Investors see the potential ROI in DeFi.
Most especially when they see testimonials of their friends or influencers – they get charged up. Some become more aggressive in investing.
This suddenly keeps them in a situation of missing tiny details that could make them lose their funds.
In this article, you will learn about the various problems and attacks.
This enlightens you to identify these DeFi risks and avoid them.
You will be given examples of victims of some of these DeFi risks.
While we push harder to make DeFi go mainstream, this is a call to all founders, developers, influencers, and other good actors in this industry to take it upon ourselves to call out scams and fake projects that pose a threat to Newbies who are unaware of their tricks.
Problems Associated With DeFi. Is DeFi Risky?
1. Lack of Regulation
The lack of regulations in the industry fosters fraudulent activities and scams.
Peter Grosskopf, a DeFi expert and researcher, discussed extensively how DeFi could be regulated without too much pain.
2. Usability and Complexity
Many DeFi platforms have complex interfaces that are not user-friendly. Old users in this space may use experiential knowledge to navigate their way around such DeFi protocol.
However, it will be difficult for new users to navigate and use these DeFi protocols.
This creates barriers and challenges for users and developers.
SBF, the former founder and CEO of FTX, tweeted a thread about the state of DeFi, in which he discussed the issues of trust, centralization, and usability.
He argued that DeFi is still too complex and inaccessible for most users and needs to improve its user interface, user experience, and education.
3. Interoperability Issues
Interoperability issues are a DeFi problem because they make it difficult for users to move their funds or data across different protocols.
Projects like LayerZero, Connext, and Atomic Swap solve this problem. Still, after users lost their funds to cross-chain hacks in 2022, protocols owe it to users to build their trust before expecting users to start keeping their funds in DeFi protocols.
4. High Gas Fees
Depending on the blockchain, transactions on DeFi platforms can sometimes incur high fees, which deter smaller investors. Ethereum is a practical example of blockchains with high gas fees.
High gas fees increase the cost and reduce the profitability of using DeFi protocols, especially for small or frequent transactions.
An article by Cointelegraph reported that Ethereum reached a new all-time high of $1,439 on January 19, 2023, but also faced soaring gas fees that topped $1,000 for some DeFi protocols.
The article also mentioned that some users reported estimated gas fees of nearly $5,000 to accept a bid on Rarible, a platform for creating and selling digital collectibles.
Due to Ethereum’s high gas fees, projects are now being funded and developed to solve high gas fees in DeFi.
Kadena, a scalable and energy-efficient blockchain platform that supports DeFi, tweeted about how it offers practically free gas fees, unlimited scalability, and more energy efficiency than Bitcoin and Ethereum.
The tweet also quoted a video that explained how Kadena excels in various aspects of DeFi, such as energy efficiency, proof-of-work, decentralized exchange, and NFT.
Many DeFi lending platforms require users to over-collateralize their loans, which can be a significant barrier for many users.
Over-collateralization is providing more collateral than the value of the loan or the stablecoin that is issued.
Let’s imagine you want to borrow 1,000 DAI. You have to provide a collateral of 1,200 USDT to the DeFi protocol before they can lend you the 1,000 DAI.
It is a way of managing risk and ensuring that the lender or the issuer can recover their funds in case of default or de-pegging.
6. Impermanent Loss
Liquidity providers to DeFi platforms suffer from impermanent loss, a complex issue relating to providing liquidity in automated market makers(AMM).
The Liquidity Provider sells the token, which is more in demand. Thus, it would incur a slight loss when compared to holding. If the market price of Arbitrum changes from $0.5 to $1, the pool would:
ARB = $0.5
ARB/USDC pool: (1,000 ARB, 250 USDC) = $750
HODL: (1,000 ARB, 250 USDC) = $750
ARB = $1
ARB/USDC pool: (353.5 ARB, 353.5 USDC) = $707
HODL: (1,000 ARB, 250 USDC) = $750
Loss: $750 – $707 = $43
You would make a loss of $43 by LPing instead of just holding; this is known as impermanent loss (IL). You can make this money from the profits earned from providing liquidity.
However, be aware that when providing liquidity, the amount provided in a pool doesn’t come back the same.
7. Price Volatility
The value of assets within the DeFi space can be highly volatile, making investments riskier.
It affects the performance and stability of DeFi protocols, especially those that rely on market prices for their functions.
DeFi Man tweeted how low volatility affects the performance of perpetual decentralized exchanges (perp DEXes), allowing users to trade perpetual contracts without intermediaries.
He explained that low volatility leads to low volumes, low fees, and lower prices on perp tokens, representing users’ positions on the platform.
8. Front Running Attacks
Transaction ordering and front-running attacks are common DeFi risks.
This is often where a malicious actor intercepts your order from a transaction pool and places a trade right before you, so you get a worse price.
Here’s how it works: On a blockchain platform like Ethereum, transactions are grouped in a queue called a mempool.
Miners responsible for validating and adding transactions to the blockchain have access to this mempool.
When they see a pending transaction that could potentially affect the price of a cryptocurrency, they may place their transaction ahead of it in the queue. By doing so, they can potentially profit from the price movement caused by the pending trade.
To put it simply, front running involves taking advantage of insider information about future transactions to gain an economic advantage at the expense of others who introduced those transactions.
9. Centralization Risks
Although DeFi aims to be decentralized, some platforms maintain central control through admin keys or governance tokens, posing risks of centralization.
The problem with centralization risks is they compromise the security, autonomy, and trustlessness of DeFi protocols, especially those that rely on centralized entities or intermediaries for their functions.
For instance, centralized oracles are single points of failure that can be corrupted or attacked and expose DeFi protocols to various risks, such as flash loan attacks, oracle exploits, or data manipulation.
10. Liquidity Issues
Many new or smaller DeFi platforms struggle with liquidity, which limits the growth and utility of these platforms.
Liquidity issues limit the availability, efficiency, and diversity of DeFi protocols, especially those that rely on liquidity pools for their functions.
11. Limited Consumer Protection
Lack of appropriate consumer protection measures can sometimes result in significant user losses. It exposes users to risks and challenges when using DeFi protocols, especially without adequate information, guidance, or support.
12. Sybil Attacks
DeFi platforms are sometimes susceptible to Sybil attacks, where a single person/organization controls multiple nodes on a network, undermining the decentralization principle.
Malicious actors create multiple fake identities or accounts to manipulate or exploit DeFi protocols, especially those that involve voting, governance, or rewards.
Sybil attacks are rampant in DeFi protocols that will likely do an airdrop. Sybil attackers create multiple wallets to interact with a DeFi protocol to get multiple token shares.
Sybil attacks undermine the security and fairness of DeFi protocols that assume that each user has only one identity or vote.
A possible solution to this problem is introducing identity verification and reputation systems.
13. Flash Loan Attacks
To take a normal loan from traditional banks, you must provide proof of reserves, income, collateral, etc. With flash loans, you only need the relevant tokens and a hot wallet.
Flash loan attacks are very popular in the DeFi ecosystem. However, flash loan attacks have been used to attack vulnerable DeFi protocols and steal millions of dollars.
To understand this, let’s break it down into three parts:
- Flash loans: These are a new type of uncollateralized loans enforced by smart contracts in the decentralized finance (DeFi) space. Unlike traditional loans, flash loans don’t require any collateral. They allow users to instantly borrow a large sum of money and return it within the same transaction.
- Manipulating the market: Once the attacker has borrowed the funds, they use various tactics to manipulate the price of a cryptocurrency on different exchanges. By artificially inflating or deflating the price, they can create opportunities to profit.
- Quick execution: The attack happens within seconds and involves multiple DeFi protocols. The attacker takes advantage of the speed and efficiency of blockchain transactions to execute their plan swiftly and exploit any price discrepancies.
In the first half of 2023, $207 million has been lost to flash loans.
14. Oracle Manipulation
Some DeFi applications rely on external data providers called Oracles. Attackers can manipulate these data feeds to exploit the DeFi protocols.
Bad actors tamper with the data sources that DeFi protocols use to execute their functions, such as market prices, exchange rates, or weather conditions.
Zellic tweeted about the price oracle manipulation vulnerability category, which affected many DeFi protocols in 2022.
Chainalysis said DeFi protocols lost $386.2 million in 41 separate oracle manipulation attacks. It also mentioned that its protocol, Aptos Move, cannot avoid this vulnerability category.
15. Insufficient Insurance Coverage
The DeFi space lacks comprehensive insurance solutions to protect users against potential losses due to various exploits, especially those that involve complex or experimental features.
InsurAce.io Protocol, a DeFi platform that provides insurance services for DeFi protocols, tweeted about its multi-chain launch that will provide insurance coverage to DeFi protocols on a wide range of public chains, such as Ethereum, Binance Smart Chain, Heco, Solana, Polygon, and Fantom.
It stated that this will address the insufficient insurance coverage issue in the DeFi space and offer more protection and security to users.
Qredo, a DeFi platform that provides decentralized custody and settlement services for crypto assets, tweeted a thread about the different types of DeFi insurance, such as smart contract failure, custodial risk, or market risk.
It pointed out that many DeFi insurers, such as Nexus Mutual, provide coverage for incidents like smart contract failure.
However, gaps and limitations exist in the current DeFi insurance market, such as high premiums, low capacity, or slow claims.
16. Poor Governance Models
Some DeFi projects have poorly structured governance models, leading to centralized decision-making and potentially unfavorable changes to the protocol.
Poor governance models affect the accountability and transparency of DeFi protocols, especially those that involve token holders or community members.
In July 2023, several OG DeFi project tokens skyrocketed due to the changes they made in their governance models.
These projects have been implementing new features such as token burns, fee distributions, or liquidity mining to increase the value and utility of their tokens.
Some of these OG tokens are Maker, AAVE, and Balancer.
17. Lack of Audit Transparency
While many DeFi projects undergo smart contract audits, these audits’ quality, security, reliability, and transparency can sometimes be questionable.
Temmy, a DeFi expert and researcher, tweeted a thread about the ongoing DeFi problems that have been bothering users, such as security, hacks, audits, and monopoly. He stated that after a decade in DeFi, more than 1.5 billion people still lack financial access.
As security weakens, hacks grow, audits falter, and monopoly clouds transparency, it’s time for a reset.
18. Network Congestion
High network usage sometimes leads to congestion, slowing down transaction speeds, increasing costs, delays, errors, or failures in processing DeFi transactions, which can affect the performance, usability, and security of DeFi protocols.
We have had several scenarios where a network was temporarily turned off due to congestion. An example of such an event is the picture below.
19. Smart Contract Bugs
Smart contracts are self-executing agreements that run on blockchains and are supposed to be immutable and trustless.
However, if there are errors or vulnerabilities in the code, attackers can exploit them if not identified and fixed promptly.
Smart contract bugs can cause severe losses of funds, security breaches, and reputational damage for the projects and users involved.
Pera Finance, a DeFi project that offers frictionless yield generation, discovered a bug in the smart contracts of more than 100 projects with the same feature.
The bug could cause holders to lose their funds if they transfer their tokens to another address. Pera Finance warned the community and published a detailed article explaining the issue.
20. Legal and Compliance Challenges
DeFi operates permissionless, which means anyone can create, access, and use DeFi services without intermediaries or gatekeepers.
DeFi operates in a relatively new space and often faces legal and compliance challenges, including potential scrutiny from regulatory bodies.
This creates uncertainty and risk for the developers and users of DeFi applications.
However, this also means that DeFi may not comply with the existing laws and regulations that govern the traditional financial system, such as anti-money laundering, consumer protection, securities, taxation, and licensing rules.
21. Phishing and Scams
Like many online spaces, the DeFi sector is also rife with phishing attacks and scams, which can result in the loss of funds for unsuspecting users.
Phishing scams can trick users into revealing their private keys, passwords, or seed phrases used to access and control their crypto wallets.
Phishing scams can also redirect users to fake websites that mimic legitimate DeFi platforms, where they can be deceived into sending their crypto assets to the scammers.
Bitcoin News tweeted that phishing scams accounted for almost 17% of the total losses ($108.3 million) in DeFi-related theft and fraud this year.
22. Educational Gap
There is a significant educational gap, with many potential users lacking the knowledge and skills to navigate the DeFi space safely.
This can hinder the adoption and security of DeFi protocols. DeFi requires technical knowledge and financial literacy to use and understand, which may not be accessible or available to many potential users.
Educational gaps create barriers for developers and investors who want to participate in the DeFi ecosystem.
23. Sustainability Concerns in DeFi
DeFi relies on blockchain technology, which consumes much energy and resources to maintain its security and decentralization.
This only applies to blockchains that use the Proof of Work model to validate transactions.
Miners are agents of PoW. They ensure that transactions are validated. Miners set up machines to validate transactions. Often, Pow consumes a lot of electricity. This poses an economic and social threat to countries that allow miners to operate their PoW machines.
This is one of the reasons China banned Bitcoin mining.
Projects are transitioning from POW to proof of stake to create sustainability in blockchain technology—for instance, Ethereum.
And new projects are launching with a proof of stake validation mechanism.
24. Inequality in Wealth Distribution
Early adopters and large holders (“whales”) can sometimes manipulate markets to their advantage, contributing to inequality in wealth distribution.
They can limit the access and participation of many potential users who do not have enough financial resources or opportunities to benefit from the permissionless nature of DeFi.
25. Rug Pulls
Rug pulls are a fraudulent practice that can cause huge losses of funds, trust, and reputation for the projects involved.
Rugpulls are a type of scam that involves the creators of a DeFi project or token abandoning the project or draining the liquidity pool, leaving the users with worthless tokens or no access to their funds.
Rugpulls can happen due to malicious intent, incompetence, or external pressure.
Defi Robot, a DeFi enthusiast and analyst, tweeted a thread on how to spot honeypots and other malicious code in DeFi smart contracts. He explained common contract functions and ways to identify rug pulls and other vulnerabilities.
Stablecoins are cryptocurrencies designed to maintain a stable value against a reference asset, such as the US dollar, gold, or another cryptocurrency.
They are widely used in DeFi to facilitate transactions, lending, borrowing, trading, investing, and saving.
However, stablecoins also face some issues and limitations, such as:
26.1. Regulatory uncertainty and scrutiny
Stablecoins may not comply with the existing laws and regulations that govern the traditional financial system, such as anti-money laundering, consumer protection, securities, taxation, and licensing rules.
For example, the US Securities and Exchange Commission (SEC) is cracking down on stablecoin issuers and platforms that offer stablecoin-related services, such as lending and interest-bearing accounts.
26.2. Collateralization and solvency risks.
Stablecoins may not be fully backed by sufficient or liquid assets to maintain their pegs or redeemability.
For example, Tether (USDT), the largest stablecoin by market cap, has been accused of not having enough reserves to back its tokens and being involved in market manipulation.
Algorithmic stablecoins, which are not fully collateralized and rely on protocol tokens to adjust their supply and demand, may also suffer volatility and instability.
For example, Iron Finance (IRON), a partially collateralized stablecoin, collapsed after a massive sell-off of its protocol token (TITAN), causing its peg to break and its users to lose millions of dollars.
27. Access and participation
Some DeFi users or developers face barriers or disadvantages due to location, identity, or financial resources.
For example, some DeFi platforms may exclude or discriminate against users from certain countries or regions due to geo-blocking, KYC requirements, or sanctions.
28. Ponzi schemes
Ponzi schemes are a type of scam that involves promising high returns or profits to investors by paying them with money from new investors rather than from actual earnings or profits.
They rely on a constant inflow of new investors to sustain the scheme but eventually collapse when the inflow stops or the demand for withdrawals exceeds the available funds.
In June 2021, the US Securities and Exchange Commission (SEC) charged DeFi lender Blockchain Credit Partners and two of its top executives for raising $30m through allegedly fraudulent offerings.
DeFi protocols face competition and pressure from other emerging technologies or platforms that can offer better solutions or services.
The decentralized nature of the blockchain industry has enabled innovative projects to launch because there is no need to go through rigorous processes to get approval of an idea before developing a product.
Innovation is important for DeFi because it can drive the adoption, growth, and evolution of the decentralized and permissionless financial system that DeFi aims to create.
DeFi protocols face barriers and challenges in reaching and serving a wider and more diverse audience, especially in developing countries or regions with low Internet penetration or financial inclusion.
This can prevent many potential users from accessing and using DeFi applications and platforms.