Who's Responsible?

Today, while chatting over coffee with a blockchain expert I totally respect, we ran into this ideology discussion about decentralized finance (DeFi). One of the most important beliefs in DeFi is ownership: you should own your digital assets, not any third-party.

Ownership requires you to manage the private key of your crypto wallet. Then you can transfer your cryptocurrency to platforms like Compound or dYdX--a crypto lending platform that historically yields higher interest rates than traditional banks.

However, most decentralized crypto wallets, or decentralized apps (DApps), that help users transact, simply store the private keys on users' mobile devices. What happens if the private key is compromised? Who should be responsible for the security of the private keys? Many users are not even aware of how their private keys are stored, is it reasonable for companies to claim that users "own" their assets? Should users be responsible to manage the security of their own private keys?

Typically, DApps have backup mechanisms in case users lose their devices, so they can "recover" the private keys from third-party backup storages, such as OSXKeychain on iOS or Google Smartlock on Androids, so the companies "comply" with the belief that they will never own users' private keys, and users always maintain "ownership" of their assets. Hence, the companies are not liable in case of any security breaches.

Unlike traditional finances where a fraudulent transaction can be detected and put on hold because the actual asset (money) is stored in the financial institutions, transactions are usually only digital records and can be reversed. In cryptocurrency, however, once compromised, there is no way to reverse the transaction.

One of the latest incidents occurred just recently, a crypto wallet owner lost US$45 million worth of cryptocurrencies. (Read the news here: https://sahiwal.tv/bitcoin-investor-loses-r-197-million-after-number-cloning-hack-sim-swap/) The hack was believed to be a "SIM Swap" attack, which compromised the MFA (multi-factor authentication) security measure.

If you ask anybody would they put $100,000 cash in their own homes, under the mattress or inside a safe, or save it in a bank, what would they tell you?

What if you own $100,000 worth of cryptocurrencies? Would you trust the way these DApps handling your private keys?

Some DeFi products offer terrific risk-reward, but should it be a privileged product that's reserved for the security experts only? If you look at the crypto exchanges, 99% of the liquidity is in the centralized crypto exchanges. This is a testament to the fact that most people are simply not comfortable being on their own for securing their crypto assets.

Titans Finance provides technologies to help users secure their private keys, enable transacting with DeFi products without any technical knowledge. It is a hybrid of centralized and decentralized technologies. We believe DeFi should not be a privileged product for tech-savvy early adopters. The other most important beliefs of DeFi is all-inclusiveness. It may take time for the general public to feel comfortable managing their own private keys and the technology, but they should not be excluded from the evolution of the finance.

On my way home, coincidentally, I heard the discussion about "conjunction fallacy"--occurs when it is assumed that specific conditions are more probable than a single general one. Why would a solution enabling access to DeFi any lesser than the decentralized solution alone? Isn't excluding the noobs defeat the all-inclusive spirit of DeFi?

I know this is a rather controversial topic as many hardcore DeFi-ers are firmly against any centralized solutions. I would love to hear your thoughts on that, or on any matter about DeFi.

(Image credit: Photo by Simon on Unsplash)