- The research and advisory company emphasized the risks of associated with the DeFi industry.
- Lots of projects are scams or just dead on arrival.
- bxz story reveals that DeFi protocols are vulnerable to hack attacks.
Decentralized finance is a new trend with big promises. The idea is beautiful in its simplicity: to upgrade the outdated financial services by ousting intermediaries and transferring their functions to algorithms and chunks fo computer code.
The decentralized finance (DeFi) platforms are built on the open-source blockchain protocols. These financial services users can exchange value and perform various financial operations, including lending and borrowing, between anonymous parties in a reliable trustless manner. Smart contracts regulate the relationship between the parties.
Gartner warns about risks
While the DeFi industry is still in the embryonic stage and not always user-friendly, the new concept's hype is snowballing with countless new apps being launched every other day. According to the research paper, published by Gartner, the world's leading research and advisory company, the original concept has a great potential in facilitating access to financial services and optimizing business processes.
However, the new technology is also associated with risks as it is still immature and lacks regulatory protection if things go wrong. The experts also emphasized that DeFi applications are easy targets for hackers who exploit the smart contracts' bugs to steal users' money.
From January through August 2020, DeFi protocols were hacked at least six times. The attackers exploited smart contract bugs and stole hundreds of thousands of dollars.
Users must tread carefully. The market is immature, unregulated, and young. Security risks are real from both a financial and product perspective. Over time, risk mitigation solutions will emerge, and DeFi will go mainstream. It is far too potentially transformational to remain on the sidelines.
Apart from that, most of the DeFi apps are still hard to use for non-technical people, while their creators can easily skip the town with millions of investors' funds. The examples are plenty.
SushiSwap protocol is one of the latest examples of how the investors and users of the innovative protocols are subject to their creators' whims. The anonymous Chef Nomi person or a group of people know as Chef Nomi sold their tokens from the developer fund worth $14 million in less than a week after the project's launch. The move scared the community, the price of the token lost over 70% of its value in a matter of hours.
While the mysterious Chef did not perform an exit scam after all, but what happened next looks like a fusion of a blockbuster, soap opera, and a slapstick comedy show. The guy (or guys) transferred the control of the creator of the cryptocurrency exchange Sam Bankman-Fried, the chief executive of cryptocurrency derivatives exchange FTX, and decided to step off from the project. Then he came back, but "on the supporting roles".
Bankman-Fried decided to bass on the responsibility to the community. "Going to transfer control to a multi-sig," he wrote on Twitter on September 6. Bankman-Fried promised to choose twenty holders of the keys based on the number of likes on Twitter. An all that happened within a week after the project's start.
At the time of writing, over $440 million in ETH are locked in the SUSHI protocol. The token takes the 76th place in the global cryptocurrency market rating based on CoinGeko data. It is trading at $1.37, down over 99% from its absolute maximum reached $168.91 on August 28. While the token is still afloat, its atar has already fallen.
SUSHI/USDT 1-hour chart
bzx - a serial hacker's victim
The decentralized lending protocol bzx is another example of risks attributed to the new technology. The project has been hacked at least three times, with an aggregate loss of $9 million. The hackers exploited the iToken code's vulnerability to duplicate the tokens and siphon about 30% of the total value of users' finds locked on the exchange.
The smart contract auditors Peckshield and Certik confirmed the bug, while the developers worked fast to close the loophole. However, according to Marc Thalen, the leading engineer of Bitcoin.com, he noticed the bug and even notified the developers before it was exploited.
Anyway, the case of bzx raises questions about the safety of the decentralized finance industry. The head of Aave (LEND) protocol, Stani Kulechov, underlined that the company's numerous audits after the first attack did not prevent it from being hacked again.
@bZxHQ incident recently showed that it's easier forked than done. They had multiple audits, formal verification and took substantial time before coming back to main-net and yet all the diligence does not guarantee safety. Something that every DeFi user should understand.— stani.eth ETHOnline Citizen (@StaniKulechov) September 13, 2020
To conclude: DeFi has a big potential once it matures from the technological point of view, and its regulatory aspects are clarified. Howerve, at the current stage, it is still too risky and may result in the loss of capital either due to the founders'exit scam, or hack attacks.