When it comes to “Decentralized Finance” (DeFi) – a financial service based on blockchain technology – typical views highlight its transparency and openness, and the automation of smart contracts. It has lower transaction costs, faster transaction speeds, and looser application limits when compared to traditional finance, all of which promote financial inclusion.
However, this description only shows one side of DeFi. According to some, because DeFi is more democratic than traditional financial systems, it should therefore be less stringently regulated, allowing it to avoid limits on its innovation and development. While some are fascinated by the concept of a decentralized financial system, this may turn out to be a double-edged sword. Despite the good reputation of blockchain’s “trust machine,” the entire operation of DeFi relies on a high degree of self-regulation by participants, thus relying on human nature to establish trust.
The DAO hacked for Ether
Understanding a few real cases will help us to understand the risk hidden within DeFi.
First, in an older incident, “The DAO,” a decentralized autonomous organization, was hacked for its Ether. In its initial stages of development in June 2016, the now-infamous ICO bubble would not reach its peak for more than a year. During its fundraising, The DAO issued “DAO tokens” in exchange for investors’ Ether. DAO tokens themselves had an administrative function, as holders could propose how the organization would use its Ether. In DAO’s token governance structure, they had the right to vote on investments and were endowed with ownership of those projects, regardless of their share of ownership. In this way, The DAO resembled a decentralized venture capital fund, with capital infusions, dividends, and distributions all handled by smart contracts. Everything seemed fine, but one of the smart contracts contained a vulnerability, called a “recursive call” problem: users could repeatedly call contracts, and account balances were unable to refresh prior to the call’s completion. This is somewhat like vulnerabilities found in some ATMs, where the system only displays the user’s latest withdrawal, regardless of how many transactions have taken place. It only realizes the user has already over-drafted their account when it updates the account balance while trying to return the card. In the The DAO hack, the hackers were able to repeatedly extract funds, and had transferred approximately US $55 million in Ether by the time they were blocked.
This case showed the risk of DeFi smart contracts (or in coding): coding flaws attract hackers, leading to lost assets. At the same time, this case displays the complexity of DeFi supervision. Who do users who lose Ether turn to for compensation? Are the writers of the smart contract responsible? What about DAO token “shareholders”? The resolution of this incident was also unrelated to the law: a small number of The DAO’s leaders passed a resolution to hard fork the blockchain, restoring the blockchain to its state before the hack. While this made it seem like nothing had happened, can this still be called “decentralization?”
Banking services lead to bank runs
Next, an important vehicle for transactions in the DeFi ecosystem, as well as an instrument for price measurement and deposits, are stablecoins. A stablecoin is a cryptocurrency whose value is anchored to that of a stable asset, like the U.S. dollar. There are several ways to maintain a stablecoin’s value. The first is backing by fiat currency reserves; when issuing the coin, an equivalent fiat reserve must be kept. One example of this is the current leader in circulation: Tether (USDT). In order to sustain Tether’s 1:1 exchange rate with the US dollar, every unit of Tether issued must by supported by an equivalent U.S. dollar in reserve assets. Another system is overcollateralization of risky assets, whereby a coin is guaranteed by an excess value of other cryptocurrencies. Taking DAI, issued by MakerDAO, as an example, when each Ether could be exchanged for US $150, 5 Ether would “mint” 500 DAI (thereby guaranteeing 150% of the new DAI’s value).
The Terra blockchain from Korea makes use of a “dual token” mechanism, and issues two cryptocurrencies at the same time, UST and Luna. UST is a stablecoin pegged at US $1, while Luna can be regarded as Terra’s governance token. Despite its floating value, 1 UST was used to represent US $1 worth of Luna. For example, if Luna’s current market value is US $0.10, then 10 Luna could be exchanged for 1 UST. However, 1 UST would not necessarily trade for US $1, as this would depend on the market value of UST. When UST’s market value fell below US $1 (for example, US $0.98), arbitrators could buy UST at market value, exchange it for US $1 worth of Luna, and then exchange the Luna for US $1 to earn a profit of US $0.02. The excess demand for UST would raise its price until its market value returned to US $1. In theory, UST could use this mechanism to maintain its stability. However, on May 8 2022, an anonymous account holder suddenly dumped US $84 million worth of UST, causing its value to plummet, and slightly decoupling the peg with the U.S. dollar. Following this, a number of large UST sales successively hit the market, making it difficult for UST to recover, and causing panic. As even more UST was exchanged for Luna, the massive supply of UST caused its value to quickly fall, in a vicious cycle. Within a week, the value of UST and Luna crashed, with their respective original market values of US $40 billion and US $18.6 billion very nearly zeroing out.
This incident is related to Terra’s management strategy. In order to develop its bank-like function, the blockchain used a 20% annual interest rate to attract deposits (made in UST, of course). Deposits grew quickly, but, loan performance did not keep up; prior to the incident, the loan-to-deposit ratio was only around 20%. Despite these high interest rates, investors jumped ship at the first sign of trouble. This incident reminds us that even though the violent fluctuations of more typical cryptocurrencies (like Bitcoin) can act as an early warning, so-called stablecoins may not necessarily be safe, and perhaps may even be riskier.
FTX files for bankruptcy
Virtual asset exchanges lie at the intersection of the real and virtual worlds; although these organizations have attempted to wrest control of DeFi, they are in truth centralized themselves. Among them is FTX, which is headquartered in the Bahamas despite being founded in 2019 by an American, Sam Bankman-Fried. In August 2022, the thirty-year-old was hailed by Fortune magazine as “the next Buffett.” Three months later, FTX and its related firms had a problem. Customers were unable to withdraw their assets on a large scale. FTX applied for bankruptcy, which caused the global virtual asset market to take a beating. It was not just that customers could not withdraw their assets, but creditors and investors were similarly affected. In the final straw, the upper management of FTX shifted customer assets without permission, causing it to be unable to pay its debt. A deeper cause lies in a lack of internal controls. The firm’s cash management was in shambles. With US $100 billion having been transferred to the related company Alameda Research, there was nothing in the way of internal control mechanisms. Moreover, the board of directors’ records were entirely missing.
This case and the ICO frauds of 2017 are not the same in nature. The white papers issued by those first few tokens were simply pretexts for raising money to misappropriate, and actual implementation of the tokens was absolutely not planned. For better or worse, FTX operated for several years, had a complete team, and saw its operations grow to become the second-largest globally. However, FTX and the ICO scams do share some similarities. Despite the application of completely different technologies in their deception, they both made use of the most basic strategy: the abuse of trust. Trust is the most precious asset of the financial industry (as for many other sectors that work with people), and yet here it was frittered away by selfish desires. Perhaps FTX’s only positive impact has been to cause international regulators to once again realize the importance of virtual asset supervision.
Saving the credibility of DeFi
In theory, DeFi could provide greater transparency and efficiency an intermediary mechanism than traditional banks. Moreover, with the emergence of new technologies, it can be expected to continue its development of new models. If we expect DeFi to become an indispensable part of the financial system, then appropriate regulation may be one way to strengthen consumer trust. As DeFi is completely different from traditional financial systems, previous regulatory models may not necessarily be applicable. Regulation and innovation must be balanced in order to ensure both stable function and user rights. A new supervisory framework may be needed to both encourage innovation and control systemic risk.
Two years ago, I wrote that “With sound consumer protection mechanisms as its foundation, DeFi will establish a truly open financial system with high interest rates.” Now it seems that the above keyword is “consumer protection.” If consumers no longer trust DeFi, the soil will be depleted, and nothing else will be planted.
The author is the Deputy Director of the Financial Research Institute at TABF.