Most investors associate DeFi with a “total loss of funds” risk. This association enforces an implicit ceiling on the amount of capital accessible to on-chain asset managers, services, and venues. One of the most notorious hacks was a $160M loss from a single firm, Wintermute, one of the most prominent brands in on-chain asset management. Had Wintermute been using DeFi Armor, this hack would have resulted in no loss of funds.
Most investors associate DeFi with a “total loss of funds” risk. This association enforces an implicit ceiling on the amount of capital accessible to on-chain asset managers, services, and venues. One of the most notorious hacks was a $160M loss from a single firm, Wintermute, one of the most prominent brands in on-chain asset management.
The hack was due to a compromised private key, which allowed the attacker to simply move all the funds into their private wallet. What’s noteworthy is that such a hack would have been fully prevented had Wintermute been using DeFi Armor - and not even required a change in custody.
The keys could have been fully compromised, as they were in this case, and the attacker would not have been able to move the assets to any address not explicitly approved by a different set of uncompromised keys.
This case study demonstrates that a simple, low cost solution can prevent catastrophic outcomes that would rightfully put most asset managers out of business.
In every liquid and broadly traded asset class on earth, the separation of trading and administrative functions are strictly enforced - except crypto. It was not always this way; in the "early days" of asset management, separation of duties was not enforced. After decades of theft, fraud, and negligence, tight operational controls have evolved into the risk management infrastructure we take for granted.
This inability (or unwillingness) to separate keys is at the root of the security problem. Simply put, the operational functions, or private keys, which have full, unrestricted control over the assets should have a different level of security than keys or functions with restricted control.
Importantly, and while hard to believe, Fireblocks and other leading custodians do not actually enforce this separation for smart contract interactions, even today, because they simply ignore the most important part of a DeFi transaction. We have written previous about this analysis here.
DeFi Armor allows firms to separate trading keys and administrative keys. Firms typically have 5-9 keys of which they require a threshold signature (e.g. 3 of 5 signatures) to approve an administrative transaction. These keys are often stored in a combination of custodians, bank vaults, and other secure locations. Trading keys are kept in secure, but more accessible environments, like AWS KMS, and have functionality bound by policies set by the administrative keys. Those policies are enforced by DeFi Armor, which simulates the transactions and classifies the state change, then signs the transaction if it passes the policies.
Theft from direct or indirect compromises in private keys is preventable. We believe that managers have a fiduciary duty to prevent their assets from being stolen or misappropriated. We have found that many managers, and even more so their LPs, are not fully abreast of the operational risks they may be taking. Removing the implicit capital limit imposed on our industry requires service providers to not cut corners, fund managers to take their security seriously, and investors to know which questions to ask during their due diligence.
We suggest investors ask the following question -
If you want to learn more about DeFi Armor, click here.
Lucas is the Co-Founder & CEO of Eulith. He was previously the Co-founder & CTO of Nomisma (ca. 2017 - 2021), a digital assets derivatives exchange which was acquired by Amber Group in 2021.
.png)
