Who Insures the Insurer? Cover Protocol Attack Exposes DeFi’s Promise and Peril
Monday’s $4 million attack on the Cover Protocol, a decentralized insurance service, sent my mind to that classic nursery rhyme, “There Was an Old Lady Who Swallowed a Fly.”
You know, the one where an unfortunate woman keeps eating ever-larger animals to catch the previously swallowed animal.
Decentralized finance faces a similar problem with decentralized insurance. Decentralized insurance exists to protect people from losses if a DeFi protocol’s coding flaws allows someone to attack it. But what happens when there’s a vulnerability in the insurance protocol? What do you swallow to fix that?
Now, I don’t think DeFi ends up like the old lady – “dead, of course” – from eventually having to swallow the blockchain equivalent of a horse. These kinds of live, fully public situations, with real-world losses, are what drive open-source developer communities to build better stronger systems. That prospect is strengthened by the fact that this attack came from a “white hat” hacker rather than a bona fide crook.
But the Cover story provides a sobering coda to a year of startling innovation that stirred the imagination for a new financial system unencumbered by centralized gatekeepers. It shows how far that system still needs to develop.
This year, the DeFi “degens” showed us how to create a complete decentralized stack of virtually everything from the old, centralized system, with open protocols for exchanges, lending, borrowing, collateral management, credit default swaps and even virtual dollars.
This is exciting, not only because removing Wall Street intermediaries could reduce costs, or at least more equitably disburse them, but because it promises an end to counterparty risk, a core problem with the incumbent system’s closed, centralized architecture.
In the credit default swap crisis of 2008, market participants had no visibility into their counterparties’ multiple, hidden financial exposures, which is a recipe for mistrust. CDS and other contract-based instruments designed to help investors hedge their risks were dependent on the contracted parties’ ability to make good on their promises. So when people no longer believed in those promises, the rush for the exits meant those hedges were not only worthless but made matters worse. They offered nothing but systemic risk.
DeFi promises to avoid this. If a contract to deliver collateral in the event of a price reduction is executed by a protocol that draws on funds locked in decentralized escrow, with no single party in control of them, in theory counterparty risk is gone. The same theory applies to decentralized exchanges (no more Mt. Gox or QuadrigaCX), decentralized CDS and other parts of the DeFi ecosystem.
The problem is we’ve traded counterparty risk for software risk. And one could argue that’s even riskier. The caveat emptor ethos of DeFi is great for daring-do innovation and speculative buzz, but when there’s no centralized service provider to hold accountable and when hackers using untraceable pseudonyms can easily escape law enforcement, there’s little to no legal recourse after an attack.
For the bulk of humanity, especially the big institutions that manage our fiat savings, that scenario is untenable.
It doesn’t matter that all those institutions face their own software vulnerabilities. (A recent report by the Center for Center for Strategic and International Studies and computer security company McAfee estimated the total cost of cybercrime, including both losses and security expenses, will exceed $1 trillion in 2020.) It’s that if those “too big to fail” institutions’ losses get too big, whether from crime or financial panic, the government and central bank will ultimately find ways to socialize those losses. They just need an identifiable perp on which to level blame.
A decentralized system doesn’t allow for that, which is why it needs a new model of insurance against losses. The problem with that is, well, what happened to Cover.
A way forward
For now, the solution may lie with centralized insurance systems so that there’s someone holding the bag who can be identified and sued. Those services exist and, with an insistence on thorough, ongoing and top-level code audits, some will reach enough of a comfort level to bear the risk – at a price.
But not only will that add costs, it brings us back to the same counterparty risk problem. What happens if there’s a 2008-level system-wide crisis in DeFi? What happens when everyone fears a breakdown and no one trusts that the overexposed insurers – or their reinsurer underwriters – have the wherewithal to cover the fallout?
This is why, to attain the ideal, decentralized insurance is needed. It’s just that its development needs to occur live, in real-time, tested in the real world so that bugs can be exposed and patched.
And that’s why today’s attack is actually good news. An unidentified person seemingly involved with Grap Finance finds a bug in a protocol, uses it to drain a lot of COVER tokens, giving everyone involved a short period of panic. Then in a classic white hat move, he/she/they return the funds to the Cover Protocol and publicly announce, via Twitter, that they’ve done so.
Since then, people like Band Protocol CTO Sorawit Suriyakarn have worked to explain, in a similarly public way, how the hack occurred. While some might see that as an invitation for other hackers, it’s most importantly an alert to others within DeFi to patch similar bugs. Already, Cover has pivoted to develop a new token.
What doesn’t kill you will make you stronger. That’s the notion that will ultimately drive the DeFi ecosystem to create a scalable new model for global finance.
It’s just not going to happen tomorrow.