🎙 "I'm Not an Enemy of DeFi; I Want People to Know About Anything That Goes Against DeFi as a Tool for Financial Liberty:" Chris Blec
In this week’s episode, I interview Chris Blec, a researcher advocating for transparency in DeFi. He was first drawn to cryptocurrencies through Bitcoin. He decided to go into crypto full time, first consulting with a token project in the ICO days, and lat...
By:
In this week’s episode, I interview Chris Blec, a researcher advocating for transparency in DeFi. He was first drawn to cryptocurrencies through Bitcoin. He decided to go into crypto full time, first consulting with a token project in the ICO days, and later, in late 2019, by creating a YouTube channel where he aimed to educate users on how DeFi projects work under the hood. Here is where he came across what has become his focus since; the actual centralization behind supposedly decentralized protocols.
Chris realized developers behind many projects hold so-called admin keys, which offer a way to unilaterally change projects’ code and even drain users’ funds. His focus on decentralization theatre has also led him to criticize tokenized governance, which he argues could make DeFi a plutocracy.
He has leveraged his background in marketing to very loudly question his targets, with Twitter threads, reports on his research site DeFi Watch, and open letters. His most recent decentralization crusades have been focused on Polygon and Uniswap. All these questions and what appears to be constant criticism inspired some in the DeFi community to try to raise $50M for him to quit crypto. Meanwhile, Cointelegraph wrote a feature piece calling him maybe the most annoying man in DeFi. Chris seems unphased.
To him, he’s just doing his part so that we don’t waste this opportunity to make a new, better financial system. He may be rubbing some people the wrong way but he believes that thanks to him, users have learned about the risk of admin keys and, maybe, DeFi is a bit safer and more decentralized because of it.
The podcast was led by Camila Russo, and edited by Alp Gasimov. Transcript was edited by Owen Fernau and Dan Kahan.
🎙Listen to the interview in this week’s podcast episode here:
You’re a paid subscriber, which means you get the full transcript below. Subscribers also get exclusive access to The Defiant’s Discord chat for the community, here’s a new link to join.
CR: Alright. Here we are with Chris Blec. Chris, welcome to The Defiant podcast. Thanks so much for joining me.
CB: Thank you. Thanks for having me on. I’m excited.
CR: Yeah, of course. Me too. So Chris Blec is a researcher advocating for transparency in DeFi. That may not seem like a controversial topic. But somehow he's managed to anger enough people to inspire a governance proposal, which would raise five million, was it? To quit crypto…
CB: 50, it was 50 million.
CR: Oh, 50 million.
CB: Five million, that’s peanuts.
From Marketing to Bitcoin
CR: Oh, $50 million. The proposal didn't pass, so he's still here, fighting against decentralization theater, rubbing people the wrong way while he's at it, but we'll get to all of that. I want to start with the beginning and just getting to know you better, and why you got into crypto in the first place.
CB: I started to use Bitcoin in 2015, but in 2017 is really when it all connected for me as far as a long history in appreciating the concept of liberty and freedom, and slowly starting to learn about the influence that central banks have over our lives and things like that. And then in 2017, it all just clicked for me when I was watching an online course about the history of money and tulips and seashells and everything that has been considered money in the past. And it just connected for me that Bitcoin was solving all of those problems.
“...I was watching an online course about the history of money and tulips and seashells and everything that has been considered money in the past. And it just connected for me that Bitcoin was solving all of those problems.”
And I went down the proverbial rabbit hole at that time. And before that, for 20 years, I was a marketing director VP for different tech companies, media companies, even sports entertainment. So I had a history of that. But when I discovered Bitcoin, it just brought all the things that I love into one place, like liberty, personal finance, finding ways to optimize my financial life, and so I just wanted to go as deep as I could with it. And that's how I got started with it.
CR: Very cool. Can you talk a bit more about what you did before? So you mentioned sports, media, what exactly were you doing, for what companies?
CB: So I actually started out in radio, my first job was as a radio DJ, so I was on the air playing the music and stuff like that. And then after that, I got involved with marketing and working with television and radio to market television programs and things like that. So actually running TV commercials, producing TV commercials.
And somehow, over the course of a few years there, I got involved in the world of pay-per-view television. So that involved like pay-per-views sports, professional wrestling is a road that I went down. I was a big fan of it when I was a kid. So it was exciting to me. I helped start up a wrestling company in Tennessee, and so I lived in Nashville for a while. And then I moved to Las Vegas and I ran marketing for the UFC, Ultimate Fighting Championship. That was in 2005. So that was a while ago, it was when it was really first starting to pick up steam, and I was their first marketing director. I was like the 20th employee there. So I was there for a while.
And then after that I moved on into tech, and I got more in the direction of what we now know as growth. So like growth marketing, for tech companies, working with educational technology companies and selling online courses and boot camps and things like that. So my background sort of started out in marketing, like television and radio and outdoor advertising like billboards and newspapers and stuff like that. And my marketing career was long enough that I experienced the transition into online. Because when I started out, there was no social, there was very little internet.
So when I was actually, for example, at UFC, I made UFC one of the top three online advertisers in the country in 2006 or 2007. So it just shows how early we were. And we were spending millions, but I mean it wasn't even close to what's being spent now. But that was most of my history in doing that, and then later parts like growth in subscriber marketing, subscriber acquisition, and retention for digital television and things like that.
CR: So you were obviously able to leverage that on your crypto part of your career, creating content and maybe indirectly fighting with people who oppose what you're saying. I think it's funny that connection with wrestling, and now you're wrestling with a bunch of people.
CB: It's interesting, because a lot of the brands that I worked with were, you could say that they have a cult following. So wrestling, UFC, and then later, I worked with some politics-oriented television content and stuff like that. And a lot of the marketing that we did for all these brands, and it's for other cult brands too, you think about, like Harley Davidson, or even Nike.
And some of the biggest brands in the world use very emotionally-oriented marketing tactics. So very rarely will you see a Nike commercial that is just about this particular shoe and the features of this particular shoe. They try to engage you in a different way and on a different level. So, I do have a lot of background in that and it does play into the way that I put my messaging out there in DeFi especially. Because I recognize that you can't always get your points across it just by being black and white granular. People want, and they can relate to, your principle coming through and they can feel it.
And that sense of person to person, there's a certain sense that you can only get when you know somebody who's really passionate about what they're saying. And it's the same thing that applies to that kind of marketing and to the way that I try to put my message out into the world. I want people to know that I really feel this, like I really feel this way. And I can't always do that in a way that's palatable to everybody.
“I want people to know that I really feel this, like I really feel this way. And I can't always do that in a way that's palatable to everybody.”
Going Full-Time Crypto
CR: Makes sense. Okay. So, continue with your story. You found that Bitcoin really answered a lot of the questions you had, and this sense of liberty and freedom, and on the other hand, the influence of central banks and maybe policymakers have over people's lives that all clicked into, okay, Bitcoin is solving all this. So what came next for you? You went down the rabbit hole, and then what happened?
CB: So I was still working full-time, you know, I had a job and was doing all that. And actually, at that time, I was working with a company called The Street, which is thestreet.com, it's Jim Cramer who is on CNBC, the Mad Money guy who hits the buttons and throws the bull and stuff like that. So I was working for him. My job was on Wall Street. And I was running their subscriber business.
And at that time, when I had that moment click, I was also working on Wall Street, so I'm walking down Wall Street every day, past the stock exchange to get to work. And I'm really glad that was the case, because I had this constant feeling like it was a grinding in my head, Wall Street every day doing this traditional type of work versus this new thing that was starting to really bubble up. And I just had a moment where I just said, you know what, I want to focus on this full-time. And I didn't know how I was going to make a living. I didn't know anything like that. I talked to my wife and I said I just want to do this and see where it goes.
So I quit my job there, and I just focused on studying and consuming everything I could that year. And a lot of what I was consuming was Andreas Antonopoulos and a lot of his talks on Bitcoin and how it relates to freedom around the world and stuff like that, banking the unbanked and all that, all the stuff Bitcoin used to be about, right. That's a little dig at Bitcoin, the store of value myth.
But not working during that time made me realize okay, I need to figure out a way to make money. So I was trying to find out if there were ways for me to apply my marketing experience to Bitcoin. So I was poking around seeing if there’s opportunities for consulting, things like that. 99% of the things that came up were ICOs and things like that during that period. And I was smart enough…
CR: That was 2018?
CB: 2017. So as we got later into the year, you know, it got kind of hairy with ICOs, and there were so many scams going on. So I turned them all down thankfully. The only thing I really worked on that year was with a gold company here in the US that is known for selling gold coins and stuff like that. And they were interested in potentially using Ethereum to create a gold backed cryptocurrency. And so for every ounce of gold in their vault will have a token, that kind of a thing.
So they didn't know anything about it. I knew about Ethereum and everything, and I helped them hire a developer. And that was the point where I really started to figure out how smart contracts worked. Because at that point, I still didn't understand how they worked and I definitely didn't understand that you could have parts of them that you could change. I thought everything on the blockchain was immutable, unchangeable, just like Bitcoin. And I think people still think this a lot. If they come from Bitcoin over to Ethereum and to DeFi, they think it inherits the same properties as Bitcoin in that regard. And I sort of had that same way of thinking at the time.
“...I really started to figure out how smart contracts worked. Because at that point, I still didn't understand how they worked and I definitely didn't understand that you could have parts of them that you could change. I thought everything on the blockchain was immutable, unchangeable, just like Bitcoin.”
But that was the moment in late 2017, I started to realize this is different, because you can code these smart contracts in any way that you want. They can be as rigid or as flexible as you want. So that was a real learning experience for me. The project itself didn't really work out. But I learned a lot through that, and it carried over for me into a couple years later into DeFi.
CR: So you learned that on Ethereum, developers could program smart contracts, which, smart contracts in the end is computer code that runs on top of Ethereum network. But while some of this code can be decentralized, out there, open source, automated, not all of it is that way, right, and there can be ways for teams and developers to keep control over that code. So with this kind of lesson, was that what spurred you to start your YouTube channel? You wanted to educate people on this fad? Or was it something else that brought you to your educational role in Ethereum?
CB: As far as the Ethereum YouTube content, I didn't start that until like a year and a half after that. Because after this project, I worked on in late 2017, then we had the big run up in price which then after that, the price cratered.
And then in 2018, we went into the bear market and any opportunity for consulting just dried up. Like anything, there were no other opportunities, even though I only had one up until that point that really mattered. Work sort of ended for everybody in the space that was relying on new people to come in. So I went back to work. I took another growth job in 2018 into 2019…
CR: Non-crypto?
CB: Non-crypto.
Content Creation
CR: Okay okay.
CB: Yeah. And in 2019, is what I discovered projects like MakerDAO and Compound, other projects that are around early in 2019, were doing. And at that moment, I got re-fascinated with the space because I had always thought it was weird that we had this wonderful decentralized currency in Bitcoin. But we really didn't have many, if any, decentralized services that we can use it with. So when I saw that projects were trying to solve that problem, I got excited. So I started to really dig into it. And that's when I started to create content.
It was mid-2019 when I started to go down that road with Compound. And as I started to understand these projects, I felt okay, let me try to explain them in plain English. Because nobody was really doing a good job of explaining the DeFi projects to non-technical users. I was doing that with Bitcoin before too. Because I was doing other educational stuff for clients just to teach them what is the nature of money and what is Bitcoin and stuff like that. So with DeFi, so, okay, people need this here too, so that's when I launched it. It was a while after that first project. And it was really based around that idea of giving non-tech people a way to understand.
CR: Got it. So you started creating educational content around DeFi protocols, teaching people how to use these projects. And I remember, maybe you interviewed me at around this time, I think this is when we first chatted for your YouTube channel…
CB: Was the end of that year, it was the end of 2019. Yeah.
CR: Yeah. So I mean, you were creating some really useful content. So then what happened? That channel doesn't exist anymore.
CB: Well so a lot has happened since then. I was creating content. And really the most of the content was, it was about yes, how to use it, but it was mostly about how to understand it, and how to see what's going on under the hood, so to speak, so you could dissect the transactions and stuff like that. And it was very useful for people. In early 2020 is when we started to talk about admin keys, and the fact that DeFi teams were holding a lot of control back for their own use, in case anything went wrong. But it also gave them the power over your money. It almost made the protocols custodial in a way. So we started to talk about that early in 2020.
“In early 2020 is when we started to talk about admin keys, and the fact that DeFi teams were holding a lot of control back for their own use, in case anything went wrong. But it also gave them the power over your money. It almost made the protocols custodial in a way.”
And as soon as I heard that, I said, okay, that's interesting, because in all this time that I've been focusing on this and creating content around it, I think I'm a pretty smart guy. But never before that did I realize that that was happening. So I figured if I didn't understand that that was happening and I'm creating all this content that people are looking at, how many other people are missing the boat on this?
So I really wanted to focus in after that on exploring that path and looking at how many projects are doing this and not really being clear about it. Because the whole thing here is that users are supposed to know what they're using. Transparency is supposed to be one of the key benefits of using DeFi. But if you don't know that there's three people that are responsible for the security of your $10,000, $100,000, whatever you put in this thing, then you're really missing a pretty important part of the puzzle.
“But if you don't know that there's three people that are responsible for the security of your $10,000, $100,000, whatever you put in this thing, then you're really missing a pretty important part of the puzzle.”
So I started to go down that road, and I actually created a couple of videos about that too. The channel being gone now off of YouTube is different, that only happened like last month maybe. And I took it off of YouTube, sort of in protest of their censorship they've been doing lately. They've been going after a lot of respected voices and medicine and science because they are saying things that don't sort of align with YouTube's point of view on a lot of different things. So I just got tired of supporting their censorship, because people watching my videos is making money for YouTube. So I moved all the videos over to Odyssey, which is another video platform that's built on the LBRY protocol.
CR: Your videos are still up?
CB: Yeah.
Zeroing in on Admin Keys
CR: Okay, that's good. So that was in protest to YouTube censoring users. But back to the admin keys, which you started covering early 2020. And that ties into your first experience with this ICO project that you had consulted for in 2017, right? So you see again that there's developer control over projects and this time around, it was over, I guess, the biggest projects on Ethereum, that this was going on. I remember at the time like you made this really nice spreadsheet listing all the different projects and how centralized they were. So, if you can explain why this matters? What is an admin key? What does it enable developers to do? What degree of control does it give developers?
CB: It can give them as much control as they want. It all depends on how they write the code. So, the most notorious ones give the developers the ability to basically change any part of the protocol. So they could with one Ethereum address send a transaction that completely changes everything about the DeFi project. Now, most of them don't do that and haven't used them in that way, but it gives them the ability to do that.
The main reason that they do this is because they want to be able to fix problems that might come up or upgrade the app, or treat it in the same way that you would treat any new application in traditional technology, right? If you launch an app in the App Store, let's say for a mobile phone, you want to have the ability to do upgrades, to do new versions, and send it to people and stuff like that.
So in DeFi, a lot of developers think the same way, that they want to have the ability to upgrade to not have to migrate people entirely over into a new application if they want to release a new version. So that's the justification for it. But the problem is in doing that, and in securing that sort of fail-safe for themselves, they're also holding on to the ability to make fundamental changes to the way the code works. That could be detrimental to users, if it's used in a malicious way, or if it's compromised in any way.
In the worst-case scenario, they could use an admin key or an admin key could be used to just drain all the funds that are being held in that smart contract into another wallet. And we've seen that happen. We've seen projects get compromised, where they lose this admin key or it gets otherwise stolen or compromised. Next thing you know, somebody is walking away with all the money that was in there. And all that happened, because they coded that key into the application.
“In the worst-case scenario, they could use an admin key or an admin key could be used to just drain all the funds that are being held in that smart contract into another wallet. And we've seen that happen.”
Web 2.0 Versus Web 3.0
CR: Would you say the difference here between developers retaining that degree of control in Web 2.0 apps, and developers retaining control in DeFi apps is the fact that they are responsible for users’ money? Because I'm not sure if in FinTech or banking apps, the level of control that developers have is the same. Like in FinTech and banking apps, you have this whole kind of financial rails, like you have insured deposits. The app is oftentimes using a separate kind of bank to custody funds.
So I think the degree of control with FinTech apps and with DeFi apps is different. In traditional financial applications it's not very common that developers would have complete access to user funds, but in DeFi they do. So do you think that's why the bar is raised and you expect for developers to not have that high degree of control over the code?
CB: I think that you're right that in a Web 2.0application, traditional FinTech, we don't have to trust the teams as much with the money of the users because there's other elements, like you're talking about, like whether it's a third party banking service, or whatever. And there's also laws and regulations and monitoring and the threat of jail time. And there's no, obviously anonymity or pseudonymity to deal with in that world.
And in DeFi, yes, I think that when you boil it down, we don't have to even get too abstract about this, when you think about a team of three or five or seven developers who are maybe in various countries throughout the world, maybe they work together remotely, let's just say half of them are known people and then the other half are not known people, and half of them could collude potentially to steal $50 million, $75 million, $100 million. Right away, common sense would tell you something's wrong.
And that's the angle that I look at it from. I don't try to make it too complicated. I just look at it from the point of view of, is there an incentive for these people to walk away with the money? And if there is a logical, reasonable incentive, and I'm looking at financial incentives, I'm looking at, could they go to jail, could people find them, you know, stuff like that. But when you're talking about tens of millions, hundreds of millions of dollars, and you're talking about two or three or four people, it's a lot of money, and the incentive is huge. And if nothing else, crypto is one giant game, we all know that, gamification, financial incentives. We have to have aligned incentives for this stuff to really work.
“I don't try to make it too complicated. I just look at it from the point of view of, is there an incentive for these people to walk away with the money?”
And when you're talking about one key that can be used to drain that kind of money, there's something wrong with the incentives. They're not aligned, right? They don't have the incentive a lot of times to play fair. And so that's why the bar has to be higher for them. They could take the money without repercussion potentially, fake a hack, you know, there's a lot of different ways to get that money. And I'm not making accusations. I'm saying these things are possible.
They probably have happened already. And it's very hard, if not impossible to prove. So the incentives are really what I'm looking at. And that's how I measure where that bar needs to be.
CR: Yeah, it makes sense. Okay, so to you, after researching different projects in DeFi, how big is the threat? If you can estimate a percentage of projects that have a relatively high risk of this happening?
CB: So there's a lot of projects now, right, and obviously nobody has the time to look at every single one. Most of the biggest projects have eliminated this risk. So they've moved on, they've gotten rid of that key, and they've moved on to, usually it's tokenized governance. So instead of one key existing now, there has to be a vote by token holders for any action to take place on the protocol. So that’s most…
CR: I'm sorry, and this is technically impossible for a developer to go and drain funds? Whatever action needs to be approved on-chain with token votes, it's not like it shouldn't happen because of some internal rule, like it just cannot happen, right?
CB: Yeah, it varies a lot by protocol. They're all different. And this is part of my challenge in trying to communicate the information, because some of these applications like Compound and MakerDAO and some of the other biggest ones, are exactly what you just said. There's no way for somebody to go in and drain anything. Everything has to happen through vote, and no new code can be pushed without that vote happening.
“...some of these applications like Compound and MakerDAO and some of the other biggest ones, are exactly what you just said. There's no way for somebody to go in and drain anything. Everything has to happen through vote, and no new code can be pushed without that vote happening.”
If the token holders all got together and said, let's do something bad, they could do that. But unless they had enough tokens, not one person could just go and turn a key and drain funds. There's other protocols though, like Sushiswap is one, where their votes actually are kind of ceremonial. Their votes are basically an off-chain suggestion to a multisig, to an admin key group. So the way they market it is the votes happen, and then the multisig holders do the will of the token people…
CR: Of the people.
CB: Yeah. But in reality, the multisig could do whatever it wants. Now it would be a pretty bad look if they just go out and start doing stuff without votes in that case. But the range of how these governance systems work, it's like, no two of them are alike, none of them. There's no two that are alike, so it gets really, really tricky and trying to compare and contrast. But to answer your other question, out of the total number of DeFi projects that exist right now, I'm going to guess and maybe you have a different opinion, I think most of them do have a centralized control mechanism. And I'm talking about all of them.
“...the range of how these governance systems work, it's like, no two of them are alike, none of them. There's no two that are alike, so it gets really, really tricky and trying to compare and contrast.”
So from the ones that are just starting out with $100 worth, up to the billions. I think most of them, especially when you look at things like Binance Smart Chain, and the projects that are on other chains, the vast majority of the projects that I've seen on Binance Smart Chain have admin keys held by anonymous owners, and are fully centralized, and people are just plowing money in. They have no incentive to decentralize because people don't seem to care, the people that are willing to use these things. So I'm going to say it's more than 50%, but if anybody wants to prove me wrong, go for it.
“...the vast majority of the projects that I've seen on Binance Smart Chain have admin keys held by anonymous owners, and are fully centralized, and people are just plowing money in. They have no incentive to decentralize because people don't seem to care...”
Major Admin Key Risks
CR: I guess a different question there would be, what percentage of TVL is centralized? Because right, the newer projects, the longer tail, maybe those are more likely to be centralized, but if you put the bigger projects together like Maker, Compound, Aave, those comprise the majority of TVL, and maybe if you measure it that way, then you can say, by that measure, most of the fight isn't as centralized.
CB: Yeah, it's a project that we would have to do. I'll tell you right now. You know, one of the biggest admin key situations out there right now which accounts for billions of dollars. When you're talking about a TVL, I'm just looking at DefiLlama 95 billion right now. So you know, I'm not sure how much is actually how much is on Polygon… Oh, it's $4.2 billion on Polygon. Polygon blockchain uses an admin key that secures the entire chain, everything on it. They can't drain all the funds out of every project on the chain, but they can affect the continuity of the network. So that's one of the biggest risks right now.
“...$4.2 billion on Polygon. Polygon blockchain uses an admin key that secures the entire chain, everything on it. They can't drain all the funds out of every project on the chain, but they can affect the continuity of the network. So that's one of the biggest risks right now.”
Another huge one that's growing unfortunately, we all treat it like a joke, but it's at over a billion dollars, a billion and a half dollars right now is the ShibaSwap. ShibaSwap is this Shiba token swapping platform that is at $1.4 billion TVL that is run by a multisig with all anonymous holders. And even they put names to each of the key holders, like one of their names is like “Birth-derf”, like they've just made up these names. Okay. And they just recently moved to a multisig from a single key. So they're out. There are big ones that have a lot of money tied up in these admin keys.
“ShibaSwap is this Shiba token swapping platform that is at $1.4 billion TVL that is run by a multisig with all anonymous holders.”
Most of the top projects, I'm just looking at the top list, there's a few that jump out like Sushiswap and ShibaSwap. And Wrapped Bitcoin, of course, is a purely multisig that we don't pay enough attention to. But again, when you look at the multisigs, they also vary in your confidence in them, right, because it's a good comparison to look at. There's two multisigs: Wrapped Bitcoin, and ShibaSwap. ShibaSwap, fully anonymous, you have no idea who these people are, you don't even know if there's really nine people or just one person who has all nine keys. You have no way of knowing because they're anonymous.
And then you've got a multisig behind Wrapped Bitcoin that has reputable participants in the DeFi space that hold the keys that everybody kind of trusts. So both of them present a risk, but one is far more of a concern than the other as far as what could happen with this thing. But I'm going to look into that some more, like what percentage of TVL is tied up in admin keys?
Polygon Security Concerns
CR: Can you drill down on Polygon? Because it's a big project, one of the most popular scaling solutions for Ethereum, and there's billions in digital assets on that side chain. So what exactly can the team do?
CB: So the thing that I am pretty sure that they can do and this is a question I've been asking them to clarify, is like what can you do with this set of multisigs? They've acknowledged that they have some multisigs that are very, very critical to the continuity of the chain. So it's different from like a regular DeFi project multisig, like we've been talking about where they could just change code, they can drain funds, stuff like that. We're talking about an entire blockchain now with a set of validators running consensus, and then all these different DeFi apps launched on the chain.
So the most critical multisig that they have--they have more than one--the most critical one that I know as secure is the staking contract for the validators. So all of the staked MATIC tokens that the validators stake to secure that network, this provides the incentive for them to act honestly as validators, all those funds could be affected by this one multisig. And this multisig could upgrade or change the staking contract to basically de-secure the network. There's a lot of things that could happen that would disrupt the continuity of the network. Transactions could be censored. There's a lot of stuff that could go wrong. And worst of all, the network could just be frozen permanently.
“Are all seven of those wallets 100% secure? Have they all been secured since they were created? Because all of these wallets were created before the keys were assigned to them.”
Do I think that the team is going to attack their own network? No, probably not. I forget exactly how many signers they have on that multisig, but let's just say it's seven, so there's seven Ethereum wallets out there in the world. And, again, I forget the exact specs on that one. But let's just say five of them are needed to approve a transaction.
Are all seven of those wallets 100% secure? Have they all been secured since they were created? Because all of these wallets were created before the keys were assigned to them. What if one of those signers created their wallet in a coffee shop three years ago with a security camera on them, and somebody wrote down their seed phrase when they were creating it, and then three years later that's holding a key to a $5 billion network? So that's one set of risks.
Then you've got a whole different set of risks when you think about regulators and state actors that might take a look at Polygon and say, here's a sweet honeypot that we might want to take a look at and go after. Let's get three or five, or whatever we need of these people, freeze their assets, threaten them with jail time, and make sure that they do what we want them to do. So there's just all different risks that go up. It doesn't get more centralized and having just five or seven people that can do that damage to billions and billions of dollars worth of value.
CR: So what response have you gotten from the team to those concerns?
CB: Well, I haven't gotten answers to any of the questions that I posed. You know, it's interesting going down this route. Because this was sort of the first one that I looked at and said, we need to try something different here, because there clearly is not an incentive for Polygon to get rid of this control. This control exists because they are not fully confident in the code. If they were fully confident in the code, and that was going to work forever and support the billions of dollars of industry that's happening on the chain, they could burn that key, get rid of it and just let the thing run autonomously. The reason that they hold the control is because they're not fully confident in the code as it stands, and they want the ability to fix things and change things.
“Let's just ask the questions that we already know there is no good answer to.”
So the incentive for them to get rid of it is not there, especially when people are launching projects and there's billions of dollars worth of money coming from users. So they are completely centralized, it's growing. So I look at that, and I say, okay, let's just ask the questions that we already know there is no good answer to. For instance, how can you prove that every one of the wallets that holds a signing key has been secure since its creation? You can't prove that, because the signers could be me, you or whoever; so they're not checking that that's not happening.
How would you react if a state actor threatened your assets if you don't sign a transaction that they want you to? They can't answer that they haven't thought about that. And if they have thought about that, they probably don't want us to know that. So I've been posing these questions in the form of letters, which you can see on Defiwatch.net. I haven't received any answers to any of those questions. The only responses I've received are them telling me they're not going to respond.
Asking Tough Questions
CR: Okay. It's interesting the way you're posing these questions and the reaction of these different projects. But first, I wanted to ask you, before I forget, on going back to incentives. So yes, these teams have, in some cases, control over their code, and there hundreds of millions of dollars logged in. But they also hold, in most cases, big amounts of their own token. So I think that at least does align incentives somewhat. Like, if they were to drain their projects, their own holdings of their own token would tank. So what's your view there? Do you think that at least diminishes risk, the fact that the project's token itself helps align incentives between users and the team?
CB: Polygon specifically, or just in general?
CR: Polygon, and yeah, in general, I think maybe that's a counterargument.
CB: So we've already seen projects that have tokens that have rug pulled their own projects, or drained funds out of their own projects. So if they're not sincere about growing the project in the long term--and when people buy a token, they're thinking longer usually than just today and tomorrow. They're thinking down the road, where this thing is heading. If the person behind the project has already decided there is no tomorrow for this thing and they don't want to be a part of the growth of it, if there is any opportunity, then they're going to pull out. They're going to pull their money out, they're going to drain it. They kind of fake a hack, they're going to fake an exploit, whatever. We've already seen that happen in the past now.
“You could do a lot with $200 million right now, right? You could go buy an island, forget about all your problems, change your identity, redo your face like you see in the movies so nobody can recognize you, get a new social security number, passport, and be gone. People in DeFi seem to forget how much money hundreds of millions is.”
With Polygon, I haven't checked the value of the staking contract since the prices have come down. I mean, it was definitely over a billion dollars at the height of when the prices were high. So if we had a situation where three or five people separating Polygon, and separating the humans and the people by just looking at the facts. Let's say there's five signers that could sign a transaction that would drain over a billion dollars into a completely unknown wallet, and maybe quickly launder it out into Bitcoin before anybody could get it, you're talking about $200 million per person. So if you're not sincere about the growth of your project, which we hope people are, but we don't always know what they're thinking.
So if you're not in that category, if you just want...I mean, $200 million is a lot of money. You could do a lot with $200 million right now, right? You could go buy an island, forget about all your problems, change your identity, redo your face like you see in the movies so nobody can recognize you, get a new social security number, passport, and be gone. People in DeFi seem to forget how much money hundreds of millions is.
So if there's that incentive for somebody to have that kind of money tomorrow and run away, you've got a problem. That's number one with Polygon. Not saying and not accusing them of having that motive. But if that possibility exists, you have to take it into consideration. I don't really think that's going to happen with them. My greater concern is, like I said, other actors forcing them to use their key in a certain way, whether it's state actors, whether it's a malicious actor, ranch attacker, somebody coming along and saying, you have access to a lot of money and we are going to force you with the threat of violence, with the threat of asset seizure. We're going to threaten your family. I don't know, there's so many things that can go wrong when you are the center point of that kind of security. So that's a lot more likely than any members of the team just saying let's run off with money.
CR: Yeah. I guess on the point of the token itself being an incentive to act in the interest of the project, if you're thinking about game theory and economic incentives, the value of the project’s token itself would have to be greater than the other assets locked in the project for you to be able to make that argument. Then that the value of the token itself is enough to guarantee some level of security, like, the token itself would have more value than the rest of the assets in the project that you can drain.
CB: I don't even know if in that case the incentives would align. Translate this to Web 2.0. If you have a situation in Web 2.0, for some reason, a founder could disappear with $100 million in users’ funds tomorrow and his company is valued at 125 million. You know, just because the company is valued at that doesn't mean he's ever going to see it, if he pays taxes on it. Like there's always other things that come into consideration. So as opposed to running off tomorrow, you could have 100 million. It's complicated.
“Bottom line is, like, if that possibility exists, you have to assume it could happen.”
I don't want to conflate what I think of the Polygon situation versus other situations that have existed, where people have chosen the quick path and the theft and the deception over genuinely trying to grow their token. And it's clear within those cases, they had no intent to ever grow their token into something bigger. They didn't care. So even if the token was worth more, they would have had to slowly unwind it to justify that to people. Why is the founder selling all of his tokens? Like, there's all these other hassles that come along with that, as opposed to just running off with the money. Bottom line is, like, if that possibility exists, you have to assume it could happen. That's bottom line.
The Most Annoying Man in DeFi
CR: Yeah. Makes sense. Okay, then going back to how you're posing these questions and sending out letters, you're really stirring up things in DeFi with these letters and with these questions. There was this article recently on Cointelegraph that asked whether you are the most annoying or the most valuable man in DeFi, which is pretty telling. So here, I'm just posing the question that I see a lot on Twitter. Is this the right way to get answers?
Because you, yourself, are saying that you're asking questions that have no answer, that you know can't be really answered by the teams. So to some people, it may come across as disingenuous, like you're just poking people to get a reaction but not because you expect anything real to come out of it. Or not because you want to educate people, but I don't know why. You know, like, this is the criticism I see of what you're doing. So I'd love to hear your thoughts on that.
CB: I'm a fan of philosophy and rational dialogue. And I think that when you come up against an existential question that doesn't have a good answer, it's an excellent opportunity for dialogue, and to try to figure out why it doesn't have an answer, and to try to figure out if that's a good thing or a bad thing. And in the case of the questions I'm posing, not all of them are unanswerable. Some of them are. And the ones that are unanswerable are unanswerable because of a lack of thought that was put into the initial process. So when you're talking like before about the multisig, who's holding the keys, how do we know? That's always been secure in their wallet.
That's not unanswerable because we just can't figure it out. It's unanswerable because there wasn't thought put into that process. And so in that case, for a project to answer that question to me, they would have to admit that they didn't put thought into that part of the project. It's exposing a weakness of their security setup.
In other cases, there are things that we rely on in DeFi, just multisig in general that are completely wrong for the way they're being used. So when I asked the question, how can you prove that one person doesn't have backup copies of all five keys, for instance, and could just execute? How can you prove one person didn't create all five keys and just pass out the private keys to different people and say, here's a key for you and a key for you and they keep backups of all of them? If they did, that one person could execute any transaction. But how can you prove that didn't happen?
“That's not unanswerable because we just can't figure it out. It's unanswerable because there wasn't thought put into that process. And so in that case, for a project to answer that question to me, they would have to admit that they didn't put thought into that part of the project.”
So it raises a philosophical kind of question, right? It's like this deep level of thinking that all of a sudden we have to do in order to realize, wow, we're relying on a security mechanism that we can't prove to third parties is worthy of their trust. And when I raised that, and the entire bedrock of DeFi is built on that assumption, it's like it messes with people's heads a little bit. So raising these questions, I believe, initially did play a big part in pushing projects to adopt other forms of governance, like tokens and stuff like that.
But now we're seeing this next wave of projects like Polygon, who not only have adopted a multisig securing billions, but they're brazen about it, they brag about it, they use it as a marketing point. And people are supporting it with billions and billions of dollars of value on the chain. So when I look at that, I realize we need to engage, we need to open up this dialogue, we need to have this conversation, because this type of security could just be abused down the road. If more and more projects go this route, how is this any different from traditional finance where you have to trust custodians, and middlemen, and there's all this stuff? How long until it's a black box, and we can't even see inside anymore?
So that's why I raised the questions… I never do anything in the space without some sort of goal. And my goal, by raising these questions, is to start conversations, either with the recipient of the letter or amongst different people in the community. And we haven't gotten to the point where recipients are answering the questions and admitting that they didn't put this kind of thought into it. But we're definitely like this.
“My goal, by raising these questions, is to start conversations, either with the recipient of the letter or amongst different people in the community.”
On this podcast, right now, we're having the conversation. And even when I'm not around, people are having these conversations about what's right and what's wrong for the future of DeFi. And I'm trying to eliminate that centralization, and also eliminate any lack of transparency that exists. Because when I first brought up the Polygon multisig, nobody even knew about it, nobody was talking about it. So people were putting money on the chain, hundreds of millions of dollars sometimes. People are putting a lot of money into Polygon without realizing that the whole chain was depending on three or five developers for its continuity, which was kind of outrageous.
Why Not Slow Growth
CR: Okay, I want to talk about how to solve this issue. It seems like a solution would be what you mentioned before, governance-based voting. So what are your thoughts on this way of upgrading and making decisions on protocols? Because that's not a guaranteed way of achieving decentralization either. I mean, there is voter concentration, there's whales controlling votes. So how have you seen this communism method evolve? How are projects using this?
CB: Yeah, projects are moving, in some cases, to tokenize governance and using it as a way to say, okay, we're now decentralized. But we've seen several cases already of situations where it's exposed that, yes, there's a token to tell by thousands of people. But the way that the governance systems are set up, three or five of the top token holders could get together and basically propose and pass any vote that they want. So token governance…
CR: But it’s not much different?
CB: It’s much different. It's easier to obfuscate what's going on because you don't always see what's happening, because tokens could be divided between many different wallets, and there's delegates and all these different things. But at the end of the day, you have a similar situation where the biggest stakeholders, the developers, the investors, etc, are making all the decisions. And the same problem extends, is the proof of stake problem, same thing, where you have the wealthiest people, entities, organizations in the world are running, they're making all the decisions. And when that happens, it gives regulators an easier target for who to talk to when they want to make changes, when they want them to comply with certain laws and regs and stuff.
“Money and greed and profit always messes up decentralization if it can. As a DeFi community we need to decide, as users we need to decide, do we want to support this for-profit capitalist way of looking at DeFi? Or do we want to support trustless immutable projects that cannot be hacked? They might be less sexy.”
So I don't think token governance is offering us a future that's decentralized. I think that, again, just to reverse, we started out talking about Bitcoin. Bitcoin has proven to us that we can have trustless, decentralized, immutable code. Uniswap offers that. There's a couple other projects that offer us that. When we're dealing with governance, like we're talking about, and centralized control, it almost always goes back to a for-profit-company that's trying to create revenue, trying to give a return to investors and stuff like that.
So money and greed and profit always messes up decentralization if it can. As a DeFi community we need to decide, as users we need to decide, do we want to support this for-profit capitalist way of looking at DeFi? Or do we want to support trustless immutable projects that cannot be hacked? They might be less sexy. They might not provide the huge returns and interest rates that centralized projects can. But what do we want in the future? And what do we think is best for humanity and financial liberty in the next 5, 10, 50, 100 years?
CR: Do you think there's space for vote in DeFi? Maybe some protocols are better suited for a more centralized system, and others should be run as a completely decentralized protocol that has minimal governance.
CB: Yeah. I think that a big reason that there's so much centralized control on some of these types of projects is because they're so complicated when they're conceived. They have so many moving parts and interest rate models and pools and all these different things that they need to manage, and they need some kind of control over. Because, again, they're releasing code that they're not fully confident in, they're testing and prod, they like to say, right.
So I mean, one answer right away that I always offer is, why not slow your growth? So put caps on your growth, make sure that by the time you reach 100 million, let's say in TVL, that you're confident enough in your code that you're willing to burn your keys and just let it run on its own, which is why we have Ethereum. We have Ethereum because it can run autonomous code. In order to do that, they would have to put caps on the value. It might take them two years to get to the point where they're fully confident in the code. They might have to slow their growth.
“One answer right away that I always offer is, why not slow your growth?”
In two years, without any caps, they could be 5 billion. But I'm saying why not limit your growth to 100 million? The reason they don't want to limit it is because they won't make as much money as fast, they won't be able to raise their token value as fast. So it really comes down to greed and impatience. In a traditional Web 2.0 world, you're doing beta releases, you're doing guarded launches. And there are some projects in DeFi that are doing guarded launches and being careful about things. But most of them are just opening the floodgates and trying to get as much value in there as fast as they can, even though they have centralized control. Users are rewarding them for that by just plowing money in.
So again, if users are coming in, regardless of if you have centralized control or not, why not keep it, right? So all we can do is educate people and try to keep people out of those projects if they're afraid of that centralized control. If they want to gamble their money away, we can't stop them. But we can at least tell people what's going on. And there's always going to be those types of projects. You can't censor projects on Ethereum, so they're always going to be out there.
Gitcoin Grant Controversy
CR: Yeah, I really like that approach. There's a couple of questions I still have for you very quickly. This one I feel I need to ask you because, again, it's another thing that's always brought up about you, which is your Gitcoin grant. So I just wanted to get your thoughts on that. So you had this Gitcoin grant and you raised some money there, and then you didn't continue creating educational content. I wanted to get your response to that common criticism I see thrown about you.
CB: Yeah, I mean, the Gitcoin grant was in early 2020, was it? I think it was around the same time that we started to talk about admin keys. And here's the way I look at it. First of all, anecdotally, the videos that I created from 2019 into 2020 and put on YouTube, I think those videos onboarded probably thousands of people into DeFi. A lot of people discover DeFi through the video content that I put dozens or maybe even hundreds of hours into creating. It's still available on Odyssey. You can see it all, Aave, Synthetix, and Compound and MakerDAO and all this different stuff.
“The content that I was creating was educating users, which is all I've ever said that I've been doing. I've never been here to market DeFi projects or to be a cheerleader for DeFi or a cheerleader for Ethereum. I've never purported myself to be anything other than what I am, which is somebody who wants to offer transparency to end users.”
So there was a lot of blood, sweat and tears and expense, and equipment, and microphones, and just all kinds of stuff that happened over the better part of a year before that grant. So the grant came and really reimbursed a small part of that. I forget the exact amount that it was, but it was $7,000 or $10,000, or something like that. I forget exactly. But around the same time the grant thing was happening, the admin key thing was happening too. After the admin key thing happened, I didn't stop creating content, I still created content, it just wasn't the content that some people wanted.
So the content that I was creating was educating users, which is all I've ever said that I've been doing. I've never been here to market DeFi projects or to be a cheerleader for DeFi or a cheerleader for Ethereum. I've never purported myself to be anything other than what I am, which is somebody who wants to offer transparency to end users. So when all of a sudden you discover DeFi projects, some of them have centralized control, users don't know this, I created content for that to educate users about that. Like you said before, spreadsheets; wrote a bunch of stuff; recorded audio, all kinds of stuff. So the content creation didn't stop. It just wasn't what some people wanted.
Now, should I have received the grant, which actually I looked at as a retroactive grant, because it covered part of the expenses that I had incurred doing free content? Should I have gotten a grant and then assumed that I should not go down a path that I want to go down and just cheerlead for DeFi and cheerlead for Ethereum because all of a sudden I received a grant? It didn't even occur to me. I didn't stop for one moment to think that way. I would never do that. I'm not a cheerleader.
If you'd given that grant to somebody else, some other podcasters in the space, not you but others in the space, they would have gotten their pom-poms out and said, what's an admin key? What's an admin key? I've never heard of that. I'm just going to go and cheerlead Ethereum, you know, sound money, all that. That's not me. I'm going to educate people about what I think is important. And that's what I did.
I think that in doing that, and then going down that road, it helped make the space more resilient, more bulletproof, ready for regulators, than if I hadn't. If I just kept cheerleading and doing that, I don't think we'd be as ready as we are right now. And I still think that the work that I'm doing right now is extremely valuable in preparing us for the inevitability of regulators coming at us, asking us hard questions.
And I say this all the time. If you can't handle a few questions from some fat bald guy in Florida, how are you going to handle questions from the SEC, or from the CFTC, or from Congress, from Elizabeth Warren, and all these people who are coming after crypto and DeFi? This is a practice run. This is nothing compared to that. So that's how I look at it. I am a contributor to the DeFi space. I'm not an enemy of the DeFi space. I see DeFi as a tool for financial liberty, and anything that goes in the opposite direction, I want people to know about. That's how I contribute to the space.
“I'm not an enemy of the DeFi space. I see DeFi as a tool for financial liberty, and anything that goes in the opposite direction, I want people to know about. That's how I contribute to the space.”
CR: Okay, good. So you partially answered my last question, which is are you bullish DeFi? Like, are you excited about the space? Do you think it's the future of finance or do you look at it as more of an observer, like you're here to research, and see it in a more objective way?
CB: I think that DeFi is a space that's open and obviously resistant to censorship of any different type of project. So anybody can come in and launch anything they want. Chase Bank could come in tomorrow and launch a bank on Ethereum. And so I think that DeFi is going to change the world. The question I have is, is it going to be for the better or for the worse when it comes to liberty, privacy, surveillance, ease of regulation, ease of taxation?
I think that there's a chance that DeFi could improve us in those areas. They could make our finances more private, less prone to surveillance and censorship and things like that. But there's also an equal chance right now that DeFi could result in big banking 2.0 and sort of just recreate the system that we already have and maybe give banks superpowers, making it easier to regulate, easier to surveil, easier to censor transactions, easier to cancel accounts if somebody goes against the government or something like that. So that's where I see.
“I think that DeFi is going to change the world. The question I have is, is it going to be for the better or for the worse when it comes to liberty, privacy, surveillance, ease of regulation, ease of taxation?”
I think, either way, it's going to redefine finance. But I think it's still unknown whether it's going to be for good or for not so good. And all of my work is in just trying to steer the ship a little bit back towards the good as I see it. And I admit it's based on my set of principles. But if I'm able to impact DeFi in that way, I think it's a valuable contribution.
The Defiant is an information platform focusing on decentralized finance, a new financial system that’s being built on top of open blockchains. The space is evolving at breakneck speed and revolutionizing tech and money. Spread the word and share!
