Authorization

DeFiance: billion-dollar finance, million-dollar hacks, and very little value

Over the last year or so, much-to-most of the cryptocurrency world has pivoted from the failure of fat tokens and ICOs, and the faltering growth of Layer 2 payments like Lightning and the late Plasma Network, to the new hotness known as DeFi, which this week was used to hack? acquire? steal? Its pretty ambiguous a cool million dollars.
DeFi stands for Decentralized Finance. Its supposed to be an entire alternative financial system. One day, its visionaries say, you will be able to use DeFi to borrow and lend, to buy and sell all kinds of exotic securities, and to acquire insurance and make claims, all via completely decentralized networks and protocols, no banks or brokers or trusted third parties required, just irrevocable and implacable software, code as law, with no human beings involved except for you and (maybe) your counterparties, while never having to fill out any paperwork or apply for permissions, and trusting your money to no entity except whoever holds your private key(s). One day.
Many people find this a stirring, inspiring vision. However, DeFi today is very few of those things. Today it allows you to borrow crypto using crypto as collateral; use that lending market to earn interest on your crypto holdings; trade crypto via decentralized exchanges, or DEXes; commit your crypto to liquidity pools, in exchange for a percentage of fees; insure yourself against hacks somewhat; and, well, thats pretty much it.
Some people also call stablecoins, prediction markets like Augur, and security tokens (aka stocks / real estate On The Blockchain) part of DeFi. The first two seem pretty separate to me, though, with the exception of the Dai stablecoin. Security tokens should be DeFi, but are currently an awkward fit because of their strict regulatory requirements, and anyway havent exactly taken the world by storm.
I should know; I spent some weeks eighteen months ago coding a security token. Ive been writing about cryptocurrencies here for nine years. And I have followed the growth of DeFi with well eye-watering boredom, along with some dismay, until this week.
DeFi seems to me more like cosplaying a financial system than an actual viable alternative. I dont see it crossing that divide any time soon, if ever. It even cosplays the De in its name, too, since very few of todays DeFi offerings (beyond its base layers) are actually decentralized as in, beyond the control of some kind of centralized administration or has any real schedule for becoming so.
Technically its all pretty cool, I concede. But what is the point of borrowing money using money as collateral for the 99.9% of people who arent true-believer HODLers loath to even consider simply selling their crypto? Even if you accept the floating cryptocurrencies are like gold, stablecoins are like money analogy, this entire system only really benefits the vanishingly small number of whales who own sizable amounts of cryptocurrency already. Perhaps we shouldnt be surprised that they who hold that gold have made the new rules, but its a bit much to ask that the rest of us genuflect in awe and call them the future.
Similarly, its nice that you can earn a little interest on your crypto holdings, but for floating cryptocurrencies, that trickle will be drowned out by the rogue-wave-like price swings in their valuations for the foreseeable future. (For instance, much of the credit for the more than $1 billion locked into DeFi contracts, much cited across the industry, should go to the recent rise in valuations rather than increasing participation.) Even for stablecoin collateral, no reasonable analyst would consider the interest rates commensurate with the risk
because, as the events of this week point out, that risk is immense. Credit where its due: those events were made possible because of a genuinely novel innovation, a flash loan, wherein an anonymous party can borrow an arbitrary amount of money yes, you read that correctly providing that they ensure its all paid back by the end of a single smart-contract transaction. Think of it as an ATM giving you all the money you want, but locking the door until you deposit it all back.
That may seem surreal and pointless, but the thing about DeFi is, a single transaction can include many different steps between the borrow and the payback. This weeks two hacks took advantage of that fact. The first used half the flash loan to short the price of bitcoin, and the other half to borrow a lot of bitcoin, which it sold to temporarily lower its price then claimed the short profits. It also took advantage of a bug in a smart contract intended to catch such transactions.
The second used some of the loan to borrow a lot of a cryptocurrency, then the rest to bid that up in value, then used that increased value as collateral to borrow even more, then paid back the loan and kept the increased value. It didnt appear to take advantage of any bugs at all. Combined, they reaped roughly a cool million dollars worth of cryptocurrency.
Were these thefts? Were these totally legitimate arbitrage plays, using the system(s) as programmed, and, at least in the second case, apparently as designed? You can at least make a reasonable case either way.
The risks certainly do not stop there. People have even floated compelling-sounding theories suggesting how a hacker could extract the entire reserves of MakerDAO, the system behind the Dai stablecoin, which represents more than half of the combined committed value of all DeFi. In fairness, the responsible people involved will cheerfully tell you that these are bleeding-edge systems with fairly broad attack surfaces, and you probably dont want to commit money to them that you cant afford to lose.
But all this cosplay, clever as it is, doesnt help solve any of the hard problems preventing cryptocurrencies from mattering to most. The oracle problem: if you rely on third parties to tell the blockchain what to do, then why not just rely on third parties to manage your money? (While also offering valuable things like a help number and recourse in the case of erroneous transactions.) The identity problem: how can you implement decentralized identity and reputation, so that you can offer credit based on someones history and status, rather than current cryptocurrency holdings?
Working on those problems would actually help to bank the unbanked, something that many cryptocurrency people used to pretend to care about. They would actually reduce the power that gargantuan centralized financial establishments hold over ordinary people. They could lead to an actual decentralized financial system which, even if only 1% of the population actually use it, would keep the giants honest simply by providing a viable alternative in case they became too draconian.
Please dont start talking about Venezuela or Zimbabwe. Unlike you, I actually spent time in Zimbabwe during hyperinflation. If we wanted to use cryptocurrencies to help the masses suffering under profligate governments using increasingly worthless fiat currencies which I absolutely agree is a noble goal we wouldnt be spending our time, effort, and intellectual horsepower on the ability to use cryptocurrency A as collateral for loans denominated in cryptocurrency B. They are completely orthogonal.
Instead of tackling the hard problems, or bringing crypto to people who need it, DeFi today seems to be mostly about creating an alternative financial system which makes life mildly more convenient for those whales who happened to wind up holding a big bag of cryptocurrencies after the first few booms. And as this weeks events show, it may not even be good at that. Please can we get back to the important problems?
See also:
Leave a comment
News
  • Latest
  • Read
  • Commented
Calendar Content