DeFi removes most of the risks associated with traditional finance due to its radically different design. Since DeFi protocols are implemented on public blockchains and the code is open source, you don’t need to worry about transparency concerns, as everyone can see the code and the amount of liquidity locked in each protocol. This doesn’t mean that DeFi is risk-free, however, but just that the risks inherent to DeFi are different from the ones in traditional finance.
Here we’ll give a succinct overview of these, which should enable you to take the necessary precautions and avoid falling prey to attacks or scams. We’ll start with the simplest risks, namely scams, and then talk about exploits and hacks.
Scams are an ever-present phenomenon online, and DeFi is no exception. The most important kind are phishing attacks, in which a scammer tricks you into giving over your private key or depositing funds into something that looks like a legitimate lending protocol or DEX. Remember, since DeFi isn’t centralized, anyone can create a blockchain address and website that looks like a legitimate protocol.
To protect against phishing attacks, always make sure that you’re visiting the correct URL and never click on links in emails from unknown addresses. Scammers can be very creative, and they will often email you saying that your funds are in danger unless you hand over your private keys. Such emails are always malicious – no one will ever ask for your private key or seed phrase unless they’re intending to steal your crypto!
Also be careful with any links that you find on social media, unless you’re 100% sure that the page is the official one of the project. Scammers often create social media pages that look identical to the official page and use them to scam people into sending them funds by promising some sort of giveaway or award.
As we have seen in the previous lesson, DeFi lending/borrowing protocols are usually overcollateralized, meaning that you need to lock up more value in collateral than the value of your loan. This is understandable due to the volatility of crypto, but keep in mind that both the collateralization ratios (the ratio between the value of the collateral and the maximum loan value) and the value of collateral assets can change, and especially the latter can crash rapidly.
For example, when the price of Ethereum crashed in March 2020, a record number of loans were liquidated. To protect against this potential danger when taking out loans, you need to have enough collateral that even a rapid price crash wouldn’t lead to liquidation, which can be achieved by having multiple assets as collateral (although this isn’t yet available on all protocols). As for lending, there are fewer risks, most of which have to do with bugs or exploits in the smart contracts used by the protocol. We’ll get to these next.
While DeFi protocols are typically open source and anyone can audit the code, you can’t always be sure that someone has already gone through the trouble of doing so. It’s best to stick to the projects that have undergone thorough audits, but even then you need to keep in mind that there’s always a chance that a bug got through the checks.
One example of an exploit in DeFi was Cover, a decentralized insurance protocol. On December 28th 2020, a hacker found a bug in the code that enabled an infinite number of tokens to be minted. As the hacker used this to mint 40 quintillion tokens, the price crashed 95% in a matter of hours.
While using trusted and audited protocols can greatly reduce smart contract-related risks, it’s still a good idea to keep this in mind. As with any form of investing, never invest more than you can afford to lose. The risks on the best protocols are probably as small as the risk of a fiat monetary system collapsing (yes, this can and does happen), but they’re not completely absent. Of course, as DeFi gains more and more adoption, we can expect that there will be more and more thorough audits and the risks will become extremely small, even on newer protocols.
These are the main risks you need to be aware of, and now you should be able to keep them in mind and avoid falling prey to scams or investing your life savings into an unaudited DeFi protocol that’s been around only for a couple of days.
Always exercise caution and common sense: unless you’ve got the technical knowledge to audit the smart contracts yourself, stick to the well audited and most trusted protocols out there. On the other hand, remember that the risks of DeFi are a necessary consequence of how revolutionary and new this area of finance is.
At this stage, both risks and rewards are high – indeed, too high for most large investors – but as DeFi becomes mainstream (which we're sure it will), we will be able to keep its efficiency while removing most of the risk.