Table of Contents:
In the past, we’ve written extensively about the importance of privacy in decentralized networks. We’ve gone as far as to draw Orwellian and theological parallelisms between the way institutions, malicious actors and oppressive governments (terms that are not necessarily mutually exclusive) can surveil powerless users.
But, has it occurred to you that the loss of privacy has a tangible, measurable impact?
Despite the wild innovation we’ve witnessed over the last couple of years in the DeFi ecosystem, the success of these protocols still depends on mass adoption by the largest players in the market.
Imagine cryptocurrency as a Trojan horse through which the cypherpunk ideology can infiltrate the current global economic system.
You might then reach the logical conclusion that financial growth indirectly (or sometimes very much directly) fund the entire crypto ecosystem.
And, of course, although the gods of cryptocurrency have extensively rewarded degens and retail investors that believed in new protocols at obscure, early stages, massive adoption can only truly happen by onboarding the entire spectrum of users that already participate in the traditional system.
To be able to onboard institutional traders and users through integrations with mainstream platforms, reliability and compliance is key.
Few major players, including the daredevils and El Salvadors of the world (Innovators / Early Adopters), would jump in with large amounts of capital into uncharted territories. You can verify this unwillingness to be the early adopters when you consider groundbreaking innovations such as Bitcoin took almost an entire decade to receive institutional adoption.
In fact, this is so common, that it's been theorized and explained in a very didactic manner in Geoffrey A Moore’s book, Crossing the Chasm.
Massive adoption of new technologies takes time to happen, and the cycle from initial sparks to becoming de facto standards is something that will continue to be counted in decades instead of years. When seen under this light, the rate of adoption for DeFi is very promising. Decentralized Finance is slowly building legitimacy and street cred among retail and professional investors and we should celebrate this, but there is a caveat.
Innovative technologies are magnificent and always welcome, unless, of course, they can be used against you.
Institutional investors currently make up a sizable portion of the volume of trades in cryptocurrencies, perhaps even the majority of transactions. In the first quarter of 2021, about 64% of the trades on Coinbase were from institutional investors, the company reported.
This is not so different within the DeFi market, where 60% of transactions involve sums over $10 million, by wallets controlled either by institutional traders or whales, according to Chainalisys’ Global DeFi Adoption Index for 2021.
Although it may seem like “everything is ok” the growth potential of DeFi is very far from fully realized. For DeFi to merge with TradFi and Fintechs and become New Finance, it will need to grow by 2 orders of magnitude, maybe 3.
The DeFi market is not nearly as mature as it could eventually be, and one of the greatest concerns stopping further institutional adoption and the first billion users is the insufficient compliance tooling and the lack of privacy.
The costs of radical transparency
A significant drawback of the current Decentralized Finance state of affairs is the radical openness of all records logged (immutably) on public blockchains. And, while the open and unalterable nature of DeFi protocols and smart contracts is a part of what makes them attractive in the first place, absolute transparency regarding transactions, funds, amounts, and actors involved is rarely desirable in the financial sector.
Imagine trying to align user privacy and compliance objectives with the radically transparent nature of public blockchains. This is one of the major hurdles for mainstream adoption.
Even the most basic transactions in DeFi can seem problematic to professional investors: Thanks to the underlying transparent layers, with each trade, both sides are indirectly linking their wallets’ balances, transaction histories, assets held as collateral and, at some level, the intentions behind their every trades.
There is a number of worries professional market participants need to address before they ease into DeFi, all related to avoiding loss of alpha (the market being able to factor in their trades before they happen and therefore rendering them unable to outperform it) and market depth (the market’s ability to absorb big trades without price spikes).
Notwithstanding concerns about their identities being revealed, one of the main problems financial institutions face, given the transparency of all transactions in the DeFi ecosystem, is that they can find themselves victims of front-running.
This practice, which is illegal in centralized finance, in the context of DeFi, consists of exploiters taking notice of transactions before they are confirmed. Thanks to this, they can pay a higher fee to skip the transaction queue, delaying the original transaction and taking advantage of the knowledge that it is already on course to occur.
These strategies and instances of front-running can completely drive away quants and institutional traders from DeFi, since the very act of participating would put them on the spotlight for adversarial actors to spy and reverse engineer their strategies.
This problem, which seems trivial, can have repercussions across the whole spectrum of DeFi, which we can showcase with the following example:
Imagine that you and your somewhat deep pockets choose to participate in an NFT auction. Perhaps you desire to acquire a tokenized ticket for Rick Astley’s final ever concert. Given that he’s had a significant cultural impact, Mr Astley decides that his fans should put a price on these tickets, so every single ticket would be set up for an auction. This is extremely difficult to achieve in a Web 2.0 context, but could nonetheless become a norm on the decentralized Internet.
Without privacy, however, a reseller that’s well-versed in on-chain analysis could have a significant advantage over everyone else.
The sneaky reseller has an incentive to buy as many tickets as they can to sell them later for a profit. Since your reseller will be able to track each one of your bids and front-run them, what will happen is that you’ll be caught in a chicken and egg game:
To beat you in the auction, the reseller only needs to offer a price $0.000001 higher, which they can make arrive before your bid to not run the risk of running out of time. And, since every transaction has a cost, the reseller puts you in an uncomfortable position, asking yourself the following questions:
How much are you willing to pay for this? Is it really worthwhile spending a lot of money on transactions if you don’t have a true chance to win the auction and therefore, get the ticket? How deep are the pockets of others? Remember that since the reseller will profit from the ticket price going higher, this puts you, the fan that wants to use the ticket and go to the concert, at a significant disadvantage. Given this, you’re more than likely to avoid participating altogether.
And, as you can imagine, front-running is far from being the only issue.
As any cyber security expert might tell you, attackers can exploit every single vulnerability in a multitude of ways. It’s just a matter of finding them.
Similarly, this one vulnerability of blockchains can be used against users in a variety of ways. Besides front-running, there are also three predominant types of attacks:
MEV is what happens when you combine miners and front-runners. It occurs when due to transparency, two or more users get engaged in an arbitrage war for a given transaction.
Since should this bidding war arrive at its logical conclusions, the winner would only pocket a slight difference, and the miners would take most of the profits in tips and fees, this incentivizes miners to become aware of what others are doing and trying to extract value from them. This makes mining activities less profitable overall, benefiting those with the pockets to carry out operations at scale.
In fact, non-MEV’ing miners, given this, find themselves less profitable than MEV’ing ones. This, to say the least, results in toxic market dynamics.
Most DEXs work through AMM (Automatic Market Maker) protocols. In this kind of system, the prices of tokens are automatically set by liquidity. This creates arbitrage opportunities for users, which helps balance prices.
Sandwich attacks take advantage of these systems by sending transactions before and after a user has sent their transaction, manipulating the price they pay and then taking advantage of the resulting price movements. These attacks are easy to perform and, despite the smaller profits, attackers can use them repeatedly without consequences. This effectively creates three transactions instead of one (or at most two), which congests the network.
The king of all network-spamming methods is back-running. This is because to take advantage of the price movements caused by a transaction (like what happens with sandwich attacks), the attacker aims to send their trade right after another user. However, the only incentive for back-runners is to get one transaction across, which gives them an excuse to spam the network with as many of them as possible. This results particularly profitable right after big trades and creates incentives for even more spam after each one of them.
How does chain analysis work? What can be done against it?
A recent leak from the firm Chainalysis recently revealed their involvement with the site walletexplorer.com to associate IP addresses with specific cryptocurrency wallets by honeypot websites. As the documents stated, Chainalysis used this and other techniques to identify blockchain users and cooperate with law enforcement.
Chain analysis firms often couple strategies like this with data mining on public ledgers to generate extensive information and profile individuals who own and trade cryptocurrencies. Chainalisys also runs validator nodes, obtaining transaction metadata that is not written to the blockchain after the transaction is completed and IP addresses from users of SVP wallets that depend on other nodes for validating transactions.
A valid concern is that not even privacy coins could be immune to these methods.
The same leaked documents affirm that “Of the cases on which Chainalysis collaborated with law enforcement, (they) were able to provide usable leads in approximately 65% of cases involving Monero”. The extent to which data mining companies can profile users shows how much there is to fear and how much there is to gain by creating DeFi solutions that successfully hide private data while offering disclosing mechanisms.
We need not only reinvent the money we use to make it private, we also need to create private systems in which to transact, and then empower users to disclose data that they want to disclose, to whomever they want to disclose.
The Panther Protocol aims to provide an interoperable privacy layer for DeFi and Web3 that protects users from the inherent faults of transparent ledgers. With private transactions and computations, voluntary disclosures and Zero-Knowledge proofs applied to transactions, we aim to restore privacy in DeFi, both for the institutions aiming to preserve their alpha and for the everyday user exercising their Human Right to privacy.
Advances in Privacy Enhancing Technologies offer the opportunity to evolve the way we share data, in a new method that is trustworthy, safe, and acceptable to all parties. Harnessing these developments, Panther is building a generalizable, cross-chain protocol, as well as APIs, SDKs and custom integrations that enable a private by default user experience across Decentralized Finance and Web3.
Panther is a decentralized protocol that enables interoperable privacy in DeFi using zero-knowledge proofs.
Users can mint fully-collateralized, composable tokens called zAssets, which can be used to execute private, trusted DeFi transactions across multiple blockchains.
Panther helps investors protect their personal financial data and trading strategies, and provides financial institutions with a clear path to compliantly participate in DeFi.