Dominic Williams, Founder of DFINITY and architect of the Internet Computer Protocol (ICP), has published a detailed response to criticism from Cyber Capital Founder Justin Bons, reigniting an industry debate over what decentralization actually means and how it should be measured.
The exchange began after Bons posted a multi-part thread on X describing ICP as “centralized and insecure,” alleging that an attacker could bring the network down by targeting roughly 40 nodes in known, fixed data centers.
Bons also questioned ICP’s modular subnet design, its lack of shared security between subnets in the sense used by networks such as Avalanche and Polkadot, and its claims around horizontal scalability.
Williams’ reply sought to reframe the exchange around a different question: whether raw node count is a meaningful proxy for network security at all.
The node-count debate
The core of Williams’ argument is that headline node counts, a common talking point in proof-of-stake marketing, are a poor measure of decentralization. In his framing, security in any consensus-based network derives from the number of independent participants in consensus and the distribution of voting power between them, rather than the total machine count.
Williams noted that in proof-of-stake systems, voting power flows from stake rather than hardware, and that large stakers frequently spread holdings across many validators, sometimes to segment key custody, sometimes to work around per-validator stake caps, and sometimes, he alleged, to create the appearance of decentralization.
He argued that if one party controls a sufficient stake, spreading it across additional machines does not change the underlying concentration.
His broader claim was that concentrated control introduces several categories of risk, including honest upgrade errors that cascade into outages, compromise of a controlling entity by an attacker, sudden withdrawal of infrastructure in the event of insolvency, and subtle manipulation of computation or data that is difficult for outside observers to detect.
Allegations about hidden concentration
Williams went further, alleging that a number of major proof-of-stake networks are effectively steered behind the scenes by their founding teams, executives, and early investors.
He referenced previously circulated Crypto Leaks material that alleged Ava Labs and its CEO Emin Gün Sirer control a significant portion of AVAX supply and operate a large share of Avalanche validators. Those allegations have not been independently verified, and Ava Labs has previously disputed similar characterizations.
Williams argued the pattern, in his view, extends beyond any single network. He claimed hidden concentration can offer insiders informal control over upgrades and can influence token market dynamics by keeping earned staking rewards off the market while pre-existing holdings are sold down. Cyber Capital and Bons personally hold positions in several proof-of-stake networks, a point Williams referenced in framing his remarks.
The Nakamoto Coefficient
Williams anchored his rebuttal in the Nakamoto Coefficient, the widely cited metric measuring the minimum number of independent parties that would need to collude to compromise a network.
He noted that under standard Byzantine fault tolerance assumptions, a single party controlling one-third or more of consensus participation can begin exerting various forms of control, regardless of whether the underlying network runs ten nodes or a million.
On this measure, he stated that ICP’s public application subnets, which typically operate with 13 nodes drawn from separate providers, deliver a Nakamoto Coefficient of 5. Bons and other critics have argued the reverse, that a subnet-based architecture concentrates risk rather than distributing it.
Anonymity and the Hetzner precedent
A recurring theme in Williams’ response was validator anonymity, which he described as an increasingly weak shield in practice. He cited the November 2022 Hetzner incident, when the German hosting provider identified and terminated Solana validator instances, removing a substantial portion of the network’s nodes in a single action. He argued that if a commercial cloud can fingerprint validators, state actors can as well.
Bons and others have argued that pseudonymous validator sets remain an important property of censorship-resistant networks, particularly against government interference.
KYC’d operators and legal accountability
Williams described ICP’s approach as one that removes operator anonymity by design. Prospective node providers submit identity and background information via a Network Nervous System (NNS) proposal, allowing the community to review who they are and whether they have relationships to other operators. That verified identity, he said, feeds into how the NNS composes subnets.
He argued that this design shifts accountability from purely on-chain slashing to real-world legal exposure. Malicious operators, in his framing, could face civil liability across jurisdictions and, in some cases, criminal prosecution under statutes such as the UK’s Computer Misuse Act of 1990.
“Slashing is a financial incentive that exists within a hypothesized microeconomic framework. In some scenarios, it’s possible that a node operator might extract more value through dishonest actions than they lose when they get slashed,” Williams wrote. “The introduction of legal penalties for dishonest behavior act as a far more powerful real-world incentive.”
Critics have countered that KYC’d operators introduce their own trade-offs, including regulatory pressure points and the possibility that jurisdictions could compel operator behavior.
Subnet composition
Williams described ICP’s subnet composition mechanism, referred to by DFINITY as “deterministic decentralization,” as one that draws nodes from independent providers while accounting for data center diversity, geographic distribution, and jurisdictional separation.
He argued that clustering in a single facility or country creates correlated failure risks that raw node count does not capture, and that subnet composition should factor in those variables directly.
Bons’ original critique took the opposite view, arguing that the publication of data center locations and provider identities makes the network easier, rather than harder, to target.
Williams also disputed Bons’ claim that ICP lacks shared security, stating that the NNS chains cryptographic keys to every subnet it creates, meaning transactions triggering on-chain computation are transitively signed by an NNS-anchored key. Independent verification of that architectural claim is available in DFINITY’s published technical documentation.
Subnet sizing and cost
Williams addressed Bons’ complaint that ICP’s public application subnets use 13 nodes by arguing that the relevant question is whether subnet size is proportionate to workload, not whether the number is high in absolute terms. He contrasted this with Ethereum’s model, in which state is replicated across a very large validator set, and argued that beyond a certain point, additional replication produces diminishing security returns while multiplying on-chain compute costs.
He noted that private subnets planned for enterprise use, which DFINITY refers to as Cloud Engines, are expected to be configured by customers themselves, and that in his estimation, many will opt for smaller node counts corresponding to Nakamoto Coefficients of 2 or 3. Subnets performing more sensitive functions on ICP, including those hosting the NNS itself and those involved in threshold cryptography, are allocated around 50 nodes.
Whether that sizing philosophy is appropriate for a network positioning itself as onchain infrastructure remains contested. Supporters view it as a pragmatic engineering choice; critics view it as a security trade-off that has yet to be tested at scale.
An unresolved debate
The Williams-Bons exchange is the latest instalment in a broader industry disagreement over what decentralization means in practice and how it should be measured. Node counts, validator sets, Nakamoto Coefficients, jurisdictional diversity, and operator identity requirements each capture a different slice of the picture, and no single metric has emerged as authoritative.
Neither Bons nor Cyber Capital had issued a follow-up response to Williams’ thread at press time.
Also Read: Justin Sun’s TRON Activates Quantum-Resistant Signatures on Nile Testnet
