Lorenzo Protocol has always emphasized that it is a decentralized BTC liquidity protocol. Governance is done through veBANK voting, and strategies are decided by a committee. The code is all open-sourced on GitHub. It sounds very DeFi, but there is an awkward fact: Lorenzo manages $549,000,000 in assets, all of which are held by the centralized institutions Cobo and Ceffu.
There is a fundamental contradiction here. The core idea of DeFi is trustlessness; you don’t need to trust any intermediaries. All rules are executed by smart contracts. But in the end, Lorenzo's users still have to trust that Cobo and Ceffu won't run away, won't be hacked, and won't be shut down by regulators. What essential difference does this have from traditional finance?
Let's first talk about Cobo, which is a professional digital asset custody service provider that uses MPC multi-party computation technology. The private keys are split into multiple fragments and stored separately. A single node cannot access the complete private key. This technology is indeed safer than single-signature, but it is still centralized since these nodes are all controlled by Cobo.
Although Cobo claims to use hardware security modules (HSM) with tamper-proof physical designs, these devices are still in Cobo's data center. If someone physically accesses the data center, theoretically, they can still tamper with it. Moreover, as a company, Cobo must comply with local laws. If regulators require the freezing of certain assets, Cobo must cooperate.
Ceffu's situation is similar. Although it is under Binance, which looks more reliable, it is essentially still centralized custody. Most assets are kept in cold wallets, with a small portion in hot wallets. This architecture, while high in security, is low in flexibility. Moreover, the private key management of cold wallets still involves human participation, not purely code.
Lorenzo's choice of Cobo and Ceffu for custody surely has its reasons. The main reason may be the limitations of Bitcoin itself. BTC is not like Ethereum and does not have Turing-complete smart contracts. You cannot implement complex DeFi logic on the Bitcoin chain; you must custody BTC and then issue wrapped tokens on other chains.
However, this technical limitation cannot be a reason to abandon decentralization, as there are already more decentralized solutions in the market, such as threshold Network's tBTC, which uses a distributed custody network without a single custodial entity. The private keys are managed collaboratively by multiple independent nodes through threshold signatures.
Although the threshold model is complex, it achieves true decentralized custody. No single entity can control users' BTC. Even if some nodes are compromised or act maliciously, as long as the majority of nodes are honest, the assets remain secure.
Lorenzo might not use the threshold solution because the technical barrier is high, and the development cost is significant. Additionally, the performance and stability of the threshold network may not be as good as Cobo and Ceffu, which are professional institutions. As a new project, Lorenzo may lack the resources and time to build such a complex infrastructure.
But this falls into a paradox: Lorenzo wants to create a decentralized protocol but chooses a centralized solution at the most critical layer of asset custody. It's like building a decentralized building on a centralized foundation. If the foundation has issues, the whole building will collapse.
Lorenzo's defense might argue that although we use centralized custody, we have multiple security measures. Cobo and Ceffu are independent, and any large transfers require multi-signature from three parties: the Lorenzo team, Cobo, and Ceffu must jointly sign to execute.
This multi-signature mechanism can indeed prevent unilateral bad acts, but it also introduces new issues. If two of the three parties collude, users' assets can still be transferred away. Moreover, the Lorenzo team itself is centralized, holding one-third of the signing rights. If the team encounters problems, users are left in a passive position.
More critically, the specific parameters of this multi-signature are not transparently disclosed by Lorenzo. Is it 2-of-3 or 3-of-3? What is the weight of each party's signing rights? Under what circumstances can funds be accessed? These details are unclear, and users can only choose to trust Lorenzo's description.
Lorenzo has also integrated Chainlink's proof of reserve system, which can verify in real-time whether the quantity of BTC held by Lorenzo matches the quantity of issued enzoBTC. This indeed increases transparency, but it can only prove that the reserves are sufficient at a certain moment; it cannot prevent reserves from being stolen or misappropriated.
Moreover, Chainlink's PoR system also relies on an oracle network. Although the oracles are decentralized, the data sources they verify still come from Cobo and Ceffu. If Cobo and Ceffu manipulate the data, Chainlink cannot detect it unless it can directly access addresses on the Bitcoin chain.
From the user's perspective, Lorenzo's custody model brings several practical issues. First is withdrawal delays. If users want to exchange enzoBTC back to native BTC, it needs to go through Cobo or Ceffu's processing procedures, which may take several hours or even days, unlike pure on-chain operations that are so immediate.
Secondly, there is the black swan risk. If Cobo or Ceffu suffer a major incident, such as being hacked, regulated, or going bankrupt, Lorenzo's users may face financial losses or be unable to withdraw for a long time. Although Lorenzo may switch to other custodians, the process would be painful.
The third is the risk of censorship. Since Cobo and Ceffu are registered companies, they are subject to legal regulations. If regulators require the freezing of assets from certain addresses, they must comply. This means that Lorenzo's users could be subject to scrutiny, which contradicts the anti-censorship philosophy of DeFi.
Lorenzo might say that we have no choice but to use centralized custody because managing such a large scale of BTC requires specialized custodial institutions, which individuals or small teams cannot handle. Moreover, institutional custody has insurance, so if something goes wrong, compensation can be claimed. All these measures are to protect users.
However, this logic is flawed because the original intention of DeFi is to eliminate intermediaries and let users control their assets. If intermediaries are introduced for safety and convenience, then what is the meaning of DeFi? It would be better to go directly to decentralized exchanges or banks, as those institutions are regulated and have legal protections in case of issues.
What Lorenzo really needs to do is to be honest with users: we are currently using a hybrid model, where the custody layer is centralized, but the governance and application layers are decentralized. This is not a perfect solution, but it is the best choice given the current technical conditions. We are continuously exploring more decentralized custody solutions.
Moreover, Lorenzo should provide a clear roadmap for decentralization. For example, starting testing threshold-style distributed custody in 2026, gradually migrating assets from Cobo and Ceffu to a decentralized network in 2027, and achieving complete decentralized custody by 2028, allowing users to see the direction and progress.
Additionally, Lorenzo could consider giving users a choice. If users are willing to bear higher risks and costs, they can opt for decentralized custody. If users value security and convenience more, they can choose institutional custody. Both models coexist, letting the market decide which is more popular.
In the long run, if Lorenzo continues to rely on Cobo and Ceffu, it will not be fundamentally different from traditional custodial wrapped BTC. Although it has better governance mechanisms and more cross-chain support, it lacks the core value of decentralization.
This lack may become Lorenzo's fatal weakness, as there is a group of hardcore users in the cryptocurrency community who have very high demands for decentralization. If Lorenzo cannot meet this requirement, these users will not choose Lorenzo but will go to threshold or other more decentralized projects.
Moreover, the regulatory environment is changing. If in the future, regulations on centralized custody become stricter, Lorenzo may be forced to implement KYC, restrict users from certain regions, or even freeze certain addresses. All these could damage Lorenzo's user experience and market positioning @Lorenzo Protocol $BANK
