Last week, following the theft of roughly $23.5 million worth of cryptocurrency from the Bancor Network, Bancor used its publicly disclosed Anti-Theft Override to freeze stolen BNT in order to immediately recover $10 million of stolen BNT before it was liquidated. Some have claimed that the use of this Anti-Theft Override in the case of an emergency (or at all) demonstrates that Bancor’s decentralized liquidity network is not actually decentralized. We welcome the passionate conversation that has ensued in the industry despite its unfortunate catalyst.

In this post, I’ll explain why the BNT Anti-Theft Override serves a crucial role in protecting the Bancor community, and why token security mechanisms do not undermine the goals of decentralization. Tl;Dr — So long as the existence and use of emergency control functions are fully transparent to the world, and users have the ability to easily fork networks if they disagree with their governance structures or execution, networks remain decentralized and censorship-resistant — a tremendous leap forward from the systems that dominate our online and offline worlds today.

More broadly, this painful security breach presents a valuable opportunity to critically assess our path, as an industry, towards decentralization — and as a society, towards better collaboration systems. At this stage, we must remind ourselves that decentralization is not the goal of this movement. Rather, decentralization is a tool to remove monopoly power over financial (and other) services — where too often entrenched actors misalign interests.

In practice, a single entity cannot exert monopoly power over a system if the system has each of the following features:

Open-source code

A fully transparent database — every action on the network is open and verifiable

— every action on the network is open and verifiable Self-sovereign authentication — users are responsible for their own security (private keys) rather than a central entity that can reset their password

Collectively, these features give users transparency into governance actions, and crucially, the ability to easily fork the network (with all of its functionality and history) if they disagree with its governance or believe it can be improved.

This feature set is a crucial improvement over legacy systems. For instance, if Facebook was forkable, users who were unhappy with its practices could take Facebook’s full functionality, along with their photos, friend graph, content history and more, in order to create their own version of the social network and invite like-minded individuals to join.

But since Facebook is not forkable, participants have little recourse if the platform does not put its users first. Sure, you can leave — but with none of what you or others have contributed over time. The barrier to entry of starting your own network from scratch is great enough to make it highly unfeasible, allowing Facebook to retain most of their users, even when interests are misaligned.

The possibility of easy forks, and the means to verify every network actor’s interactions on the blockchain, do a great deal towards keeping network administrators honest and user-focused. The opportunity for blockchain network and protocol creators is in keeping users by setting them free, not by locking them in.

Now let’s apply this framework to Bancor.

Database Transparency

Unlike many crypto exchanges (including decentralized ones), on Bancor, there are no private order books or off-chain functions. Every movement of tokens and every price calculation is recorded on-chain forever. This ensures that all activity on Bancor is completely transparent and auditable by anyone. If there is malfeasance by Bancor or any of its network participants, one can identify and verify it immediately.

Open Source

Since the Bancor Protocol operates on open-source smart contracts, all code is publicly accessible, forkable, and heavily scrutinized by the community. Whether Bancor succeeds or fails, anyone can use the Bancor Protocol and all its codebase to build automated market-making functionality into their project or create a new liquidity network, using any ERC20 token as its network token.

Self-Sovereign Authentication

Bancor Network users can create a Bancor Wallet as well as use any other Web3 wallet (like MetaMask) to convert their tokens using the protocol’s automated and continuous liquidity mechanism. In either case, users always remain in control of their private keys. Even if the Bancor Network goes offline, users can always access their wallets using their downloadable keystore file or their 12 word phrase.

When the Bancor Network was recently taken offline for maintenance following the security breach, Bancor Wallet users could still access and transfer their funds at any time. And because Bancor neither holds nor has access to these user funds, they were never susceptible to theft. This is a tremendous indicator of decentralization as users are not dependent on the network’s operation to retain access to their assets.

During the incident, the BNT Anti-Theft Override was activated as a countermeasure to a verified external attack. The team openly acknowledges this was an act of governance, one which was previously communicated to the community and deemed necessary to protect the Bancor Network in case of an emergency — such as theft. Having been compelled to activate this feature does not change the fact that both BNT and the Bancor liquidity network are fully transparent and forkable systems. The impetus for decentralization comes from the desire to avoid abuse from the center. When systems are transparent and forkable, those who would abuse controls are those who stand to lose the most.

While some may believe there is no place for governance of any kind in decentralized systems, in reality, all blockchains have some form of human governance processes. Of course, there is a great diversity of possibilities as to what types of governance mechanisms can be designed, upgraded, implemented and by who.

I believe that launching complex fully decentralized networks which lack security switches or upgradeability mechanisms is simply irresponsible. Not allowing for flexibility as we evolve these technologies could cripple the industry. Rather than criticizing token projects that transparently build these mechanisms into their code — including popular tokens such as DAI, Status, OmiseGo and many others — we should be praising them and helping to develop best practices for when and how such mechanisms might be used.

Decentralization is a key feature of the free currency network we are building at Bancor, but it is not the singular aim of the system — especially if it prevents the network from protecting itself and its community. The task at hand in our industry is to balance between nurturing a community towards self-sufficiency, and the potential that these abilities will be usurped for harm. Building open networks which operate transparently and under the condition of easy forkability is how we create counter-balances to potential abuses of power.

These are delicate bridges between theory and practice and we must learn how best to build them together. For example, in 2010, a bug in Bitcoin allowed an attacker to hack 92 billion BTC into existence, forcing developers to hard fork Bitcoin and rollback the blockchain to its state before the attack. Six years later, Ethereum hard forked to fix the DAO attack and rollback the blockchain to recover more than $150M from a known thief. Those who were opposed to this hard fork stayed on the old chain in what is today known as Ethereum Classic, a coin whose market cap is now around 4 percent of Ethereum’s — and has its own potential to thrive.

The DAO attack in particular demonstrates how decentralized communities can vote with their feet. Those who opted in to the forked Ethereum blockchain implicitly agreed that preserving the integrity of the network by preventing theft was more important than pursuing a “code is law” approach to decentralization. Those who believed the latter were also free to walk this path, with whomever would join them now or in the future.

Freedom of currency, and for that matter, freedom at all, requires a diversity of options in order to truly thrive. At Bancor we believe that the emerging long-tail of currencies will include a rainbow of different tokens and networks, serving different purposes and groups at different times. Some currencies may be more functional with fully decentralized models, without any leadership or governance at all, while others may offer users a desired balance between self-reliance and central-protection. The real win for society will be the evolution of currency from today’s monopolies to tomorrow’s freedom of choice.

Naturally, as with any technology, new challenges will emerge even as a result of new solutions to problems. Our job as innovators, explorers, and stewards of these revolutionary decentralization technologies, will be to ask the right questions, not insist on our answers. Bancor is long on decentralization, and even longer on collaboration. It will take both to get anywhere worth going — and we welcome the discussion on these and other topics along the way.

To freedom, to choice, to balance and bridges,

Eyal and the Bancor Team