DeFi Has a Risk Problem and It’s Time to Solve It

While the total losses from exploits fell to $1 billion from $54 billion the year prior, this is still an unacceptable threat to users, Haven1's Jeff Owens writes for Crypto 2024.

AccessTimeIconDec 20, 2023 at 3:31 p.m. UTC
Updated Mar 9, 2024 at 2:16 a.m. UTC
AccessTimeIconDec 20, 2023 at 3:31 p.m. UTCUpdated Mar 9, 2024 at 2:16 a.m. UTC
AccessTimeIconDec 20, 2023 at 3:31 p.m. UTCUpdated Mar 9, 2024 at 2:16 a.m. UTC

As 2023 comes to a close, the decentralized finance (DeFi) market is once again assessing the damage from hacks and exploits. According to a recent report from IntoTheBlock, it’s not nearly as bad this year as it has been, with losses down from a whopping $53.5 billion in 2022 to just $1 billion this year.

But is “just” $1 billion really an acceptable annual loss for a burgeoning industry struggling to break out into the mainstream?

This post is part of CoinDesk's "Crypto 2024" predictions package. Jeff Owens is the co-founder of Haven1.

The answer, unequivocally, is no. Yearly losses of $1 billion would be a concern even for a traditional financial sector. For DeFi, which is only beginning to recover after an annus horribilis in 2022, this represents an unacceptable level of risk for all but the most thick-skinned investors.

DeFi isn’t a multi-trillion-dollar industry. Its total value locked (TVL) has barely cleared the $50 billion mark — still more than 70% below the all-time high of $180 billion at the height of the bull market in November 2021. That year, IntoTheBlock reported total losses from DeFi exploits of around $4 billion.

SingleQuoteLightGreenSingleQuoteLightGreen
DeFi appears to be turning into the problem child of the crypto industry when it comes to fraud risk.
SingleQuoteLightGreenSingleQuoteLightGreen

In this context, a fall to $1 billion no longer seems quite so positive. As a percentage of TVL, the hacks that occurred this year represents a narrow drop from 2.2% in 2021 to around 2% in 2023.

If we look at data from other sources, the trend is even more concerning. Research from Immunefi found a 59.9% quarter-on-quarter increase in crypto losses in Q3 2023, with DeFi accounting for a staggering 96.7% of the $685.5 million total. This is up from 80.5% of total crypto losses that Immunefi attributed to DeFi in 2022.

So, far from becoming more secure, DeFi appears to be turning into the problem child of the crypto industry when it comes to fraud risk.

Not only is the risk not diminishing, but the attacks are also becoming more sophisticated. Take the recent KyberSwap hack, for example, which resulted in losses of $54.7 million. At the time, the protocol called the exploit “one of the most sophisticated in the history of DeFi”, requiring a “precise sequence of on-chain actions”. Similarly, the recent Ledger hack, which saw $484,000 drained from wallets, was intricate and multi-layered, allowing the hackers to stealthily siphon assets from the wallets of unsuspecting users.

The reality is that most users lack the knowledge and experience to protect themselves from such risks. Even seasoned DeFi investors are regularly caught out by increasingly intricate cyberattacks. And this is precisely the reason DeFi is struggling to attract mainstream investors, most of whom consider the risks to be simply too great. A survey conducted recently by Haven1, the company I co-founded, found that more than 50% of DeFi users avoid active trading due to a lack of knowledge and fear of exploits.

And institutions? Forget about it. A pension fund or asset manager would never be able to invest client assets into an industry that loses the equivalent of 2% of its market cap every year to cyberattacks. The risk-to-reward ratio is simply unacceptable. Yet without institutional capital, the DeFi ecosystem will continue to languish as the crypto market’s nerdy sidekick.

SingleQuoteLightGreenSingleQuoteLightGreen
We must find a balance between decentralization and consumer protection to change the perception of DeFi as the lawless “Wild West”
SingleQuoteLightGreenSingleQuoteLightGreen

If we truly want to bring trillions of dollars of retail and institutional money into the DeFi space, we need a shift in focus. Security and customer protection must become core areas for development to bring this year’s $1 billion in losses down to zero. Only then will the public see DeFi as a legitimate financial ecosystem that can compete with incumbent traditional players.

Encouragingly, we are already seeing a number of exciting innovations in this area, including NFTs for digital identity verification, features to pause smart contracts as a rapid response to exploits and the development of enhanced security infrastructure. But we need to see much more of this in 2024. Security guardrails must be integrated into DeFi protocols at a network level to provide users with much-needed peace of mind.

As the crypto market’s recovery gathers pace in 2024, we must find a balance between decentralization and consumer protection to change the perception of DeFi as the lawless “Wild West” When it comes to personal finances, trust is the most important factor, even in a trustless environment. If we want DeFi to go mainstream, those of us building in the decentralized ecosystem must work hard to gain that trust by shifting that risk-to-reward ratio toward acceptable levels. Once we solve the risk problem, the users will come.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Jeff Owens

Jeff Owens is the co-founder of Haven1.