The European Central Bank (ECB) has released a detailed working paper examining the inner workings of decentralized finance, or DeFi, with a sharp focus on who actually controls decision-making in these supposedly leaderless systems.
Titled “Who to regulate? Identifying actors within DeFi’s governance,” the study by ECB economists Alexandra Born, Zakaria Gati, Claudia Lambert, Mahvish Naeem and Antonella Pellicani analyses four leading protocols—Aave, MakerDAO, Ampleforth and Uniswap—using on-chain data up to May 2023.
The findings challenge the narrative of full decentralization and offer timely guidance for supervisors as the sector matures.
DeFi protocols use blockchain-based smart contracts and decentralized autonomous organizations (DAOs) to deliver services such as lending, stablecoin issuance, automated market-making and token swaps without traditional intermediaries.
Governance tokens grant holders voting rights on critical issues, including risk parameters, asset listings, fee structures and treasury management.
In theory, this creates a transparent, community-driven model. In practice, the paper reveals striking concentration of power.
Across the four protocols, governance token holdings are heavily skewed.
Roughly half or more of the supply is controlled by a small group of addresses linked to the protocols themselves, affiliated foundations, centralized or decentralized exchanges, and early venture-capital backers.
The top 100 holders often command more than 80 percent of voting power.
Even smaller holders frequently delegate their votes, further amplifying the influence of a handful of active participants—most of whom operate through pseudonymous wallet addresses that are difficult or impossible to trace to real-world identities.
The study also documents how DAOs respond to crises. During the March 2023 turmoil following the Silicon Valley Bank collapse, MakerDAO moved swiftly to adjust debt ceilings and collateral requirements within 48 hours, demonstrating operational agility.
Yet the same concentrated structure that enables quick decisions also creates vulnerabilities.
Flash-loan attacks, collusion risks and misaligned incentives remain real threats, as seen in the more than $1.1 billion stolen from DeFi protocols in 2023 alone.
From a functional standpoint, DeFi mirrors many traditional finance activities—providing liquidity, enabling borrowing and facilitating trading—but does so with lower costs, 24/7 availability and greater transparency through public blockchains.
These features can promote financial inclusion and spur innovation.
However, the absence of fiduciary duties, disclosure requirements and clear legal accountability distinguishes DeFi from regulated markets and raises agency problems similar to those in corporate governance, only without the usual safeguards.
The paper’s policy implications are particularly relevant for the European Union’s Markets in Crypto-Assets (MiCA) regulation, which largely excludes fully decentralized activities.
Because many protocols retain identifiable points of control—developers, token treasuries or exchange listings—the ECB suggests these could serve as practical anchors for oversight.
The authors recommend improving on-chain transparency, clarifying legal status for DAOs (drawing on experiments such as Wyoming’s DAO LLC framework) and adopting hybrid regulatory models that balance innovation with stability.
As DeFi’s total value locked continues to grow and its links to traditional markets deepen, the ECB paper underscores a central tension: genuine decentralization remains elusive when power concentrates in the hands of a few, often unidentifiable actors.
For policymakers, the main takeaway is seemingly clear—effective supervision will require smarter identification of responsible parties rather than accepting surface-level claims of disintermediation. The study provides a data-driven foundation for refining Europe’s approach to crypto-asset governance in the years ahead.