DeFi (and the Canadian crypto community, especially) woke up yesterday to a pretty terrible headline. We learned that “Sifu,” who goes by the handle @OxSifu, a core member and CFO of DeFi protocol Wonderland, was Michael Patryn (also known sometimes as Omar Dhanani), an apparent co-founder of failed, infamous (to put it lightly) Canadian exchange QuadrigaCX.
This discovery was equally shocking to me. As a young upstart in Canadian crypto circles in 2010, I was exposed to Patryn, an experience I was quoted on in an investigative piece in Vanity Fair in 2019. Following yesterday’s news, where an anonymous team member of a leading DeFi protocol was outed as a career criminal, I find myself thinking deeply on the topic of anonymity, reputation, and trust in DeFi, an industry where so much blind faith is put into one’s personal history, motives, and ideals.
Joseph Weinberg was an early investor in Bitcoin in 2010 and director at Coinsetter until its acquisition by Kraken in 2016. Currently, Weinberg is the co-founder of Shyft Network, the blockchain-based trust network that reclaims trust, credibility and identity. This article is part of CoinDesk’s Privacy Week series.
As someone who was there for Canadian crypto’s early days, I can tell you that we were operating truly in the unknown in those first years. In that environment, actors emerged that today our space wouldn’t tolerate. I won’t speak or reveal more on Michael/Omar for personal security reasons, but the point isn’t about him; it’s about the moral compass we must demand and a requirement to fight for the betterment of our ecosystem – and humanity.
Is total anonymity practical in a space where bad actors inevitably exist? When we deanonymize founders, does DeFi adoption suffer? How do we move forward when situations like Wonderland bring back memories of what we’ve fought so hard to change since 2013? These are all questions I’m asking myself right now. Below, I also want to share what I think could become some answers – and a path forward for improving trust in DeFi.
The risks of anonymity in DeFi
I’m not going to argue against anonymity in DeFi, but rather share some ways in which pseudo-anonymity – and reputation – can protect against bad actors like Patryn being given the keys to users’ funds. While Quadriga was a centralized exchange (sole ownership), Wonderland’s treasury is still in the hands of core key signers – a situation of pseudo-custody, where risk becomes a factor. Smart contracts may be self-executing, but individuals controlling funds are independent actors.
It’s here where human intervention becomes an issue. The community puts its faith in the idea that those in contact with their money will do the right thing. Most of the time, it works. Until it doesn’t. Would you want to invest in a project with Chef Nomi of SushiSwap, the infamous co-founder who suddenly liquidated his holdings and caused the token to crash?
Read more: ‘I F**ked Up’: SushiSwap Creator Chef Nomi Returns $14M Dev Fund
Anonymous teams are not subject to background checks, credit checks, or a variety of security checks that ensure individuals don’t have criminal records or are on sanctioned watch lists. As DeFi grows and the ecosystem seeks institutional adoption and a wider set of market participants, with great power comes great responsibility.
In Bitcoin and Ethereum, where automatic rule enforcement is based on consensus, individuals themselves don’t matter as much – they don’t have the extra abilities to do something bad.
It’s no surprise, therefore, that recent guidance from the Financial Action Task Force (FATF) focused so much on DeFi. FATF made the argument that key signers are in control of funds, essentially making them regulated entities, whereas decentralized autonomous organizations (DAOs) can (and probably will) be categorized as virtual asset service providers (VASPs) to some degree over the coming years.
Read more: What FATF’s Latest Guidance Means for DeFi, Stablecoins and Self-Hosted Wallets
This guidance was intentionally left open-ended and broad so regulators can choose how they approach these topics. If we allow bad actors to hold power in DeFi protocols anonymously, growing regulation would raise many red flags and taint asset pools and institutional confidence.
The power of attested reputation
What we must do as a community is think through some of these issues along the lines of social reputation and trust. We know people are not keen on giving up their identities, and we are here fighting for freedom and openness after all. Instead, again, we put faith in people. In the case of Patryn, that’s what happened. We let recent actions speak louder than overall reputation. This is a failure of trust and our social responsibility as an industry.
The future I would like to see for DeFi, and the road toward mass adoption of Institutional DeFi, would replace total anonymity with pseudo-anonymity based on the power and utility of attestations.
Pseudo-anonymity is the concept of revealing parts of oneself and partially disclosing information essential to people. On-chain, we can attest to someone’s background record without ever knowing their names, revealing protected personal information (PPI), or doxing someone. We can “blindly” determine who people are and what they have done, and then reveal those answers to those who know them – all without giving up identity.
Choice and trade-offs
Crypto isn’t forgiving. In a trustless ecosystem, the only thing we have is the trust we create and the integrity we maintain. We must integrate systems to increase confidence in the anonymous. The irony of trustless systems is that the layers above code-enforced execution require trust. If DeFi continues to grow, we need to take a step back and ask ourselves how we can allow it to engage interoperably with anonymous systems and people.
The promise of DeFi is open, but I believe that the true endgame is where we have a slightly retrofitted reality from what we are experiencing today. What makes DeFi magnificent to some is currently leading to critical breakdowns in the basic risk requirements of the financial system: AML, data coordination, and reconciliation, layered preferential de-anonymity (pseudo-anonymity).
Read more: The Privacy That DeFi Needs to Succeed
We can all say, “But Satoshi believed,” but again, this isn’t bitcoin; it isn’t the base layer, and to say “anonymous-everything” is the opposite of what freedom is about: choice and tradeoffs. These systems allow us to start anonymously and make tradeoffs in order to optimize or enable other services in better working order (i.e centralized exchanges). Bitcoin and the networks that came after it, like Ethereum, were not built foundationally to be anonymous systems; they were designed to give us censorship-resistant transparency.
Don’t get me wrong: I hope to live in a future where we are fully anonymous, and everything is “privacy by design” – but until then, I’m working with reality as a blend of the world we have grown up in and the one we are creating.
The crypto space was designed to give us all freedom of choice and a new paradigm in building options and levels of freedom. Those freedoms should be ours to decide on, and every user in our ecosystem today already makes those tradeoff decisions every day.
To truly walk that walk, we need to understand what other people want in their toolbox of choices. Institutions, for example, want to know who they are doing business with; governments want to know we are not laundering money or financing terrorists. Supporters of a DeFi project want to know that it isn’t tied to someone who has notoriously acted in bad faith to innocent people who don’t deserve it. I know individuals who were hurt by Quadriga, and early crypto people like myself knew to never hold assets there because of what we knew.
In DeFi and crypto, insider knowledge and shadow games shouldn’t be what keep people safe from bad actors anymore – that era of our space has passed. Today, regulators are responding to people’s actions as a demonstration of next-generation innovation and the future you are building. We are all on center stage right now. We’ve come so far since the early days of the Wild Wild West, and the actions we take now will forever be cemented in the history books and rules created in response to our efforts.
Let’s not go back.
Read more: Mastercard’s CipherTrace Used ‘Honeypots’ to Gather Crypto Wallet Intel