The Waves DEX launch shows how hard it is to shake centralisation
Central elements in DEXs are like appendixes: Vestigial leftovers that seem harmless until they explode.
Centralised exchanges are a necessary but philosophically inconvenient part of the cryptocurrency ecosystem – greatly facilitating the development of the space and offering useful services while simultaneously being a reminder of how far away true decentralisation is and how useful central authorities can be.
Decentralised exchanges (DEXs) are intended to be the solution.
At their heart, DEXs are just highly advanced bulletin boards for people to post what they're selling and what they want to buy. The exchange's algorithms are responsible for bringing together suitable buyers and sellers as quickly as possible and turning it into a seamless experience.
The result is a system that hopefully functions just as smoothly as any centralised exchange, while letting people trade directly peer to peer without ever needing to actually deposit funds onto a potentially careless exchange. This would allow people to avoid putting themselves at the mercy of the exchange's terms and conditions or experiencing exchange downtime.
DEXs have proliferated, but have so far tended to suffer from problems of low liquidity (not enough people putting notices on the bulletin boards) and slowness (hard time connecting buyers and sellers quickly).
The Waves decentralised exchange has bucked the trend though. After 53 beta tests, the Waves Client went live and has so far enjoyed high speeds and low fees of under $0.01 equivalent per order. Ingeniously, it also lets users issue their own tokens to trade across the network. These tokens might be almost anything, such as a digital invoice for a fiat value that users can redeem for bitcoin.
It's also done over US$7 million in trades over the last 24 hours, across 30 million transactions and 90,000 traders. By the numbers, Waves is still a speck next to the largest centralised exchanges, but a behemoth next to the decentralised exchange norm.
But also like other decentralised exchanges, it has run into some trouble shedding all elements of centralisation the way its nature intended.
Easier said than done
A decentralised exchange theoretically has no clear points of failure. After all, it's just a bulletin board. Even if it does have a weak point, it doesn't hold any user funds so there's nothing to steal.
But any vestigial central authorities are still points of vulnerability. This became clearly apparent shortly after the Waves client main launch, when someone attacked the website itself via the hosting company. They did this by faking the passport of Waves CEO Sasha Ivanov and using it to fool the hosting company.
Pretending to be Ivanov, they then requested that the Waves Client administrator password be changed, allowing them access.
Once inside, they couldn't do anywhere near as much as they could on a central exchange, but they were still able to go phishing for user passwords by sending malicious emails to users and very convincingly pretending to be the real Waves.
A very similar situation struck EOS when its Zendesk support system was breached and used to phish users out of millions. The central weak point there was a Zendesk login.
A less-similar situation, but still reminiscent of the attack on Waves, occurred when Syscoin's GitHub account was hacked, and the hacker used their access to replace its official wallet download link with a malicious fake. The weak point in that case was one of the several developers who had the GitHub login details.
Also, in the case of Waves, many users maintain wallets on the Waves platform itself, which introduces a range of weak points that might ideally be avoided by decentralised exchanges. However, in the near future, the Waves Team is planning to integrate the Waves Client with hardware wallets and to implement 2-factor authentication after the release of smart accounts on mainnet.
Despite the hiccups on launch, Waves still achieved striking numbers for a decentralised exchange. Meanwhile, other projects, such as MaidSafeCoin, are also on the way to decentralising elements like web hosting itself.
The road to true decentralisation is extremely complicated and lined with unfortunate victims like the Parity Project, which serve as dire warnings for the unprepared. That projects are still willingly walking down the road is quite impressive in itself.
Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VET, XLM, BTC and ADA.