Due to its radically different design, DeFi removes many of the risks associated with traditional finance, whilst also introducing some new ones.
Since DeFi protocols are implemented on public blockchains and the code is open source, users need to worry less about transparency concerns, as anyone can monitor the amount of liquidity locked in each protocol and review its inner workings.
This doesn’t mean that DeFi is risk-free, however, but just that the risks inherent to DeFi are different from the ones in traditional finance.
Scams in DeFi
Scams are an ever-present phenomenon online, and DeFi is no exception. The most important kind are phishing attacks, in which a scammer tricks you into giving over your private key or depositing funds into something that looks like a legitimate lending protocol or DEX. Remember, since DeFi isn’t centralised, anyone can create a blockchain address and website that looks like a legitimate protocol.
To protect against phishing attacks, always make sure that you’re visiting the correct URL and never click on links in emails from unknown addresses. Scammers can be very creative, and they will often email you saying that your funds are in danger unless you hand over your private keys. Such emails are always malicious – no one will ever ask for your private key or seed phrase unless they’re intending to steal your crypto!
One also has to be careful with any links found on social media, unless it’s 100% clear that the page is the official one of the project. Scammers often create social media pages that look identical to the official page and use them to scam people into sending them funds by promising some sort of giveaway or award.
As previously stated, DeFi lending/borrowing protocols are usually overcollateralised, meaning that you need to lock up more value in collateral than the value of your loan. This is understandable due to the volatility of crypto, but keep in mind that the collateralisation ratio (the ratio between the value of the collateral and the maximum loan value) and the value of collateral assets can change, and especially the latter can crash rapidly.
For example, when the price of Ether crashed in March 2020, a record number of loans were liquidated. To protect against this potential danger when taking out loans, you need to have enough collateral that even a rapid price crash wouldn’t lead to liquidation, which can be achieved by having multiple assets as collateral (although this isn’t yet available on all protocols). As for lending, there are fewer risks, most of which have to do with bugs or exploits in the smart contracts used by the protocol.
While DeFi protocols are typically open source and anyone can audit the code, you can’t always be sure that someone has already gone through the trouble of doing so. It’s best to stick to the projects that have undergone thorough audits, but even then you need to keep in mind that there’s always a chance that a bug got through the checks.
One example of an exploit in DeFi was Cover, a decentralised insurance protocol. On December 28th 2020, a hacker found a bug in the code that enabled an infinite number of tokens to be minted. As the hacker used this to mint 40 quintillion tokens, the price crashed 95% in a matter of hours.
While using trusted and audited protocols can greatly reduce smart contract-related risks, it’s still a good idea to keep this in mind. As with any form of investing, never invest more than you can afford to lose. The risks on the best protocols are probably as small as the risk of a fiat monetary system collapsing (yes, this can and does happen), but they’re not completely absent. Of course, as DeFi gains more and more adoption, we can expect that there will be more and more thorough audits and the risks will become extremely small, even on newer protocols.
For a deep-dive breaking down different risks across TradFi and DeFi, check out this article from the team at Treehouse.