A working paper published by the European Central Bank (ECB), No. 3208, has scrutinized the governance structures of four major DeFi protocols — Aave, MakerDAO (rebranded as Sky), Ampleforth, and Uniswap — across two snapshots taken in November 2022 and May 2023. The findings paint a stark picture of concentrated control, opaque identities, and limited accountability, challenging the narrative of decentralized decision-making.
Token Concentration: Top 100 Holders Command Over 80% of Governance Tokens
The ECB researchers found that the top 100 addresses across all four protocols held more than 80% of the governance token supply. For Aave and Uniswap, the top five holders alone captured nearly half of all tokens. Ampleforth was even more concentrated, with the top five controlling close to 60%. A majority of these holdings were traced back to the protocols themselves (through treasuries, founders, or developer allocations) or to centralized and decentralized exchanges. Binance held the largest share among centralized platforms, ranging from 2% to 15% depending on the protocol.
Voter Identity: One-Third Unidentifiable, A16z Dominates Uniswap
Using web searches, GitHub, social media, governance forums, and the blockchain analytics tool Crystal Intelligence, the researchers attempted to identify the entities behind voting addresses. Despite these efforts, approximately one-third of the top voters could not be identified. Among those identified, individuals made up the largest group at roughly 21%, followed by Web3 companies at around 19%. Venture capital firms and university blockchain societies also appeared. For Uniswap, the top voter across both time periods was Andreessen Horowitz (a16z), which by May 2023 had voting power delegated to it by 125 addresses. The paper noted that the concentration of governance power remained stable across the two snapshots, indicating that existing power structures are durable and difficult to change through market forces alone.
Proposal Types: Risk Parameters Dominate, Governance Structure Rarely Addressed
The study categorized 248 governance proposals across the four protocols. Risk parameter adjustments (loan-to-value ratios, debt ceilings, stability fees, and emergency shutdowns) accounted for the largest share at 28%. Asset listing proposals made up 23%. Strikingly, proposals about governance structure itself constituted only 1% of the sample, suggesting that the community rarely questions the underlying power distribution.
Regulatory Challenges: Pseudonymity and Delegation Obscure Accountability
From a regulatory standpoint, the ECB researchers concluded that governance token holders, developers, and centralized exchanges cannot serve as reliable regulatory entry points under current conditions. The pseudonymous nature of blockchain addresses, combined with opaque delegation structures, means there is no clear line of accountability for regulators to draw. The EU's Markets in Crypto-Assets Regulation (MiCA) currently exempts services provided in a fully decentralized manner. However, the paper argues that the threshold is difficult to apply in practice, as none of the sampled DeFi protocols came close to meeting a genuine standard of decentralization — most retain meaningful control in the hands of insiders.
Path Forward: Disclosure Mandates, DAO Legal Frameworks, and Hybrid Models
The authors propose several remedies: mandatory disclosure of token holder affiliations, tailored legal structures for DAOs, and hybrid models that blend blockchain-based governance with traditional legal accountability frameworks. They cite the Danish Financial Supervisory Authority framework as a practical starting point for assessing whether an offering is genuinely decentralized. The paper draws a comparison to traditional corporate governance: both systems see low voter turnout and decisions shaped by a small group of active participants. But traditional finance has proxy voting rules, stewardship codes, and legal duties — safeguards that DeFi currently lacks, with key decision-makers remaining largely hidden from public view.

