Imperial College London and FluidAI Announce Groundbreaking AI Partnership! Read here 🤝

The Risks and Challenges of Decentralized Finance


  • The DeFi industry is relatively new, and the lack of knowledge has opened the floodgates for hacks and exploits
  • Essentially, there are two levels of safety in DeFi products. The first level is audits and code security, and the second is personal security of users, including private key safety and overall awareness of scams and phishing attempts
  • There have been many scams in recent times, over which the Securities and Exchange Commission (SEC) of the United States has proposed new cybersecurity risk management guidelines for businesses, requiring them to be more upfront with consumer disclosures

Blockchain-based technologies have surged in popularity over the years. Time and time again, efforts have been made to promote awareness of this relatively new phenomenon. The decentralized finance (DeFi) sector is undeniably thriving, with the total value rising from $700 million in December 2019 to over $200 billion at the beginning of 2022. 

Although the DeFi world offers new and exciting financial possibilities, these possibilities come with risks. 

Risks of DeFi

DeFi creates a financial ecosystem capable of bypassing banks, brokers, exchanges, and other middlemen who traditionally manage the processing of financial services by combining existing blockchain-related technologies such as digital assets, wallets, smart contracts, and auxiliary services such as oracles. Amongst the many characteristics of DeFi, perhaps the most attractive ones are transparency and the ability to independently validate ownership and settlement. Due to this transparency, certain fraudulent actions, such as rehypothecating already leveraged assets, are virtually impossible. But while this could reduce certain types of risk, it does not entirely annihilate them. 

That brings us back to our fundamental question: what are some major DeFi risks?

Major DeFi Risks

Smart Contract Risks: Smart contracts are digitally coded agreements that execute automatically on a blockchain network. One advantage of smart contracts is that they decrease (or eliminate) counterparty risk. Since their beginning, smart contracts have enhanced the functionalities of blockchain technology and have opened up new opportunities. However, as with any new concept, there are risks and concerns about its vulnerability to cyber-attacks and other inherent risks. 

More often than not, smart contract vulnerabilities enable high-profile security incidents in the DeFi sector as opposed to the exceptional programming skills of hackers. According to CipherTrace, the DeFi sector saw over $100 million worth of tokens stolen in 2020 alone, highlighting the fact that smart contract protocols are increasingly singled out as a potential inroad by bad actors.

Private Key Requirements: Users must safeguard the digital wallets used to store virtual assets while interacting with DeFi applications. Retail and institutional investors that use multi-signature wallets must meet these criteria. This is done via private keys, and lengthy, unique codes known only to the wallet’s owners. If an investor loses their key, there will never be a way to access their funds again.

Cybersecurity: It isn’t a secret that data breaches have plagued cybersecurity technologies worldwide. High-value targets with huge finances are the focus of hacker attacks. According to BusinessWire, worldwide cyberattacks totaled over $183.34 billion in 2020 and are expected to grow to $539.78 billion by 2030, making it an issue that cannot be overlooked. 

Crypto has unintentionally benefited cybercriminals since the inception of exchanges. Individual wallets are attacked practically daily by hackers who steal and send assets from one wallet to another, making it almost impossible to track where the funds have landed.

Certain Recent Examples of Hacks and Exploits Include:

Luna’s Crash: The downfall of UST as an algorithmic stablecoin was a black swan event and one that shouldn’t have taken place — a project worth over $18 billion is considered a project that is too big to fail. Irrefutably, regulatory controls around the project’s automated trading system could have mitigated this situation a long time ago. Its death spiral brought BTC down by over $10,000 in a matter of hours and caused widespread damage to projects, exchanges, and investors worldwide. It’s evident that the industry, and in this case, automated DeFi trading systems that grow to this size financially, needs to be better regulated in order to safeguard all stakeholders.

Regulators have already begun to put out frameworks and rules of engagement for firms and projects. However, it is evident that a lot more is needed, particularly in the DeFi sector. In the Luna/ UST fiasco, it is important to understand that UST is an algorithmic stablecoin that does not require assets to back it up. Investing in UST promised a return of over 20% just by means of investing in it, and it is unlikely that any regulatory body within the TradFi zone would have approved something similar.

AkuDreams: The much-hyped non-fungible token project AkuDreams was off to a bumpy start after an exploit that reportedly resulted in $34 million in revenues being permanently trapped in a smart contract. According to reports, the hacker behind the vulnerability attempted to reveal the code’s flaws, and the development team lost access to over 11,500 Ethereum (ETH) as a result of the attack.

Deus Finance DAO: A flash loan vulnerability was discovered in a multi-chain DeFi protocol dubbed Deus Finance DAO, with the hacker making off with $13.4 million. According to on-chain statistics, the attack was carried out using a flash loan by an unknown offender. 

Fei Protocol and Rari Capital: Recently, Fei Protocol and Rari Capital was also victims of an $80 million pool hack. The protocol has offered the hacker a $10 million bounty if they choose to return the stolen funds.

The SEC Wants More Transparency Regarding Hack Reporting

The Securities and Exchange Commission (SEC) of the United States has proposed new cybersecurity risk management guidelines for businesses, requiring them to be more upfront with consumer disclosures. The new standards would be implemented through modifications to different cybersecurity disclosure forms, focusing on investment advisers, investment funds, and business development firms.

The SEC’s push to introduce stronger cybersecurity disclosure regulations isn’t new. Former SEC Commissioner Robert J. Jackson Jr. stated in 2018 that current disclosure regulations erred on nondisclosure and frequently kept investors in the dark when firms were hacked or faced other cybersecurity threats.

Currently, firm management is only required to keep boards aware of cybersecurity risks and is not required to disclose this information to investors or other consumers. Only 17 percent of Fortune 100 businesses polled revealed cybersecurity problems to board members annually or quarterly in 2020, according to a joint 2021 study.

The SEC proposes new regulations to compel funds and advisors to establish new cybersecurity policies under the Investment Advisers Act of 1940 and the Investment Company Act of 1940. According to the paper, these rules and procedures are expressly designed to manage cybersecurity risks by requiring firms to disclose severe cybersecurity events impacting the advisor, its fund, or private fund customers to the SEC.

The SEC appears to be keen to alter this, having spent most of 2022 presenting several ideas that, if implemented, would force public firms to disclose cyber assaults and events. 

How Does FLUID Help?

The ability of exchanges and liquidity nodes to source liquidity across blockchains effectively, compliantly, and transparently remains a critical concern as the virtual asset and the token market expands into a multi-trillion-dollar business. Today, even large multibillion-dollar exchanges rely on inefficient, delayed, and costly liquidity sources with considerable counterparty risk.

FLUID was created to disrupt these inefficient and opaque virtual asset liquidity providers with a blockchain-based frictionless solution that replicates institutional level liquidity aggregation in the global F.X. markets using a best-in-class MPC wallet overlaid with blockchain technology. FLUID will achieve this by implementing mature AI and Machine Learning technologies into practice that the team developed in the past.

The capacity to do so opens up new win-win prospects for exchanges, liquidity nodes, and other pools of cross-chain liquidity, including increased operational efficiency, lower costs, increased capital utilization, improved end-user experiences, and new product development frontiers.