Ad
Finance
Share this article

Digital Assets Innovation Needs to Balance Decentralization and Security

The immaturity of security controls in DeFi is a challenge for institutional adoption. Here’s how to address that.

Updated Mar 9, 2024, 2:15 a.m. Published Mar 6, 2024, 6:55 p.m.
Building
Building

Recent forecasts point unmistakably to accelerating finance digitalization. The Bank of International Settlements, a central bank association, predicts rapid proliferation of national digitial currencies (CBDCs) over the coming years, while surveys reveal institutional investors are planning to allocate billions to asset tokenization.

But the immaturity of security controls is a major challenge for institutional demand.

The technology underlying decentralized finance can be securely used to provide tremendous liquidity potential for asset tokenization and myriad other use cases. But, as it currently stands, there are risks stemming from the full dependency on software security and accountability issues.

You're reading Crypto Long & Short, our weekly newsletter featuring insights, news and analysis for the professional investor. Sign up here to get it in your inbox every Wednesday.

Smart contract vulnerabilities have led to huge financial losses for some prominent DeFi platforms in the past. For example, in 2021, lending protocol Compound suffered a serious coding glitch where customers were accidentally sent millions of dollars of crypto. For institutions with a large customer base, such a glitch could result in substantial financial, reputational, and reputational damage.

That’s why we need to strike a balance between decentralization and institutional needs. Banks and financial institutions will provide the regulatory "shock absorbers" needed to bring stability and regulatory transparency to the ecosystem.

Decentralization vs. security dilemma

While stablecoins, tokenized securities, and cross-border payments are all promising areas for digital asset innovation, risks lurk under the surface. The sparse landscape of banking partners willing to work with crypto companies, especially in the U.S., is one issue.

Market volatility also heightens contagion risks between over-leveraged crypto industry players. As large institutions wade deeper into the space, conflicting international regulations could pose adoption challenges without coordination.

We will likely see more digital bond issuance but contained within regulatory sandboxes at first. Meanwhile, boundaries between digitized finance and traditional finance will blur. The development of regulatory frameworks should eventually allow incumbent institutions to participate in DeFi-like ecosystems.

Without central intermediaries, transactions occur through distributed consensus between peers. This brings some advantages — no single point of failure, censorship resistance, and enhanced resilience against attacks. But decentralization isn't easy, especially from a governance and accountability standpoint for regulated institutions where security is paramount.

It's worth noting that much of the network's security, to some extent, depends on the technical savvy of pseudonymous participants rather than dedicated experts. This security gap inherent in many decentralized networks was highlighted this year when South Korea’s Orbit Chain lost more than $80 million due to a hack linked to compromised multisig signers or when the wallets of Ripple’s CEO were hacked. If professionals routinely fail at security, we can imagine the risk for casual users.

Regulatory and institutional challenges

Permissioned, or private, blockchains offer a solution. They limit participation to vetted entities and incorporate security protocols akin to traditional centralized systems. Tight access control, consistent implementation, quick threat response, and compliance with regulations — that’s the promise, at least. Contracts between participants can define responsibilities and ensure service guarantees — with penalties in case of a contract breach.

But permissioned systems aren’t a panacea either and generally have underperformed permissionless, public blockchains like Ethereum.

In a regulated, institutional context, permissioned ledger networks must employ distributed trust and IT systems across the entities involved. The technology must be reliable, maintained by trained personnel, and properly documented. It must also play well with a financial institution’s needs, from audit trail and banking network connectivity to role-based access control, for example.

On permissioned networks, trust and technology usage should be distributed across approved entities. DeFi shows how hard this balancing act can be. Right now, speculation dwarfs real economy use. With strategic decisions and consensus mechanisms often centralizing power, decentralization can be an DeFi “illusion.” These chokepoints are opportunities for regulation before systemic risks emerge.

Shaping the future of blockchain in finance

As blockchain permeates finance over the coming years, we'll see diverse technical architectures emerge across the centralization spectrum, trying to strike the right balance between openness and security. If we get the formula right, blockchain could unlock immense positives for institutions, consumers, and society — efficiency, transparency, scalability, and more.

They may not even look like the blockchains we’re used to. The burden is on providers to offer customizable solutions adaptable to each institution’s unique security needs and regulations.

Jean-Philippe Aumasson

Dr. Jean-Philippe (JP) Aumasson is the co-founder and Chief Security Officer at Taurus SA, and chairs the Technical Committee of the Capital Markets and Technology Association (CMTA). JP is the author of "Crypto Dictionary" (2020) and "Serious Cryptography" (2017), and has contributed to over 60 articles for research. He is the creator of BLAKE2 and SipHash algorithms and has conducted security reviews for leading blockchain projects like Filecoin and ZCash. A seasoned speaker, JP has presented at numerous Black Hat events and holds a PhD in Cryptography from EPFL.

picture of Jean-Philippe Aumasson