Pentestify LTD is a registered company in the UK.
On July 12, Dutch e-bike company VanMoof, a once celebrated innovation story in the world of electric bicycles, declared bankruptcy, leaving its customers in the lurch. The company’s collapse exposed a previously hidden flaw in its product design: without VanMoof’s servers operating, the company’s premium e-bikes risk becoming inoperative. This incident, unfortunate as it is for VanMoof’s customers, has valuable lessons for the decentralized finance (DeFi) sector.
VanMoof’s e-bikes were controlled via smartphones through a Bluetooth connection that relied on encryption keys from VanMoof’s servers. When the company filed for bankruptcy and its servers went offline, customers lost the ability to obtain this key, effectively rendering their e-bikes useless.
While innovative enthusiasts quickly created a third-party tool to access this encryption key, the incident exposed a critical vulnerability. A €2,500–3,000 / $2,700-$3,200 smart bike could be rendered useless because of server-side issues. This raises pressing questions about ownership rights and device operability in the face of company insolvency.
This scenario isn’t entirely foreign to the DeFi sector. While DeFi prides itself on its decentralization and trustless protocols, there are instances where certain aspects of a project remain centralized. This centralization becomes a point of vulnerability when the parent company or development team faces financial or legal difficulties.
Much like how VanMoof’s e-bikes were dependent on the company’s servers for operation, DeFi protocols often rely on the parent company for various functions, from maintenance and updates to oracle services and governance decisions. This centralization puts the protocol’s users at risk in the event of the company’s insolvency.
Moreover, just as e-bike owners found themselves locked out of their devices, DeFi users could find their assets frozen or lost if the parent company fails. Given the substantial financial stakes involved, these risks are of grave concern to users and should be at the forefront of protocol development considerations.
To avoid a VanMoof-style scenario in the DeFi space, it is crucial to engineer protocols that can survive the potential insolvency of the parent company. Here are a few strategies to consider:
1. True Decentralization: The first and most obvious step is to reduce any centralized control over the protocol as much as possible. This includes decentralizing the governance of the protocol, updates, and other critical functionalities. Distributing control over multiple independent actors will ensure the continuity of the protocol irrespective of the parent company’s status.
2. Emergency Shutdown Mechanisms: Incorporate an emergency shutdown mechanism in the protocol design to protect users’ assets. In the event of a system failure or insolvency, this mechanism will freeze the system in a state that allows users to safely withdraw their funds.
3. Open Source and Modularity: Make the protocol open source and modular to allow other developers to fork, maintain or upgrade it in the event the parent company is unable to do so. This also fosters a community of developers who can act as a backup if the original development team is incapacitated.
4. Decentralized Autonomous Organizations (DAOs): Establishing a DAO to oversee the protocol can ensure that the community retains control over the protocol’s future. This can involve making decisions about updates, handling treasury, and even restructuring the protocol in the event of the parent company’s insolvency.
5. Insurance: Finally, integrating insurance provisions into DeFi protocols can provide a safety net for users. Whether this is done through native mechanisms or through third-party services, insurance can give users confidence that their assets are protected even in the worst-case scenarios.
The lessons from the VanMoof bankruptcy are clear: innovations in technology, while providing novel and exciting opportunities, also come with new risks and vulnerabilities. As the DeFi sector continues to innovate and push boundaries, it is critical to keep these vulnerabilities in mind and build protocols that can endure the trials of time and the turbulence of the business world.