Ordinary user perspective: How to avoid governance attack risks during the downturn of the Crypto market
Bnews editor
The next governance attack is likely to far exceed the last bear market. During the market "garbage time", users are advised to adjust their positions and on-chain interactions as soon as possible to reduce risks.
The current market situation is very similar to the condensed version of 2019 and 2022. Various problems are concentrated together and the difficulty is comparable to a hell-level copy.
Compared with 2019, it does feel very similar, but without the dream atmosphere of some friends shouting that the first year of DeFi is coming, the physical feeling is even worse.
The off-site environment has gone from virtual to real, and there are only small hot spots in the market, but no big trends. In essence, it is still based on the limited liquidity in the market, with a large amount of ecological segmentation liquidity.
Every local bull market forcibly created by a specific ecology is like a smaller version of the $trump effect, and every small hot spot is another escape opportunity in the eyes of many people.
Compared with 2022, it feels like taking the dregs and removing the essence.
There are many uncertainties, but at least one thing is certain:
Next, there should be governance attacks that far exceed the last bear market - during the garbage time of the market, it is best to make some adjustments to positions and on-chain interactions based on this.
What is a governance attack?
The so-called governance attack (Governance Attack) means that the attacker uses the loopholes or capital advantages of the governance mechanism to influence project decisions in order to seek personal gain or destroy the system. It usually occurs in the period when the price of governance tokens is low and the market liquidity is exhausted, and the attacker is able to control the decision-making power at a low cost.
In the last bear market, the most common ones are:
Many protocols' governance tokens (or NFTs) are ignored and fall continuously, but the treasury still has a lot of assets. When there is an obvious imbalance between the two and the arbitrage space, people with bad intentions will appear.
During the deep bear market, attackers usually accumulate a large number of governance token chips at very low prices (small protocols are more common), or they may temporarily borrow a large number of governance tokens through flash loans and other methods to complete the voting directly corresponding to the on-chain operation.
The purpose of the attack is usually twofold: one is to steal funds, and the other is to change the contract logic.
For example, directly transferring all the assets of the treasury will cause some small projects that could have survived the bear market to be unable to continue, and the value of your governance tokens will naturally decline, and the entire project may even die.
For example, for some full-chain governance projects with a Proxy mechanism, once the authority is seized by the governance attacker and the contract logic is maliciously rewritten, and you happen to have authorized some assets during the bull market, your assets will be in danger, especially the stablecoin assets that are the first to be affected.
Here is a little popular science: Proxy allows the protocol to update the contract logic without changing the original contract address. This is common in DeFi, but if the governance authority is seized by the attacker, they can modify the Proxy to allow the contract to execute malicious logic, such as transferring assets or modifying trading rules.
The most common thing is that when you play some DeFi, you usually authorize assets such as USDC, USDT, and DAI, and you have never manually canceled them. During the market downturn, if you encounter this situation and your address happens to have these assets, then the modified malicious contract logic can directly transfer all your USDC, USDT, and DAI.
During the market downturn, the crypto space, with the dissipation of most people's attention, can easily become a dark forest full of hunters.
Remember the last bear market, even if some small protocols only had tens of thousands of U arbitrage space, some people were willing to ambush and eventually achieve governance attacks and completely kill the protocol.
In the downward range of this cycle, in addition to governance attacks from external attackers, in the atmosphere of Taoism collapse, some project parties will do this by virtue of their voting advantages and rob the community. The most common behavior is to issue tokens out of thin air.
From the perspective of Holder, it is really easy to lose a lot of money if you hold a large number of coins but insist on not looking at governance changes.
The most recent case is the governance proposal issued by CRO in early March.
Known as the "Cronos New Golden Age", an additional 70 billion was printed out of thin air on the basis of the original total of 30 billion. It was unlikely to pass, but in the end, the official personally voted for YES, and this weird proposal was almost passed two days ago.
Subsequently, the project party issued a proposal to destroy 50M $CRO to show its intention, which is very absurd.
(Remember the tweets about the project issuing additional shares on Binance and researchers being able to arbitrage when we talked about information asymmetry arbitrage? The current market stage and environment have changed. If you see additional shares, it is difficult to think from a positive perspective. Instead, you need to combine other factors to deduce why this is the case, what kind of people are in the team, and whether they are really considering the community? I believe that everyone has their own yardstick in their hearts.)
How can ordinary users avoid this?
1. In daily interactions, avoid long-term, unlimited authorization of stablecoin assets such as USDC: It is recommended to select a limit each time you authorize, and when the GAS fee is low, take some time to check the authorization with tools such as revoke.cash, cancel the unnecessary part, and change the new address regularly;
2. Screen the projects you participate in, avoid participating in projects with opaque governance mechanisms, especially projects with unaudited and unsupervised proxy changes. For some new DeFi projects, you must force yourself to pay attention to this, avoid being lucky, and form a habit;
3. For projects with high position relevance, you can rely on yourself or entrust other researchers to check the DAO regularly Governance proposals, pay attention to malicious proposals in time, and be able to fight back together; for example, the Protector established by @byobu4 did a lot of this governance maintenance work during the last bear market.
I think of these for the time being and record them here. I have communicated with several whale friends recently, and I feel that everyone is pessimistic about the future market.
Many friends originally thought that DeFi still has a chance to play some new tricks in the loosening of US policies, but as mentioned above, the small bull market forced by BSC these days is also another smaller version of the $trump effect. It is difficult to see the possibility of better liquidity in the market for the time being. If the overall liquidity is further divided and exhausted, the industry will also enter a stage of frequent governance attacks. It is really bad. Will it be worse?
In the era of moving from virtual to real, the absurdity and bottom line of the virtual world are likely to be just a preview of the more absurd real world in the future. No matter what the future holds, it will not be wrong to take a step back, make the worst plan, and avoid some potential risks with high certainty.
