Decentralized Governance in the Wild – Lessons From the KuCoin Hack

Blockchain-based networks provide a unique and unprecedented opportunity to experiment with new forms of organization – both organization of information and software processes as well as governing human action. But nobody ever said creating new forms of organization would be easy, or glitch-free.

When a group of enthusiastic entrepreneurs or developers design a new blockchain-based network – figuring out the consensus mechanisms, the economic logic and the governance – it’s difficult to predict how their encoded schemes will function once released into the wild. A blockchain isn’t just a collection of software processes interacting according to preprogrammed logic. It’s a system embedded in the world of humans, businesses and governments, which is fiendishly diverse and constantly evolving.

Once a network is launched, the consequences of the inevitable mismatches between the real world and the network’s logic become apparent. And, assuming the network has some capability for self-modification and growth built into it, one also has the chance to improve and adapt.

For me and the other leaders of the SingularityNET blockchain-based AI network, the KuCoin hack that occurred on Sept. 25 provided an opportunity to re-evaluate the assumptions underlying some of our governance mechanisms, and think about how they might be augmented for superior functioning in future situations. Specifically, the attack led us to think hard about how liquid democracy mechanisms might be used to enable emergency response that is decentralized and democratic and also rapid.

In the recent security breach (“hack”) of KuCoin, a centralized token exchange, approximately $150 million worth of various ERC-20 tokens were transferred out of the exchange fraudulently. Among the stolen coins were 43 million AGI tokens, corresponding to the SingularityNET project I co-founded in 2017 and currently lead, equivalent in value to around $2 million, or close to 5% of the total current market cap.

This event was entirely isolated to the KuCoin exchange and did not affect the security of our platform or any of our decentralized apps (dapps). But still, it seriously affected a reasonably significant subset of our community. 

A number of other blockchain-based networks similarly affected by this security breach chose to use centralized control mechanisms built into their smart contracts to rapidly pause trading of their tokens, and then hard-fork their token smart contracts, thus eliminating or reducing the hacker’s ability to profit from their theft. 

We very seriously discussed this option but weren’t so certain it was the right path. Making a centralized decision to hard fork seemed against the decentralized ethos of the project, and setting the precedent of hard-forking in response to hacks on exchanges or other third-party repositories seemed undesirable.

Also, we quickly realized that if we were going to hard fork, we would need to come to this decision in a democratic way rather than purely as a centralized foundation decision. 

With this in mind, we began planning an AGI Hard Fork Voting event, to solicit community input regarding whether a hard-fork was an appropriate response to the KuCoin hack.

While these preparations were underway, however, we discussed the situation further with KuCoin, which assured us that their insurance policy would recompense stolen tokens. At the same time, we observed the hacker liquidating a significant fraction of the stolen tokens – thus eliminating much of the value of a hard fork.

Ultimately we decided not to hard-fork the AGI token smart contract or take any other drastic action. Reaction in our community was mixed. Folks whose KuCoin accounts were frozen were impatient to get their AGI tokens out. Based on conversation happening within our Telegram community, many token-holders were pleased with the strict adherence to decentralized principles. A centralized “off switch” or a centrally coordinated hard fork seemed against the decentralized ethos within which most current blockchain-based networks were founded.

See also: Compound Extends DeFi Ethos to Itself, Launches Governance Token

The KuCoin hack highlights the interesting and problematic nature of the intersection between democratic governance and rapid emergency response.

It clearly would have been possible to respond more quickly – and execute a hard-fork before significant liquidation of the stolen tokens occurred – had we made a strong and rapid centralized decision, as some other blockchain-based projects did. 

But there might well arise future situations where rapid action of similar magnitude is required, and it would be desirable to have a way to respond effectively without sacrificing democracy or inclusiveness.

One theoretical approach to achieving this end would be to introduce a rapid response voting mechanism so that one is always poised to launch a vote immediately. This is perfectly feasible technically, but problematic socially. In actual, human fact, the members of the voting community will not always be available on short notice.

Another option would be to formulate, and have the community approve by vote, a set of guidelines specifying the circumstances under which the SingularityNET Foundation leadership should take drastic emergency action in the absence of a vote.

Obviously, leaders of democratic national governments have the ability to achieve such powers via declaring “state of emergency.”  However, these mechanisms are complicated to get right and, as history shows, are highly subject to abuse.

After more consideration we arrived at the somewhat obvious conclusion that the best solution to effective, democratic and decentralized emergency response is most likely liquid democracy.

See also: Jake Yocom-Piatt – It’s Time to Walk-the-Talk on Decentralized Governance

Liquid democracy is when voters delegate their votes to various other parties in a flexible way, rather than voting directly or appointing representatives for everyone. 

Just as smart contracts allow value transactions and persistent economic and other formal relationships to be scripted in flexible and automated ways, similarly liquid democracy allows delegation of voting power to be scripted according to arbitrary logic.

In the domain of emergency response, liquid democracy could work as follows: Each participant in the network could nominate a handful of network participants as “emergency delegates,”  and specify that, if a network emergency occurs and a rapid vote is needed, any one of these emergency delegates should be considered able to submit their vote for them. When a network participant votes on an emergency matter, then, their vote counts not only for themselves but for anyone else who has nominated them as an emergency delegate.

Numerous software implementations of liquid democracy have been created, for instance the Catalyst system within the Cardano blockchain framework is used for liquid democracy-based allocation of development funds.

Adapting liquid-democracy to serve emergency response would require a nontrivial amount of work. But it is something we are giving serious consideration in the SingularityNET community, especially since we are currently planning to shift SingularityNET from an Ethereum-based to a multi-chain infrastructure, and in this context port a large fraction of SingularityNET’s current ERC-20 tokens to corresponding Cardano-based tokens.

The slowness of traditional, non-liquid democracy is inadequate for emergency response. On the other hand, centralized response mechanisms like many other blockchain networks utilized to cope with the KuCoin hack are going to be decreasingly viable as these networks gain traction and become more and more truly decentralize.   

This is why agile software development methodology exists, and it’s why the design of blockchain-based networks needs to be agile as well and get progressively adapted based on the experience of releasing these networks into the wild.

See also: Stephanie Hurder – The Fourth Era of Blockchain Governance