Who Insures the Insurer? Cowl Protocol Assault Exposes DeFi’s Promise and Peril

 Who Insures the Insurer? Cowl Protocol Assault Exposes DeFi’s Promise and Peril

Monday’s $4 million assault on the Cowl Protocol, a decentralized insurance coverage service, despatched my thoughts to that basic nursery rhyme, There Was an Old Lady Who Swallowed a Fly.

You already know, the one the place an unlucky lady retains consuming ever bigger animals to catch the beforehand swallowed animal. 

Decentralized finance faces the same drawback with decentralized insurance coverage. Decentralized insurance coverage exists to guard individuals from losses if a DeFi protocol’s coding flaws permits somebody to assault it. However what occurs when there’s a vulnerability within the insurance coverage protocol? What do you swallow to repair that?

Now, I don’t assume DeFi finally ends up just like the outdated woman – “lifeless, after all” – from finally having to swallow the blockchain equal of a horse. These sorts of stay, totally public conditions, with real-world losses, are what drive open-source developer communities to construct higher stronger methods. That prospect is strengthened by the truth that this assault got here from a “white hat” hacker reasonably than a bona fide criminal.

However the Cowl story offers a sobering coda to a yr of startling innovation that stirred the creativeness for a brand new monetary system unencumbered by centralized gatekeepers. It exhibits how far that system nonetheless must develop. 


This yr, the DeFi “DeGens” confirmed us easy methods to create a whole decentralized stack of just about all the things from the outdated, centralized system, with open protocols for exchanges, lending, borrowing, collateral administration, credit score default swaps and even digital {dollars}. 

That is thrilling, not solely as a result of eradicating Wall Road intermediaries might scale back prices, or not less than extra equitably disburse them, however as a result of it guarantees an finish to counterparty threat, a core drawback with the incumbent system’s closed, centralized structure. 

Within the credit score default swap disaster of 2008, market contributors had no visibility into their counterparties’ a number of, hidden monetary exposures, which is a recipe for distrust. CDS and different contract-based devices designed to assist buyers hedge their dangers have been depending on the contracted events’ means to make good on their guarantees. So when individuals not believed in these guarantees, the push for the exits meant these hedges weren’t solely nugatory however made issues worse. They provided nothing however systemic risk.

DeFi guarantees to keep away from this. If a contract to ship collateral within the occasion of a value discount is executed by a protocol that pulls on funds locked in decentralized escrow, with no single celebration accountable for them, in idea counterparty threat is gone. The identical idea applies to decentralized exchanges (no extra Mt. Gox or QuadrigaCX), decentralized CDS, and different components of the DeFi ecosystem. 


The issue is we’ve traded counterparty threat for software program threat. And one might argue that’s even riskier. The caveat emptor ethos of DeFi is nice for daring-do innovation and speculative buzz, however when there’s no centralized service supplier to carry accountable and when hackers utilizing untraceable pseudonyms can simply escape regulation enforcement, there’s little to no authorized recourse after an assault. 

For the majority of humanity, particularly the large establishments that handle our fiat financial savings, that situation is untenable. 

It doesn’t matter that each one these establishments face their very own software program vulnerabilities. (A recent report by the Middle for Middle for Strategic and Worldwide Research and pc safety firm McAfee estimated that the entire value of cybercrime, together with each losses and safety bills, will exceed $1 trillion in 2020.)  It’s that, if these “too massive to fail” establishments’ losses get too massive, whether or not from crime or monetary panic, the federal government and central financial institution will finally discover methods to socialize these losses. They only want an identifiable perp on which to stage blame. 

A decentralized system doesn’t permit for that, which is why it wants a brand new mannequin of insurance coverage in opposition to losses. The issue with that’s, effectively, what occurred to Cowl.

A Means Ahead

For now, the answer could lie with centralized insurance coverage methods, in order that there’s somebody holding the bag who will be recognized and sued. These companies exist and, with an insistence on thorough, ongoing and top-level code audits, some will attain sufficient of a consolation stage to bear the danger – at a value. 

However not solely will that add prices, it brings us again to the identical counterparty threat drawback. What occurs if there’s a 2008-level system-wide disaster in DeFi?  What occurs when everybody fears a breakdown and nobody trusts that the overexposed insurers – or their reinsurer underwriters – have the wherewithal to cowl the fallout? 

For this reason, to achieve the perfect, decentralized insurance coverage is required. It’s simply that its improvement must happen stay, in real-time, examined in the actual world in order that bugs will be uncovered and patched. 

And that’s why in the present day’s assault is definitely excellent news. An unidentified particular person seemingly concerned with Grap Finance finds a bug in a protocol, makes use of it to empty loads of COVER tokens, giving everybody concerned a brief interval of panic. Then in a basic white hat transfer, he/she/they return the funds to the Cowl Protocol and publicly announce, by way of Twitter, that they’ve finished so. 

Since then, individuals like Band Protocol CTO Sorawit Suriyakarn have labored to clarify, in a similarly public way, how the hack occurred. Whereas some may see that as an invite for different hackers, it’s most significantly an alert to others inside DeFi to patch comparable bugs. Already, Cowl has pivoted to develop a brand new token.

What doesn’t kill you’ll make you stronger. That’s the notion that may finally drive the DeFi ecosystem to create a scalable new mannequin for international finance. 

It’s simply not going to occur tomorrow.

Source link

Related post