It is symbolic that the launch of the Worldcoin and the Curve hack happened within about a week of each other. They raise important questions about the future proof of decentralized versus centralized structures and how the trust is created and maintained.

Worldcoin (in case you missed it) is a very ambitious project of the creator of ChatGPT/OpenAI CEO Sam Altman. Worldcoin launched on July 24, 2023. The mission of the project is to create and distribute a digital “World ID” and its unique cryptocurrency WLD to all (adult) humans on the planet. The World ID aspiration is to be a digital passport that proves that its holder is a real human, not an AI bot. In order to create their wallet with World ID, a person needs to have their eye iris scanned by the Orb device, which then creates a unique record (in an encrypted form) on the Ethereum blockchain, confirming that the holder of this wallet is a human and that the associated link between this human and the World ID holder is unique. Once this verification of the “human hood” is confirmed, some WLD tokens are delivered to the person into this wallet. The ultimate stated goal of the project is to open-source the platform and decentralize the technology eventually, but currently, this project is a classical VC funded fully centralized big-tech-style startup, founded by a very smart guy named Sam who is one of the WEF-welcomed young leaders and very close to the US political and tech elites (not even funny, right?) 🤵🏻 ♂️

The Worldcoin launch has been met with controversy, mainly due to its iris-scanning technology and some ethically questionable practices used to convince people to participate in the experiment. Some people have raised privacy concerns about the centralized technology, while others have questioned the accuracy of the scans. There are also concerns that the Worldcoin project could be abused by governments or other organizations to track people or deny them access to services. This MIT technology review article provides solid documentary evidence of multiple ethically questionable circumstances surrounding privacy aspects. Vitalik Buterin also wrote about it.

Despite the controversy, Worldcoin has raised over $200 million in funding, it reportedly has about 2 million users and has plans to expand its operations to more countries. One of their reported stated goals is to be able to distribute universal basic income to all global populations in need. Binance, OKX, and some other exchanges have listed WLD already.

My personal assessment is that this project will likely fail, similar to Facebook’s Libra. Not because it’s deceptive or malicious but rather because it is too broad, too grandiose, too abstract, so it won’t easily find its product/market fit and will spend most of its efforts dealing with self-inflicted bureaucracies and external pushbacks from regulators. My real concern about Worldcoin is that when they inevitably slow down and face headwinds and won’t be able to grow as planned, they will be asking themselves questions about how to pivot or modify their original project, and as a result, they will be very tempted to monetize the personal data they have collected. Time will tell. ⏱️

On July 30, 2023, Curve Finance was hacked for about $61 million. The hacker exploited a so-called reentrancy bug in the Vyper smart contract language, which is used to build Curve pools. The bug allowed the hacker to withdraw more funds from the pools than they had deposited.

This hack is one of the largest hacks in DeFi history. It also highlighted how quickly DeFi community gets together to solve industry problems without any government or police involvement. 🚓

Curve is an automated market maker (AMM) protocol on Ethereum, one of the largest existing DeFi projects. AMMs are sort of decentralized exchanges that allow users to swap tokens. Curve is unique in that it only accommodates liquidity pools made up of similarly behaving assets. This means that the tokens in a Curve pool are all correlated, which helps to reduce the risk of impermanent loss for liquidity providers. Curve has its own token, CRV, which is used to govern the protocol and to reward liquidity providers.

Curve had over $20 billion in total value locked (TVL) before the hack, so $60 million is a relatively small pool of assets that was vulnerable. 

The crypto community reacted to the hack with a mixture of anger and disbelief. Some people criticized Curve for using Vyper, which is a less mature smart contract language than Solidity. Others argued that the hack was a sign of the immaturity of DeFi as a whole.

Curve founder Michael Egorov had taken out large ($100m+) loans against his CRV tokens he owned, these loans were collateralized by his CRV tokens. The hack obviously caused the price of CRV to fall sharply, which put Egorov’s loans at risk of being liquidated. In order to maintain the liquidity and stability of the token, Egorov entered into a series of OTC deals. These OTC deals were done at a discount to the market price. Still, he was able to find buyers for his tokens within 2 days. As I write it now, it seems that Curve survived, the CRV price is stable, Curve team halted trading on the affected pools and is still working with security researchers to fix the bug and test that it is fixed. The team also offered a bounty for the return of the stolen funds. Within a week after the hack, either the hacker or some white hats have returned about $10-15m of the stolen funds back to Curve. 

The good news is that crypto OGs and DeFi community is a very resilient group and will likely survive this. The bad news – this incident just showed how Curve is not really as decentralized as they claimed. The team could halt trading, decide how to fix the bug, and act without the community voting in case of emergency, and the founder had exercised some serious executive powers. I expect them to be seriously challenged on whether or not they should get regulated as a result of this incident.

I find both stories very iconic and ironic: Worldcoin says they will want to reach more users and plan to decentralize, but I don’t think they will be able to do it. On the other hand, Curve and its founder got the support they needed (both technical assistance, security talent, and liquidity) without any formal pressure or obligations, and this case illustrated that in order to act, some serious centralization is needed, so Curve will likely have to become more centralized (and more robust) in the near future. 

What’s your take? 💭

Enjoy listening to podcasts instead of reading? – Tune in to this episode here!

P.S. Did you know that I am regularly adding new templates and training to the Fintech Compliance Templates Library? It includes the FinTech Compliance Self-Starter Package with new FinTech license application templates, such as a regulatory business plan, organizational design plan, and templates for creating financial projections! Have a look here! ✨