342k ether, or about $49 million, got stolen from Upbit. The South Korea-based exchange said it will replace the funds with the company's assets, and suspended all crypto deposits, withdrawals, and transfers to cold wallets.

Upbit calls itself “the most trusted crypto-asset exchange,” but these hacks are exactly why it’s better not to trust exchanges and have the ability to control your funds. I wrote about how Dexes are an answer to this just yesterday, here.

Aside from the “not your keys, not your crypto” meme that comes up whenever centralized exchanges get hacked, this time, because ETH was stolen, another interesting question came up: What if the hacker is able to more easily profit from the stolen funds thanks to DeFi.

Whereas before, hackers had to somehow obscure the flow of funds and cash out before their accounts were blacklisted, they can now profit from the stolen funds using decentralized finance platforms, which largely don’t do KYC and aren’t supposed to interfere with users’ trades and funds by design.

The hacker may move the stolen ETH into a MakerDAO Vault to mint DAI, or use Kyber Network or Uniswap Exchange to swap, and then deposit that Dai into Compound Finance to generate interest, Bobby Ong of Coingecko and Su Zhu of Three Arrows Capital said. Or any other combination using the dozens of platforms designed to enable anyone, anywhere to engage in complicated financial transactions.

Do these organizations need to stop the stolen money flow?

If they do, that would potentially put them in a tough position with regulators who can use their interference as evidence to say that they actually do control these systems and should be held liable for any other forms of misconduct (like money laundering or unregistered securities trading) happening on them. If they don’t, they’d be enabling thieves to profit from other people’s money, and signaling to other hackers that the door is open for them to do the same.

Another question is, can they stop them?

And that depends in the degree of decentralization of each platforms. In some cases, like Compound Finance and Synthetix, the project’s management teams can take control over their smart contracts, so presumably they’d be able to stop a specific user from transacting. In the case of MakerDAO or 0x, where there’s a governance system, maybe token holders can vote on how to handle the situation.

Following the core values of DeFi, the goal for many of these teams will be for the platforms they created to work in such a way that they’ll have no way to interfere.

As a way for platforms to be able to block hackers without relying on centralized control of funds, Bobby Ong proposes a decentralized version of Chainalysis, where DeFi dapps '“pay a fee to query incoming funds' addresses and block/freeze any funds from suspicious addresses automatically. The fee collected is then shared with users who help contribute to this database.”

Whether it’s a decentralized Chainalysis or something else, for DeFi to become mainstream and tolerated by national authorities, it might need to start thinking about a solution. The benefits of DeFi is that it enables people to transact freely, the downside is that will include criminals.

The New SaaS is Staking-As-A-Service

Stake Capital, which provides staking as a service, on Monday announced it’s launching a revenue-sharing DAO, enabling DAO token holders to receive staking rewards and participate in governance decisions.

The firm is leveraging the ability to generate a relatively passive yield from staking cryptocurrency on proof of stake platforms. It’s taking that concept further by organizing outside investors into a decentralized autonomous organization, or DAO.

The first step for users who want to join this DAO is to provide collateral to Stake Capital’s DeFi services, which include Tezos, Loom Network, Synthetix pools, Livepeer, Cosmos Network, Kusama, Polkadot and soon Ethereum. The staking yield will be disbursed as usual in the same staked cryptocurrency. Additionally, SCT tokens will be disbursed to stakeholders in proportionto the amount of fees they generated for Stake Capital.

SCT holders can then stake their earned SCT to receive DAO fees staking rewards on Stake Capital website. Just like traditional stocks’ shareholders, SCT stakers will share revenue collected by the DAO on a regular basis.

This mechanism further develops staking as a new way for investors to gain an additional source of revenue that just isn’t possible in traditional finance.

If you’re receiving this email, it means you’re a subscriber, so THANK YOU.

The Defiant’s beta period is ending next week. That means subscription prices will increase from $80/year and $8/month, to $100/year and $10/month. If you’re an annual and monthly subscriber, you already locked in the lower price for the 12 months after you signed up. You will obviously continue to receive full access to the content and archive and be part of the early Defiers club, which will get its own perks. But this almost-daily newsletter is just the start. You’ll know what I mean very soon. Thanks again for your support, you rock :)