A reminder, dear reader: If you’re accused of committing massive fraud and risk facing the rest of your life in prison, you should probably turn down that interview with “Good Morning America.”

Such advice might’ve served Sam Bankman-Fried, the disgraced crypto founder who couldn’t keep quiet last year following the collapse of his FTX crypto empire, after he allegedly stole billions of dollars of customers’ money.

To the chagrin of his lawyers (Asked by journalist Aaron Ross Sorkin on Nov. 30 if his attorneys were “suggesting this is a good idea for you to be speaking,” he replied: “No, they’re very much not.”), the crypto founder went on a media blitz following FTX’s collapse – seemingly desperate to dish out his side of the story to practically anyone who would listen, be they journalists, Twitter personalities or vexed crypto day traders.

Bankman-Fried was asked during his direct questioning last week why he spoke to so many journalists. “I felt like it was the right thing for me to do,” he told his lawyer.

Right or wrong, the FTX founder’s media strategy seemed as perplexing as ever on Monday, when prosecutors spent hours peppering him with questions about potential criminality at FTX — using his countless post-collapse interviews as corroborating evidence.

The bulk of Bankman-Fried’s exchanges with Danielle Sassoon, the assistant U.S. attorney who led the questioning, followed a strikingly similar pattern. Sassoon would ask the defendant a question: “In private, you said things like ‘f–k regulators, didn’t you?” Bankman-Fried would respond to the effect of “I don’t recall saying that,” or in the case of the comment disparaging regulators: “I said that once.”

Then, whether or not Bankman-Fried could remember making a statement, Sassoon was always ready with corroborating evidence – like the defendant’s ill-advised, viral text exchange with a Vox reporter expressing his distaste for regulators.

Bankman-Fried’s proclivity for speaking with the press had worked well for him historically. His trademark curly mop of hair, T-shirt and cargo shorts were complemented by a nerdily irreverent speaking style that lent him an air of earnest eccentricity in interviews.

This public image was beamed around the world by his frequent media appearances, which may have played a key role in helping him woo users and investors to FTX. Bankman-Fried acknowledged as much during his trial, confessing that he became the public face of FTX by happenstance after it became clear that he had a knack for press.

In the lead-up to Bankman-Fried’s cross-examination this week, prosecutors have scrutinized his policy of customarily deleting written communications – a practice he testified to picking up during his time as a quantitative trader at Jane Street, where junior employees were advised to consider the “New York Times Test.”

“Anything that you write down,” he recalled during his direct questioning last week, “there’s some chance it could end up on the front page of The New York Times.” He added: “A lot of innocuous things can seem pretty bad” without context.

Bankman-Fried had an odd interpretation of this rule. While he set most internal FTX chats to “auto-delete” — apparently to prevent them from showing up in The New York Times — he often spilled his secrets directly to the Times and other news outlets. The results of these post-collapse conversations, when presented in a courtroom, still looked “pretty bad.”

Sassoon’s grilling excerpted interviews with Sorkin of The New York Times, George Stephanopoulos of “Good Morning America” and Bloomberg’s Zeke Faux, among others – just a handful of the journalists Bankman-Fried spoke to immediately after FTX’s fall.

At least five journalists whose names showed up in pieces of evidence pulled up for the jury Monday were physically present at the Manhattan courthouse.

Although he left prosecutors with a sparse written record of his conversations at FTX, his press appearances after FTX collapsed, wherein he walked step-by-step through the fall, contained more than enough material for Sassoon to puncture his credibility, and to rip apart the sympathetic image he painstakingly constructed for himself in early media interviews and hours of direct questioning from his own lawyers.

A key moment in Monday’s cross-examination revolved around the allegation that Alameda Research, a trading firm Bankman-Fried founded before starting FTX, had “special privileges” on the exchange that allowed it to steal billions of dollars in user deposits.

Bankman-Fried has generally been evasive when asked if Alameda had special privileges on FTX, since admitting that would be a huge boon to the government’s case against him.

“Isn’t it true that as CEO of FTX you were aware that Alameda had more leeway than other traders on the exchange?” Sassoon asked him at one point on Monday. Initially, he pushed back: “Not in those words specifically, and I don’t know what context it was in.”

With some prodding from Judge Lewis Kaplan, Bankman-Fried conceded that Alameda had “put on a far larger position than I had anticipated” but he said it was due to a banking relationship between Alameda and FTX that he maintains was kosher. He made no mention of any Alameda special privileges or extra “leeway.”

Sassoon drilled further: Alameda’s large position “was also the result of the margin rules that did not apply to Alameda, correct?”

“I’m not sure that’s how I see it, no,” Bankman-Fried responded.

Sassoon, unphased, moved right ahead with her questioning. She pulled up an interview between Bankman-Fried and Bloomberg’s Faux. The article was dated December 2022, a few weeks after FTX fell apart: “When I ask if Alameda had to follow the same margin rules as other traders, he admits the fund did not,” Faux wrote. “‘There was more leeway,’ Bankman-Fried says.”

Although most of his internal communications have been deleted – perhaps a wise move depending upon what they contained – a remarkable amount of the prosecution’s evidence was drawn from media appearances like this one that Bankman-Fried did after he stepped down from his role at FTX. Had he stayed quiet – adopting some variant of the New York Times Test to avoid letting his words come back to haunt him in court – one imagines this portion of the case could have taken a strikingly different course.

When decentralized finance, or DeFi, took off in 2020, it was pitched as an antidote to the failings of legacy finance.

Decentralized lending was supposed to be DeFi’s killer app – a way for people to borrow and lend digital assets instantaneously on blockchains, without banks or credit scores. As centralized crypto lenders like FTX crumbled last year as a result of bad actors and financial mismanagement, DeFi lending “blue chips” like the Aave protocol – the largest decentralized lender – kept on ticking, bolstering DeFi’s pitch as an improvement to traditional finance.

Crypto markets are slumping, but Aave continues to boast $4.6 billion worth of user deposits, according to DefiLlama – money pooled by people around the world to help facilitate bankless borrowing on Ethereum and other blockchains.

But a few weeks ago, a $70 million hack on Curve, one of the largest decentralized crypto exchanges, revealed cracks in the DeFi promise. The hack set off a Rube Goldberg-esque series of events that pushed DeFi lending to its limits – threatening to send the price of a key DeFi asset into a downward “death spiral,” and raising critical questions about whether community-driven financial platforms are equipped to manage risk.

DeFi is powered by smart contracts – blockchain-based computer programs that allow people to directly transact with one another. The reliance on code is supposed to make things quick, cheap, and broadly accessible, allowing people to lend, borrow and swap tokens without banks.

The money loaned out by DeFi lending platforms like Aave, Frax and Abracadabra is pooled from a “decentralized” community of individual depositors, each of whom earns a cut of the interest paid by borrowers. The risk of big positions is also spread between these people; if a borrower can’t pay off their debt, these lenders are the ones left holding the bag.

DeFi lenders have fewer tools than banks do to judge creditworthiness, so they tend to have strict over-collateralization requirements – meaning borrowers must put up more value in collateral than they take out as loans.

Recent events have shown the limits of high collateral for staving off risk.

Over several months in 2023, Curve exchange founder Michael Egorov borrowed around $100 million across several different decentralized lending platforms. As collateral, he put up over $200 million worth of CRV, Curve’s native token.

DeFi lenders are programmed to automatically liquidate a borrower’s collateral if it falls to a certain price – meaning they sell it off to the open market. Egorov’s lenders thought they had enough CRV collateral to cover themselves in the event of a potential default.

However, when a hack siphoned $70 million from Curve last month – dragging the price of CRV down 20%, closer to prices where Egorov’s collateral would have been auto-liquidated – the exchange founder’s DeFi lenders realized they might soon be saddled with millions of dollars in bad debt.

In granting Egorov’s loans, lending smart contracts had apparently failed to account for Egorov’s full collateral position, which was stashed across several disparate lending protocols, and therefore difficult to account for programmatically. Altogether, Egorov had put up a hefty one-third of all circulating CRV as collateral. If a lender liquidated even a fraction of this amount, the whole market for CRV – a relatively illiquid but systemically important DeFi asset – would have collapsed.

“When a founder of a project wants to lend a huge portion of a token’s supply, you’re never going to be able to liquidate very rapidly,” said Sacha Ghebali, a data analyst at crypto analytics firm TheTie. “You need to have limits there.”

Briefly, a sort of Mexican standoff ensued between some of Egorov’s biggest leaders as they weighed liquidating the Curve founder early in an effort to avoid being the last ones stuck with worthless CRV.

Egorov wasn’t ultimately liquidated; he managed to pay down some of his loans with the help of big-money “whales,” like Tron founder Justin Sun, who had a vested interest in keeping DeFi afloat.

Even still, the Egorov situation “put a chink in the armor of DeFi protocols in showing that you can have bad debt, you can have credit losses in over-collateralized loans – provided that the collateral is not liquid enough,” said Sid Powell, the CEO of Maple Finance, an institution-focused DeFi lending company.

Every lending platform has rules baked into its code meant to protect against systemic-risk scenarios like the CRV fiasco. Broadly, the rules govern what assets can be borrowed, and in exchange for what kinds of collateral. Requiring over-collateralization is a primary method for managing risk, but not the only one.

In an emailed comment to CoinDesk, an Aave spokesperson took pains to specify that Egorov’s $60 million Aave lending position was made in Aave V2, an older version of the platform, and wouldn’t have been possible in the newer Aave V3 protocol, which “has risk parameters which limit this exact scenario to the point where bad debt is extremely unlikely.”

Banks hire professional managers to set these kinds of risk parameters. Aave and other DeFi lenders kick this responsibility to their investors.

Aave’s risk parameters are set by the Aave DAO, or decentralized autonomous organization – people who hold the platform’s AAVE token. The setup is pitched as a way for Aave’s stakeholders to democratically govern how their money is borrowed.

While an Aave spokesperson told CoinDesk that “the Aave DAO is known for conservative management,” some experts say the Curve crisis showed that risk management is too complicated to be handled by a DAO.

“More than 500 different parameters are talking to each other on the Aave protocol – it could be collateral factors, liquidation sensors, oracles, interest rates,” said Paul Frambot, CEO of the DeFi lending protocol Morpho. “You have votes to change those risk parameters constantly.”

“The Aave paradigm is not built to scale with such an amount of complexity,” said Frambot, who has worked to introduce new kinds of risk management systems with Morpho. In addition to DAOs being slow to make decisions, “you have to have a Ph.D. in risk management to really understand these things.”

If the Curve situation illustrated anything, said Frambot, it’s that DeFi lending protocols should not be viewed as autonomous pieces of computer code, but as systems that rely heavily on human decisions. ”The Aave protocol is in fact more of an on-chain fund with decentralized and open rails,” said the Morpho founder. “What they’re doing is letting users deposit money, and then they manage the risk of this position.”

According to Aave’s spokesperson, “The DAO has various risk-mitigation, third-party services”

to make risk “assessments and recommendations, but it is ultimately up to the DAO to decide how to respond to potential risks.”

Frambot says risk management is too tedious and complex for a DAO to handle, meaning power naturally concentrates into the hands of large “delegates” and risk management firms.

Firms like Gauntlet and Chaos, two of Aave DAO’s main risk management partners, have proprietary tools to measure risk and propose parameter changes. “Literally every day, risk managers are pushing risk parameters that are completely trusted and opaque – like we have no idea how they’re calculated,” said Frambot. “Yet you know the DAO is going to greenlight it” because it comes from a trusted brand.

Of the 303 proposals since December 2020 that have made it to a formal Aave DAO governance vote – typically these follow a “snapshot” community poll in the Aave forums – only 8% have been outright rejected. Of the 262 proposals that have been approved and executed by the Aave DAO, 233 passed with unanimous approval. The bulk of them involved risk parameter changes.

Aave DAO decisions also tend to be driven by just a handful of “delegates” – individuals and organizations that are given permission to vote on behalf of other AAVE-holders. In each of the past five Aave DAO votes, more than half of the final vote tally came from the three largest delegates.

“There’s a bit of demagoguery to being a delegate,” remarked Dean Tribble, CEO of Agoric, a company building a DeFi-focused blockchain. “People are rewarded for voting along with the majority, and that’s why you get these big swings – 100% vote kinds of things. Or, a loud minority can have an outsized impact.”

The Curve fiasco demonstrated the capriciousness that can result from this kind of system.

In June – more than a month before the Curve exchange was hacked – Gauntlet proposed freezing CRV in Aave V2, arguing Egorov’s massive CRV collateral risked becoming bad debt. Aave’s community voted unanimously against the proposal, which would have prevented Egorov from increasing the size of his CRV position.

When Gauntlet reintroduced its CRV freeze proposal in July, days after the Curve hack, the community voted 100% in favor.

The worst-case consequences of last month’s Curve exchange hack seem to have been avoided – thanks to a series of side deals cut between the project’s debt-strapped founder and a handful of key crypto players.

But the events still served as an indictment of the prevailing decentralized finance (DeFi) narrative since last year’s collapse of Sam Bankman-Fried’s FTX crypto exchange – that centralized platforms are susceptible to greed and poor risk management while decentralized platforms keep chugging along. It turns out that DeFi is susceptible too.

This article is featured in the latest issue of The Protocol, our weekly newsletter exploring the tech behind crypto, one block at a time. Sign up here to get it in your inbox every Wednesday.

Curve, a crucial decentralized exchange on Ethereum, was hacked last month for over $70 million. The price of CRV, the exchange’s native token, dropped by more than 20% in the immediate aftermath of the exploit.

The event fueled fears around the security and viability of Curve – widely considered a “blue chip” crypto exchange in a crowd of less reputable competitors. The hack also drew attention to a risky lending position from Curve’s founder, Michael Egorov, who put up 33% of the supply of CRV to bank personal loans. If CRV dropped low enough in price, that collateral could have been automatically liquidated by DeFi lending platforms and then dumped onto the open market – tanking a systemically-important DeFi asset’s price.

Curve offered its exploiter a 10% bounty in exchange for returned funds, and the platform has managed to recover nearly 75% of the assets lost to the attack. The price of CRV has also rebounded slightly in the past week as the Curve founder has paid down some of his loans – meaning his massive CRV bags are at lower risk of getting liquidated than they were immediately following the hack.

But the Curve fiasco was still a reckoning for one of the largest crypto exchange platforms and held warning signs for DeFi in general.

Launched in 2020, Curve is a decentralized exchange (DEX) on Ethereum.

At a high level, the platform works similarly to DEXs like Uniswap, allowing people to swap between cryptocurrencies without the need for intermediaries. As with many other DEXs, anyone can deposit crypto into a Curve “pool” – a basket of various cryptocurrencies. The pools are used by other traders to exchange between tokens, with token prices set by the ratio of different assets within a given pool. Pool depositors – so-called “liquidity providers” – earn a portion of the trading fees.

In contrast to Uniswap and most other exchanges, Curve’s features are designed specifically for trading stablecoins and other like-kind assets – digital tokens tied to the price of some other asset. During the DeFi bull run of 2020-21, Curve was at one point the largest DEX by trading volume – amassing more than $20 billion worth of liquidity at its peak.

In addition to its focus on like-kind assets, the primary feature that allowed Curve to flourish during the last crypto bull run was the platform’s CRV-based incentive structure.

Curve incentivizes liquidity providers to deposit into its pools by rewarding them with CRV tokens atop the regular interest generated from trading fees. The platform offers further rewards to those users who are willing to lock up their CRV in exchange for veCRV – another type of reward. CRV can be locked up for years at a time – the longer the lockup, the bigger the veCRV rewards.

veCRV doubles as votes in the Curve system, meaning it can be used to influence how Curve distributes rewards to different pools. The pursuit of veCRV led to the “Curve Wars” – where people competed to amass veCRV tokens to direct the flow of rewards to their preferred pools.

The Curve Wars made CRV and veCRV systemically important within the broader DeFi ecosystem. The tokens were used widely in lending and borrowing, they were collected by crypto protocols looking to drive liquidity to their own Curve pools, and they powered a variety of offshoot platforms, like Convex, built specifically to capitalize on Curve’s reward system.

Curve’s dominance has faded in recent months as the bear market has eaten into the price of CRV – allowing newer competitors, like Uniswap V3, to seize some of the platform’s market share. According to DefiLlama, Curve currently boasts $2.4 billion in deposits, or just a tenth of the peak of $24 billion in 2022.

The CRV price has likewise decreased to 60 cents, down from around $6 at its 2022 peak, and down 20% since last month’s hack.

“I think Curve will have issues now as a result of people second-guessing the Curve token,” said Sid Powell, CEO of Maple Finance, a blockchain-based credit marketplace that offers DeFi services to institutions and accredited investors.

The long-term viability of Curve’s CRV reward program – a vestige of DeFi’s early days, where money-printing machines in the form of token issuances were the go-to model for attracting users – seems less certain now, in light of the CRV price declines. Powell called the system “ponzinomics.”

“It is kind of like a melting iceberg scenario, where they have to find some way to add or recreate utility for CRV,” said Powell. “Otherwise, there would be no point in having it,” since the rewards for using Curve without CRV – the interest generated purely from trading fees – is a pittance relative to what users get from CRV bonuses.

“I’m watching what that second-order effect is for Curve TVL [total value locked] and the number of protocols that are kind of built on Curve TVL,” he added. “If the CRV token rewards are removed or valueless, what would happen to Convex at that point?”

CoinDesk attempted to consult Curve founder Michael Egorov for this story but was unsuccessful.

Over time, Curve has earned a reputation as a “blue chip” decentralized exchange (DEX) – one of the relatively few safe protocols in a sea of buggy ones. It was relatively simple in its design and, until July, was one of the few big DeFi platforms to avoid any major hacks.

The Curve exploit served as a reminder that scale does not equal security.

Last month’s attack happened as a result of a bug in the compiler for Vyper – a programming language similar to Solidity that allows people to code up smart contracts. The specific vulnerability in Vyper’s code, a so-called re-entrancy attack, allowed a hacker to repeatedly withdraw funds from Curve without the protocol realizing that it had already sent the funds.

While Curve is well-known, Vyper is not. The vulnerability in Vyper drew attention to the myriad avenues by which attackers can theoretically sabotage decentralized systems, and it is possible that the risks will only become greater as the systems powering decentralized systems become more complex.

In the months leading up to July’s exploit, Curve founder Michael Egorov took out around $100 million worth of loans. As collateral, he used around $200 worth of CRV – 33% of all CRV in existence.

If the price of CRV fell low enough, Egorov would have been liquidated – meaning his collateral would have been dumped onto the market. This could have triggered a full collapse of CRV, which is relatively illiquid but remains systemically important to DeFi.

The fact that the founder of “blue chip” decentralized finance protocol was able to amass more than a third of its native token’s supply – and then put it up as collateral to back millions of dollars in loans – should have raised eyebrows, according to experts, due to its potential ramifications for the protocol and for DeFi as a whole.

“I don’t necessarily think it’s a sign of unethical behavior, but it does open up risks – exactly as you’ve seen occur – and the risks are not too hard to predict,” remarked Powell. “If you have a $100 million loan, and you have that on leverage, and it’s against your token, there’s a chance your token could drop in price and you’ll need to liquidate it to cover yourself.”

Egorov managed to de-risk his lending positions by paying down portions of his loans – decreasing the price at which his CRV would be subject to liquidation. However, Egorov needed to make over-the-counter deals with big-money crypto “whales” like TRON founder Justin Sun in order to finance these payments.

It wasn’t the first time that a big player like Sun has stepped in to prevent a crypto collapse. It was a reminder, after a handful of similar ones, that power in decentralized finance rests with just a handful of actors – a scenario not dissimilar to traditional finance.

As CoinDesk’s Daniel Kuhn argued in a deftly-written column last week, “the spirit that propelled DeFi forward, the dream of disintermediating money from power and providing easy access to basic and complex financial products without fear or favor is dead.”

It’s true, as Adam Blumberg pointed out in a response to Kuhn’s column, that blockchain technology enabled minute-by-minute visibility into the health of Egorov’s lending positions – transparency that’s only possible in the world of decentralized finance, where transactions and wallet addresses are all publicly viewable. However, the full influence of big actors like Justin Sun remains opaque – and it will only become more so as whales become more sophisticated with how they obfuscate the scale of their holdings.

“On-chain transactions do not represent the asset exposure that the underlying trader necessarily has,” said Sacha Ghebali, a strategy analyst at crypto analytics firm The TIE.

“It’s no different from traditional financial markets,” he continued. “At some point there is a limit in terms of how much transparency these systems manage to carry, even when you get the impression of transparency.”

The early days of the blockchain industry were defined by maximalists. A winner-takes-all mindset pervaded crypto Twitter and blockchain forums, with fans of each new project – be it Ethereum, Bitcoin, or Cardano – hell-bent on convincing others that its chain would be the chain to snuff competitors and take blockchains mainstream.

In recent years, this absolutist mindset has fallen mostly out of vogue, with new blockchains launching every day alongside “bridge” infrastructure to help them communicate with one another.

At the forefront of this shift was Cosmos – the blockchain ecosystem that helped to pioneer the “appchain,” shared security, and the proof-of-stake consensus mechanism that now powers Ethereum and most newer blockchains.

Comos set out to create not one blockchain, but a family of them – each engineered for its own use case but set up to easily communicate and swap assets back and forth. Once considered a technical marvel in the world of blockchain infrastructure, the Cosmos SDK – the software development kit that allows anyone to build a Cosmos-based blockchain – was at one point the go-to toolbox for any developer looking to spin up a network.

But among the blockchain ecosystems that have been hit hardest by crypto’s market meltdown, Cosmos sits near the top of the list.

The spectacular collapse of Terra – at one point one of the largest Cosmos-based blockchains – left a liquidity hole in Cosmos’s decentralized finance (DeFi) ecosystem that it has yet to recover from. Politics and infighting – both a feature and a bug of Cosmos’s open-source development model – have been blamed for slowing down development. Now, newer blockchain-in-a-box projects have proliferated, particularly in the Ethereum ecosystem, which put Cosmos at risk of becoming obsolete in a category it once monopolized.

It also can’t help that the U.S. Securities and Exchange Commission thinks that ATOM, the crypto token most closely associated with the Cosmos ecosystem, is a security.

According to Zaki Manian, a leading figurehead in the Cosmos community and the creator of Sommelier, the next year for Cosmos may well be “existential.”

“Cosmos has, I would say, like eight to nine months, maybe a year at most, to kind of find a way to create something unique and distinctive, something that differentiates itself and makes it feel like some coherent thing that’s separate from Ethereum or separate from the rest of the blockchain space,“ Manian told CoinDesk this week.

“I think we have the raw ingredients to have a shot.”

Every blockchain has limitations. Bitcoin, the first-ever blockchain, can’t do much beyond moving bitcoins from one address to another. It’s a limitation that maximalists say is intentional – making the no-frills bitcoin asset a better candidate to become “digital gold.” However, for traders now accustomed to the flashy NFTs and DeFi apps of other chains, basic bitcoin can leave them wanting more.

Ethereum introduced the world to smart contracts – the blockchain-based computer programs that anyone can create to power those new lending apps and NFT exchanges. However, the network’s high fees (upwards of $14 for a simple token swap) and relative sluggishness (around 27 transactions per second, versus over 1,600 per second on the Visa card system) have left room for newer blockchains to serve particularly demanding use cases, such as gaming.

As the tradeoffs of different blockchain designs have grown more obvious, the blockchain industry – and the Ethereum ecosystem in particular – has gradually coalesced behind the idea of a “multichain” universe, where different blockchains peacefully co-exist to serve different use cases.

The multichain ecosystem of old was plagued with security issues, however. Of particular concern were the cross-chain bridges used to move assets between disparate networks. Bugs in those bridges – or in the blockchains they carried assets to and from – led to high-profile exploits like the Ronin bridge hack, which siphoned over 600 million to alleged North Korean hackers.

Among the first projects to push a solution to the multichain security quandary was Cosmos. Built by a firm called Tendermint (now called Ignite), and now maintained by a wider consortium of developers and companies, Cosmos “appchains” were designed to interoperate from day one – a technical distinction that drastically reduced the surface area for potential bridge hacks. Among Cosmos’s key differentiators were the Inter-Blockchain Communication Protocol (IBC), which allowed assets to easily flow between chains, and Interchain Security (ICS), which allowed newer blockchains to borrow the security apparatus of existing networks.

Even as IBC and ICS were still in development, Cosmos was one of the biggest beneficiaries of 2019’s DeFi boom and the subsequent crypto craze. As startups raced to build new blockchains during the frothy, low-interest rate funding environment of 2019-2021, they frequently turned to Cosmos’s open-source developer toolkit, or SDK, which was then among the few ways to quickly build a new blockchain network.

“In 2019 there were two toolkits: there was Substrate and then there was the Cosmos SDK,” recalled Manian. “As a practical matter, everyone used the Cosmos SDK.”

Cosmos supplied the building blocks behind Binance’s popular BNB blockchain, the once-massive Terra blockchain, and the Cosmos Hub, the original Cosmos chain, whose ATOM token consistently hovers towards the top of crypto market charts.

As a bonus for using Cosmos, teams could boast environmental sustainability. The two largest blockchains – Bitcoin and Ethereum – used a power-hungry “proof-of-work” model to power their networks. Cosmos chains use “proof-of-stake” – a system that forgoes the energy-intensive practice of crypto mining and has since been embraced by a growing number of different blockchains, including Ethereum.

Whatever its early advantages, Cosmos has begun losing its grip on developers in recent months.

In the earliest days of 2022’s crypto market crash – while Sam Bankman-Fried and his FTX crypto exchange could still convincingly claim solvency – the Cosmos ecosystem was already beset by catastrophe. In May of 2022, Do Kwon’s “decentralized” digital dollar, Terra USD (TUSD), fell in price from $1 to below a penny in the span of a few days.

Terra tried (and failed) to use algorithms – rather than collateral – to keep TUSD at the price of $1. The project was built using Cosmos and was therefore compatible with other Cosmos-based chains. As the market caps of TUSD and its sister token, LUNA, initially climbed above $40 billion, much of that money flowed into a budding suite of Cosmos-based DeFi apps.

When TUSD and LUNA crashed, so did Cosmos’s DeFi ecosystem.

Osmosis, Cosmos’s main decentralized exchange (DEX) chain, boasted nearly $1.7 billion worth of liquidity at its February 2022 peak – a sum representing the total value of deposits into the platform for swapping Cosmos-based tokens. By June 2022, a month after Terra’s collapse, Osmosis liquidity had dropped to $150 million. Another year later, it sits even lower, at $116 million. (By comparison, Uniswap, the largest decentralized exchange on Ethereum and several other blockchains, dropped from around $7 billion to $3.8 billion since Terra collapsed – a 46% drop versus 93% on Cosmos.)

Less liquidity on Cosmos means less incentive for developers to deploy apps into the ecosystem.

“In many ways, it’s faded from people’s minds, what Terra meant to the Cosmos ecosystem,” Manian told CoinDesk in February – nearly a year after Terra collapsed. “I think the hit has been massive.”

Terra doesn’t bear complete blame for deterring developers. Cosmos SDK’s key features – its sustainability, shared security and interoperability – are also no longer as rare as they once were.

Cosmos helped to trailblaze proof-of-stake consensus and continues to claim its low carbon footprint as a key advantage on its website. But proof-of-stake is no longer a differentiator. In addition to serving as the foundation for most newer blockchains, Ethereum – the most-trafficked chain other than Bitcoin – shifted to a proof-of-stake mechanism in 2022 with its highly-publicized “Merge.”

Shared security was also supposed to be key value-add for Cosmos, enabling upstart blockchains to borrow the security apparatus of other networks. Cosmos introduced the functionality this year with a feature called Interchain Security (ICS), but a buzzy new project on Ethereum, called EigenLayer, has launched with similar capabilities.

Cosmos’s dominance in the chain-building space has also faded with the entrance of new competitors.

Ethereum’s community has looked to expand the ecosystem via third-party scaling networks, called rollups, that allow users to transact more quickly and cheaply than on the main chain, but without losing the base network’s essential security guarantees.

Recently, virtually every big rollup project has opted to release its technology out into the open for other teams to pick up and use. The “blockchain-in-a-box” pitches from Optimism, Arbitrum, Polygon and other rollup providers look similar to that of the Cosmos SDK – as do key features like customizability, shared security, low fees and interoperability.

A clear new frontrunner in the blockchain toolkit race is Optimism, whose OP Stack toolkit was used to power – among other new networks – Base, the new blockchain from Coinbase, and Mantle, a new chain linked to the Bybit exchange.

“We were pretty much batting 100 for exchange chains, where every exchange, when they started to ship a blockchain, was using Cosmos SDK,” lamented Manian. “Now, two of the biggest exchanges have picked different technology stacks.”

Even Binance’s BNB chain, which was built using the Cosmos SDK, has begun testing a version of its network that runs using the OP Stack.

Cosmos still has plenty going for it in terms of its technical bona fides.

dYdX, one of the largest decentralized cryptocurrency exchanges, decided last year to move to a new Cosmos chain after finding Ethereum too expensive and sluggish for its use case.

Other projects in the Cosmos community hope that dYdX’s upcoming Cosmos app, which is currently in testing, will replenish some of the users and liquidity that Cosmos lost with Terra’s collapse. The migration has already been helpful: Circle, the company behind USDC, the second-largest U.S. dollar-pegged stablecoin, announced plans to mint its coin directly onto Cosmos – a move timed to align with the new app from dYdX, one of USDC’s biggest users.

Cosmos’s boosters also claim their toolkit – though it now lags behind some newer tools in terms of its overall ease of use – still provides more flexibility to builders.

“There’s ‘interoperability’ and there’s ‘appchain,’” explained Manian. According to the Sommelier founder, Ethereum’s layer 2 toolkits only allow for “interoperability” – enabling people to code up new chains that can easily talk to one another and send assets back and forth. These aren’t “appchains,” according to Manian, because they still rely on Ethereum for their security and other core functionality.

Manian says that Cosmos, by contrast, allows developers to “vertically integrate as much as possible,” meaning they can control every facet of how their blockchains are designed – from how quickly they settle transactions, to the rules they use to power their security.

When it comes to Ethereum’s rollup toolkits, Manian argues that “their actual ability to build an appchain is actually at a pretty early stage. They could never have built what dYdX has built.”

Beyond the technical, Cosmos still has other headwinds.

For one thing, the SEC lumped ATOM in with a list of crypto “securities” in its recent lawsuits against Binance and Coinbase. A securities designation is rarely good news for a crypto project, but Cosmos wasn’t the only project targeted this time around – Polygon (MATIC), Solana (SOL), and several others were also listed. Moreover, while ATOM is deeply ingrained into Cosmos’s leading DeFi apps, its core infrastructure doesn’t rely on ATOM to function.

Cosmos co-founder Ethan Buchman was unwilling to comment on the SEC suits to CoinDesk.

Perhaps a larger problem than technical obsolescence or securities laws is Cosmos’s own community. Even in the raucous world of crypto, Cosmos’s open-source developer community is among the wildest. Its history is replete with mass resignations, lawsuits, and allegations of decentralized voter fraud.

Jae Kwon, one of the ecosystem’s founders, remains one of the more controversial figures in the blockchain world. His return last year to Ignite – the development firm he co-founded to build Cosmos, but left following a leadership dispute in 2020 – was accompanied by layoffs and strategic shifts that have largely backseated Cosmos infrastructure development to other priorities.

As a result, the ecosystem has less of a clear organizing structure than similar projects – with a hodge-podge of non-profits, development firms, and lone-wolf engineers all playing some role in pushing the technology forward.

There are, of course, some disadvantages to Cosmos’s messy politics. Community governance disputes frequently lead to technical setbacks – like when a long-planned, strategically important “revamp” for the Cosmos Hub blockchain was sidelined by a contentious community vote.

“I have often felt that the like organizational drama we’ve experienced in Cosmos is just the universe’s way of giving everyone else a chance to catch up because we were so far ahead,” said Buchman, in a panel discussion on Tuesday.

The politics have also led to some reputational baggage. As dYdX prepared for its shift to Cosmos, its CEO, Antonio Juliano, tweeted “I specifically don’t want dYdX’s brand to be too associated with cosmos.” The rationale behind this statement, according to Juliano, didn’t have anything to do with Cosmos drama. According to the dYdX founder in that same Twitter thread, “[a]pps should transcend any particular technology they are built on,” and “[t]his is not to say we aren’t huge fans of cosmos.”

However, some on Cosmos Twitter interpreted Juliano’s remarks as a veiled critique of the community’s antics – a sign that they would need to tame themselves or risk repelling future builders.

On the other hand, it’s from this chaos that comes some of Cosmos’s beauty. If the Cosmos experiment does succeed, its proponents say it will hold a truer claim to the mantle of “decentralization” than competing projects led by centralized companies or pseudo-decentralized foundations. While Cosmos has its own grant programs and informal hierarchy, its core infrastructure and many of its most popular projects are maintained bottom-up by a passionate base of builders.

“There’s this philosophy and set of values that shines through that is really, you know, tuned to the hacker culture of openness and experimentation,” Buchman told CoinDesk. “Those values are going to be true in the long term, and despite all these short-term market setbacks, that’s the kind of thing that’s gonna win in the end.”

As for what success actually looks like, many of Cosmos’s core contributions to the blockchain space – early models for interoperability, proof-of-stake, and shared security – have already crept their way toward ubiquity, meaning they’ve been validated by the wider industry.

Despite his existential prognostications, Manian said he is confident that Cosmos will continue on in some form. He just hopes its vibrant builder ecosystem doesn’t fade into the background.

“I think the big question,” he said, “is whether or not Cosmos continues to exist as an identifiable, distinct thing, or it just gets swallowed up into: ‘Oh, it’s just one toolkit that you can use to build an appchain’”

Crypto infrastructure firm Chainlink claims its proof-of-reserves service – designed to help users verify that exchanges and asset managers have the backing they profess – “enables the reliable and timely monitoring of reserve assets using #ProofNotPromises.”

In reality, the system frequently relies on promises all the way down.

Chainlink Proof of Reserve is one of the only ways for crypto custodians to track real-world assets directly on blockchains, a service that unlocks a host of safety and transparency benefits for the end-users of decentralized finance (DeFi) products.

However, rather than help crypto users transact with more confidence and transparency, Chainlink’s reserve tech can also provide them with a false sense of security – adding a veneer of legitimacy and “decentralization” to the same inadequate accounting practices that were exposed by the collapse of the FTX exchange.

When it comes to integrating centralized data into decentralized protocols, a deep dive into Chainlink’s proof-of-reserves tech shows how “promises,” not “proof,” are often the best that one can realistically hope for.

This article is featured in the latest issue of The Protocol, our weekly newsletter exploring the tech behind crypto, one block at a time. Sign up here to get it in your inbox every Wednesday.

Chainlink is the leading provider of crypto “oracles” – software modules that gather off-chain data – prices, weather info, whatever – and then feed that into blockchain-based applications. Chainlink’s main draw is that it can source information from a wide network of node operators, reducing the need for platforms to place their trust in centralized data sources.

Over the past couple of years, Chainlink has expanded its product suite to include proof-of-reserves accounting – a way for crypto custodians to prove that they hold as many assets as they claim to customers.

Proof-of-reserves has become a hot topic since last year’s crypto-market meltdown, which prompted questions over how investors might be able to verify if their exchanges can actually prove they are safely keeping customers’ assets, and where.

After the FTX exchange crashed and was accused of misappropriating user funds, leading exchanges like Binance, and stablecoin operators like Circle – companies that custody user funds or issue tokens representing assets in real-world banks – rushed to prove that their reserve claims can be trusted.

Even as companies began publishing official proof-of-reserves reports, users demanded more than just third-party audits and attestations – like the ones FTX received – to back up their numbers.

Chainlink offered these companies an alternative – a way to transparently monitor and report their reserves in a manner that leveraged the “autonomous,” and “decentralized” properties provided by blockchains.

Looking under the hood, however, Chainlink’s tech may add more confusion than transparency in some cases. Its decentralized oracle network helps ensure the safe delivery of off-chain reserve data, but it doesn’t make that data any more credible than it would be otherwise.

Chainlink explains its reserve-proving tech on its website: “Operated by a decentralized network of oracles, Chainlink Proof of Reserve enables the autonomous auditing of collateral in real-time, helping ensure user funds are protected from unforeseen fractional reserve practices and other fraudulent activity from off-chain custodians.”

As for what this unlocks, according to Chainlink, “rather than forcing users to trust paper guarantees made by custodians, Chainlink PoR can be deployed for automated on-chain audits that give users a superior guarantee of an asset’s underlying collateralization.”

Paxos, the stablecoin operator, uses Chainlink PoR for PAXG, its gold-backed stablecoin, and USDP, its U.S. dollar-pegged stablecoin.

On Twitter, Chainlink boasted that its partnership with Paxos would allow app developers “easily audit the off-chain gold reserves backing PAX Gold.” Paxos, in a press release, said the Chainlink oracles would enable people to “quickly verify on-chain that PAX tokens are fully backed 1:1 by U.S. dollars and PAXG tokens are fully backed by gold bars, both of which are held off-chain in Paxos’ custody.”

The terms “audit” and “verify” may be a stretch in this case, however.

Of the 16 third-party node operators that report on PAXG’s gold reserves, every single one of them gets its data from the same place: Paxos itself. It’s the same case for USDP: Chainlink’s “decentralized” network of 16 node operators each reports that the stablecoin is backed by $1.04 billion – the number handed to them by a Paxos API, meaning it’s a data feed that comes directly from the project.

Chainlink calls this reporting practice “self-attestation,” and it warns in its developer docs that “self-attested feeds carry additional risk.”

In a statement shared with CoinDesk, Chainlink said “Only a small minority of Chainlink PoR users are still self-attested,” adding that “Some users start here as a first step towards greater transparency.” Chainlink did not provide any examples of projects that have moved from self-attentions to other reserve-reporting methods.

Whatever the precise details on how Paxos calculates its reserve numbers (Paxos did not immediately respond to CoinDesk’s questions on the matter), the data that the company reports to Chainlink ultimately requires total trust in Paxos – not Chainlink’s third-party oracle network.

There are reasons why consumers might trust Paxos. For one thing, the stablecoin issuer uses a third-party accounting firm to conduct monthly attestations of its PAXG and USDP reserves, though the data that Paxos reports to Chainlink is updated more frequently than that – at least once per day.

Paxos is also a New York State-chartered trust company, meaning it is much more tightly regulated than most other stablecoin operators. However, Paxos was recently forced to stop minting Binance-linked BUSD stablecoins after New York State regulators charged the firm with violating “its obligation to conduct tailored, periodic risk assessments and due diligence refreshes.”

Paxos uses its Chainlink PoR feeds as a way to earn credibility with distrustful DeFi traders, but its “fully-backed” claims don’t become more credible just because they pass through Chainlink’s decentralized oracle network.

Using an extreme analogy – a stablecoin issuer “self-attesting” to its reserves via Chainlink would be like FTX emailing its financials to 16 people and asking them to disseminate the numbers on its behalf. Even if numbers are “audited” (as they often were, in the case of FTX), they would ultimately only be as trustworthy as that original email from FTX.

Different companies use the “proof-of-reserves” moniker to describe different accounting systems, each of varying quality. Accordingly, Chainlink’s PoR partners all use their methods to back up their reserve claims.

“Chainlink will do all kinds of different stuff and just call it ‘proof-of-reserve,’” explained Niklas Kunkel, formerly head of Oracles at MakerDAO. One decentralized app’s proof-of-reserves program “doesn’t have the same trust or security guarantees as proof of reserve on another app.”

Archblock (previoustly TrustToken), the company behind the U.S. dollar-backed TrueUSD (TUSD) stablecoin, uses Chainlink to prove that each of its TUSD tokens is backed by a dollar in reserves. Instead of self-attesting to its reserves, it reports them to Chainlink’s oracles via The Network Firm, a third-party accountant.

In a blog post explaining its Chainlink partnership, Archblock explained that The Network Firm “aggregates all reserves data (U.S. dollars held at financial institutions) in real-time and serves that information on-chain through Chainlink’s industry-leading decentralized oracle network.”

The Network Firm boasts a robust, industry-first, real-time asset-tracking system. It says it sources reserve data directly from custodians and uses a cryptographic method called Merkle Trees to verify amounts.

However, Chainlink’s oracles aren’t doing any of this cryptography or accounting themselves. Instead, they’re linked up to The Network Firm’s in-house API, a computer system that reports the data to them.

Trusting TUSD’s Chainlink PoR feed means trusting The Network Firm’s attestations.

The Network Firm’s founders used to lead the crypto arm of Armanino – the U.S. accounting firm that shuttered its crypto division after facing ridicule for failing to find discrepancies with FTX’s U.S. division, which it was hired to audit.

Armanino has since defended its work for the collapsed exchange giant, but The Network Firm’s link with FTX’s auditor garnered renewed scrutiny last week when questions surfaced around TUSD’s reserve reports.

Archblock previously used Prime Trust, a large crypto custodian, to hold a portion of TUSD’s reserves and handle stablecoin-to-dollar redemptions. In late June, Nevada regulators ordered the custodian to shut down and accused it of losing $80 million worth of client funds.

Archblock initially stated it had “no exposure” to the Prime Trust debacle but eventually disclosed that it held a relatively small sum ($26,000) with the firm.

Archblock’s about-face came alongside rumors that some people were having issues redeeming TUSD tokens. At one point, the price of TUSD on Bianance briefly dropped to 80 cents. All the events sparked (or were spurred on by) concerns with TUSD’s solvency.

It was a Network Firm disclosure which ultimately gets credit for flagging the ongoing relationship between TUSD and Prime Trust, but the incident also underscored the limited transparency provided by The Network Firm’s reserve-reporting apparatus.

TrueUSD’s ownership and banking relationships have long been difficult for the public to discern, and The Network Firm does not name the banks that TUSD does business with in its attestations. (It referred to Prime Trust as “a U.S. depository institution which has communicated to customers that the institution has been ordered by state regulators to halt deposits and withdrawals for fiat and digital asset accounts.”) Reserve snapshots like those provided by The Network Firm (and most other attestation providers) also frequently lack a full picture as to a company’s total liabilities; even if the money is in a bank account, that doesn’t mean it isn’t owed to someone else.

The numbers reported to Chainlink’s oracles, in other words, can’t possibly tell the full story.

Asked for clarity as to how it specifically track’s TUSD assets, The Network Firm said it was “limited in making public statements about specific clients for whom we are engaged to provide attest services.”

Regular attestations are better than no attestations at all, but with limited transparency come additional questions. For instance, what good is “proof” that reserves exist if a portion of them – however miniscule – are locked up with a collapsed financial institution?

TUSD has a “ripcord” system that works in conjunction with Chainlink’s PoR feeds to auto-pause minting and redemptions in the event of reserve discrepancies. A ripcord was briefly pulled around the time of The Network Firm’s Prime Trust disclosure, but according to a tweet from TrueUSD, this was only “due to a delay in one of the new banking partner’s API interface, which prevented the auditor(TNF) from reading the bank’s latest escrow balance.” The relationship between TUSD and a suspicious “U.S. depository institution” didn’t trigger the ripcord itself.

Chainlink is far from the only company with problem-laden proof-of-reserve promises; the issues with the firm’s PoR tech ultimately stem from limitations with reserve accounting in general.

The key thing is that Chainlink’s decentralized oracle network only serves to ensure that data from centralized entities is not tampered with before it makes it on-chain. It doesn’t make that original data any more (or less) credible.

Chainlink doesn’t hide these caveats. At the bottom of its proof-of-reserve dashboard, the oracle firm cautions that “feeds can vary in their configurations” and warns app-builders that they “are solely responsible for reviewing the quality of the data (e.g., a Proof of Reserve feed) that you integrate into your smart contracts.” While projects like Paxos self-attest to their data, most report their reserve data to Chainlink via auditors or directly from custodians.

But it’s unclear how many end-users realize where they are placing their trust when it comes to Chainlink’s PoR oracles. Frequently, projects use the mere existence of the oracles as a way to bolster their credibility with users.

A Messari report commissioned by Chainlink showed that TUSD deposits dramatically increased after TUSD made its Chainlink PoR push. According to the report, “Within one month after Chainlink added TUSD PoR data feeds, the TUSD market cap increased by 121%,” an increase of over $1 billion. It’s difficult to say how much of this spike is attributable to TUSD’s Chainlink oracles, but the PoR feeds figure prominently in TUSD’s recent marketing.

In response to questions from CoinDesk, Chainlink made the case that its PoR technology – while imperfect – was still a step in the right direction for transparency within the broader crypto industry. The firm points out that it “requires the user to have an attestation method that is publicly disclosed by Chainlink” (emphasis Chainlink’s).

Also, even if reserve claims cannot be backed up with full guarantees, Chainlink notes that it is one of the only solutions for developers to bake them directly into the code of decentralized finance protocols. This can, in theory, unlock a number of safety and transparency benefits for users (e.g. TUSD’s ripcords).

The tech is also powerful for tracking cross-chain reserves – allowing blockchain-based projects on one network to easily prove that they have reserves on another network. Per Chainlink’s statement, “This method fully leverages the immutable and transparent characteristics of blockchains, but is only practical if all assets and related transactions are on-chain.”

In general though, it’s still unclear whether these efforts at transparency are a step in the right direction, or are merely setting up an illusion of decentralization in a fundamentally trust-based system.