In brief

  • The recent DeFi attacks could be considered illegal in terms of traditional finance.
  • DeFi platforms still operate mainly outside of regulators’ field of view.
  • The DeFi protocol teams should take more action to protect the protocols.

Last week, two exploits shocked the cryptocurrency world. A trader exploited various DeFi protocols to take home $1 million and everybody wanted to know how it was done.

As Decrypt reported, after netting $350,000 on Valentine’s Day, the trader took a further $645,000 on February 18. Thanks to a clever set of instructions—all executed in two big transactions—the trader leveraged current weaknesses in the DeFi ecosystem for their own gain. bZx’s co-founder Kyle Kistner confirmed the second attack, writing that it appeared to be “an oracle manipulation attack.”

But, there’s another question that’s far harder to answer. On today’s UnChained podcast, blockchain consultant Maya Zehavi and CEO of decentralized finance (DeFi) insurance layer Opyn, Zubin Koticha, discussed the legality of the two recent attacks. And there’s plenty of debate.

The DeFi attacks were illegal

Koticha argued that the attacks were illegal—but not necessarily unethical. He pointed out that manipulating oracles for price gains in traditional markets is illegal, referring to the LIBOR scandal.

“So there's oracles everywhere in traditional finance and it's quite illegal and quite possible in traditional finance to make money by manipulating oracles in one direction or another in ways that are very similar to these attacks,” said Koticha.

A trader at UBS worked out how to rig the LIBOR rate. But is it the same in DeFi? Image: Shutterstock.

It is “very, very clear that [using the exploit] is illegal from many different points of view,” he added.

Koticha said that one of the key issues is whether US dollars are involved. If they are, then US regulators are more likely to come into play.

“If the dollar’s involved, if it ever touches the dollar, they take extremely big liberties with taking it under their jurisdiction,” he said.

Part of the attack involved a US-dollar backed stablecoin, known as sUSD, he pointed out. “There’s an argument to make there that regulators can go after that because it's touching the American dollar,” Koticha added.

The attacks were legal

Maya Zehavi countered the argument, saying that the decentralized protocols are what they are—and if it’s possible to exploit them then anyone can do so.

“I just don't consider it to be something illegal. I think there was an opportunity here based on how these protocols were designed and someone just saw an opportunity and took it. He outsmarted the game. That's it,” she noted.

This topic touches on the idea that “code is law”—made famous by The DAO, one of the biggest decentralized governance experiments, which went terribly. While The DAO’s failure cast doubt on the idea that code is law—since the Ethereum blockchain was rewritten to avoid the result of some dodgy code—it remains as a mantra to this day.

Koticha argued that, if code is law, then the trader may have not been acting unethically. If these algorithms are poorly written, “breaking them may not be unethical.”

He concluded that such exploits are “not necessarily in good legal territory,” while the ethical side “is more interesting and a little bit more up for debate.”

Either way, something needs to be done to prevent such exploits. “I think much more drastic action needs to be taken,” Koticha said. He suggested either using rigorous audits, rewriting the protocol or simply shutting the whole thing down.