Author’s Note: This post is not about any particular DeFi project. It is simply intended to promote the fact that traditional ways of “politically correct” thinking must be abandoned when it comes to the evaluation of DeFi admin keys and the security of users’ funds. In today’s DeFi, users are being threatened and harassed simply for asking questions of DeFi teams in an attempt to determine how comfortable they are with their security level. If the aggressive & threatening discouragement of curiosity and skepticism in DeFi isn’t put to an end, then DeFi users have little chance of being able to make these critical decisions for themselves in the future.
Without brilliant young developers, the world would be an awfully boring place right now.
Developers in their teens and twenties have been responsible for some of the most amazing technological advances that we’ve seen over the past 20 years.
This trend is amplified within the world of Bitcoin, Ethereum, and cryptocurrency at large. Ethereum itself was first written about by Vitalik Buterin at the tender young age of 19.
Over the past couple of years, the world of decentralized finance (DeFi) has also adopted this very important ethos and embraced the work of young developers to revolutionize the way that we consider the concept of money. Young developers have helped to push DeFi to new heights of awareness and innovation. It’s clear that young people are playing a critical role in DeFi’s growth.
However, DeFi introduces a new set of challenges that we need to discuss when it comes to the trust that we are placing in developers, both young and old.
We have learned over time that supporting and encouraging young developers is critical to the success of any new tech movement. This is no different when it comes to DeFi.
The unique nature of what’s being built in DeFi requires that users start to re-evaluate the rather unlimited trust that they’ve always provided to young developers.
The reason is that many DeFi developers aren’t just building tech. Due to the nature of the applications that DeFi devs are building, they’re also taking on personal responsibility for the custody and security of billions of dollars deposited by the users themselves.
This is very different from past tech revolutions. Most youth-driven technology movements of the past revolved around what we now consider to be traditional startup methodology. Build some amazing tech, develop a revenue model, profit.
This cookie-cutter business model allowed young developers to plunge into the tech world with the traditional ecosystem of banks, credit card processors and other financial tools as a backstop. The system was set up to provide them with the security that they needed to be a business owner and technology leader, but still be a kid.
DeFi changes this paradigm in a very dramatic way.
There are two main breeds of DeFi applications that developers can choose to build.
The most common type of DeFi application uses admin key control. This involves the developers hanging on to an extremely powerful cryptographic key that can be used to control the allegedly “decentralized application” even after it’s deployed on the blockchain.
DeFi admin keys are utilized by developers to retain the ability to fix bugs, upgrade the application and to generally have a safety net in case something goes terribly wrong.
However, due to the powerful nature of these keys, an unfortunate side effect is that they also have the power to drain users’ funds or take other malicious action, if the holder of the key chooses to go down that dark path.
Many DeFi apps that use admin key control have hundreds of millions or billions of dollars deposited into them by users, many of whom do not understand the nature of the admin key. This means that any developer who has access to that key also has a personal responsibility for the safety and security of those funds, often without the user even knowing it.
The other, less common form of DeFi application is trustless. A trustless DeFi application is built in a way that does not give the developer the ability to upgrade it, change it or stop it from running at any point in the future. No admin key exists for a trustless DeFi app.
Funds that are deposited into a trustless DeFi application are free from the risk that an admin key could be maliciously used to drain funds.
The downside of a trustless deployment is that the developer cannot upgrade the code, and would need to ask users to migrate their funds to an entirely new application if they wanted to make a change. This is not a trade-off that most DeFi developers are willing to make. Instead, most choose the easier and safer (for them) path of admin key control.
In DeFi, we are now seeing many of the same trends that we’ve seen in the past. Young developers are quickly, and sometimes recklessly, transitioning from innovation mode into full-fledged startup businesses. However, unlike in past tech movements, recklessness and shortcuts in DeFi have the ability to result in the immediate loss of massive amounts of value for users.
In DeFi, there is no backstop or safety net if an admin key is compromised, as opposed to the backstop and security generally provided by traditional financial products like bank accounts and credit cards.
Due to this, admin keys require DeFi users to put an unreasonable amount of trust into the developer(s) that hold the keys. This trust includes users blindly trusting that the developers (sometimes anonymous) are securing the keys properly, set up the keys properly, never allowed security of the keys to be compromised, and much more — not to mention also trusting that the developers will never act maliciously with access to billions of dollars at their fingertips.
Without any safety net or regulatory backstop, DeFi users are left entirely in the dark when it comes to the provability of the security of their funds. Due to this “wild west” environment, the only thing that a DeFi user can truly rely on is their own instinct. To rely on their own instinct, however, they need information.
Teenagers can be brilliant developers, amazing technologists and admirable thinkers. However, they are still teenagers.
Teenagers are often enrolled in high school, generally don’t own their own home, sometimes behave unpredictably, and still have a lot left to learn about life.
Should an adult ever — in DeFi or any situation at all — trust a teenager that they’ve never met with the physical security of a large chunk of their life savings?
This is exactly what is happening when a DeFi user deposits funds into a DeFi app with an admin key held by an underage developer.
The most obvious risk here is that the young developer may have a brilliant tech mind, but may lack the resources and life experience to provide proper security for the powerful admin key that they’ve been entrusted with. New DeFi projects regularly grow from a few thousand dollars in deposits to a few million and sometimes even a few billion.
Are you prepared to trust that a teen developer is ready for the admin key housed on that hardware wallet they carry in their backpack to be securing over $1 billion?
Obviously, this risk is not limited just to teenagers. There are plenty of adults who can make the same kind of mistakes. Admin-key controlled DeFi projects all share this inherent flaw, however for users to engage with them at all, they need to make an assessment based on any information they can find.
Another shared risk, and one that is very uncomfortable but should certainly not be ignored, is that of a physical attack on the holder of an extremely valuable admin key (also known as a “wrench attack”). While we have not seen any notable wrench attacks in DeFi yet, they have certainly occurred in the cryptocurrency world.
As an adult, are you comfortable with the fact that a young developer could come into possession of an admin key worth $1 billion and become the subject of a physical attack, kidnapping or exploitation?
As horrible as this sounds, we need to recognize that we live in a real world with real consequences. Anyone holding an admin key is subject to this same risk, regardless of age, however a younger teenage developer is far more susceptible to this than an adult. We have a moral imperative to prevent this from occurring, and the only way to do so is to prevent teenage developers from attaining this level of responsibility. The only way we can prevent this is by knowing that they exist.
This is likely an uncomfortable topic for many, especially for those who fall into the category of “teenage DeFi developer”. However, at the root of this argument is that every DeFi user should have all of the information that they need to make a sound decision about where they are putting their money, including but not limited to the age and life experience of the developers. There is no safety net in DeFi. Once money is lost, it’s usually lost forever.
If a DeFi project chooses to hide or not disclose facts about its security or its team to avoid users’ confusion, skepticism or abandonment, then they are doing a massive disservice to the idea of decentralized finance.
Therefore, we must all agree that when admin keys are involved, there is nothing off limits when it comes to the questions that users may ask as they do their best to evaluate opportunities and risk.
“Political correctness” and “cancel culture” in DeFi must be stopped.
Of course, it is up to each DeFi project as to whether they choose to answer questions posed by users honestly. However, the lack of a response to any question, including developer age, should be closely evaluated and taken into consideration when evaluating security. Users should consider full transparency should be an absolute requirement before interacting with a DeFi application. Without it, users are willfully left at the mercy of the developers and are being primed for future exploitation.
Regardless of developer age, DeFi admin keys, including multisig keys, are an untenable shortcut taken by far too many DeFi teams for far too long into the product’s lifecycle.
Even with full transparency, admin key controlled projects still require users to trust that the information being provided is true and accurate. Far too often, that trust is being abused.
The total elimination of DeFi admin keys is the only way that we can make developer age entirely irrelevant in DeFi.
While admin key use as a stopgap may sometimes make sense during a DeFi product’s launch, users should put extreme pressure on DeFi developers to drop their use of admin keys to completely eliminate any trust issues that may be caused by the age, skill and integrity of the developers.