The qualities that make decentralized finance valuable also can increase its risks. Learn how to use it in the safest manner possible.
after reading this, you'll understand:
For those new to the DeFi space, it’s safest to invest in open-source crypto projects that are well-known and trusted.
DeFi insurance and services that review dApp security mitigate some of the risks.
Don’t follow the crowd, and never give anyone your crypto wallet keys.
DeFi, or decentralized finance, is one of the most rapidly expanding areas in crypto space. As of October 2022, the total value locked in DeFi is around $55 billion . DeFi’s success comes from offering traditional financial services — like interest-bearing accounts, lending, borrowing, even prediction markets —in non-traditional, decentralized ways. But, considering those non-traditional ways, is DeFi safe?
What makes DeFi so prosperous is also what makes it risky. Using decentralized ledgers to store information gives transparency and security for financial transactions. But that also means that vulnerabilities in code are available for all to see.
And (barring over-collateralization issues) DeFi is available for anyone with an internet connection. This also means the non-crypto literate can lose money through errors. And anyone can fall prey to scams and exploits. Unfortunately, predatory investments are everywhere in DeFi. A 2021 study from the Beijing University of Posts and Telecommunications found that 50% of tokens listed on the Uniswap DeFi protocol were actually scams.
Like with all financial decisions, it’s important to exercise due caution with DeFi. Most financial experts categorize DeFi as speculative, recommending only to invest 3-5% of your net worth into crypto.
Without a central authority, DeFi offers many benefits. Improved accessibility, lower transaction fees, and higher interest rates, to name a few. But not having a central authority also means that consumers are on their own. There isn’t a crypto safety net like banking’s Federal Deposit Insurance Corporation (FDIC) or the Consumer Financial Protection Bureau.
Though there’s high risk, the high reward keeps the realm of DeFi expanding. And there are many ways that you as an investor can be safe and strategic with your crypto assets. Let’s cover a few.
Defi projects, when coded correctly, are more secure than traditional financial systems. Blockchain technology keeps data immutable and visible. No one can manipulate or change it without the rest of the peer-to-peer network noticing. But if there is a flaw in the data when the decentralized application (dApp) goes live, that flaw also becomes public and unchangeable.
When you connect your crypto wallet with a dApp, you approve the dApp’s access to your tokens. For safe and non-malicious dApps, this is a good thing. They can reward you with tokens and interact with your coins. But if a dApp is malicious or vulnerable from faulty code, attackers can abuse these access rights and steal coins from users’ wallets.
For those new to the DeFi space, it’s safest to invest in open-source crypto projects that are well-known and trusted. Then you don’t have to worry so much about faulty code or attacks.
If you want to explore more fringe investments, a good primary precaution is to hold a couple of different wallets. Then if one dApp is compromised, only some of your funds are affected.
If you’re code-savvy, you can do the groundwork of reading through and double checking a program before you put money into it. But some services out there will do that work for you.
DefiSafety is a service that uses public data to review the trustworthiness of different dApps. DefiSafety reviews an application’s smart contracts and development team, software documentation, and more. They also see how the development team tested its code and whether they have been audited for security.
A high DeFiSafety score doesn’t mean that a program is totally immune to attacks. But it does show which programs have a thorough development process, which means fewer loopholes, fewer attack vectors, and better overall performance.
Other services similar to DefiSafety are PeckShield, a blockchain security and data analytics company, and Hacken, a blockchain security auditor. Then there’s Immunify, a bug bounty platform that rewards white hat hackers for finding code bugs before nefarious hackers do. Before you dive in and invest, see if a DeFi application has been checked by any of these services.
Almost $1.3 billion was lost from hackers in 2021. And as we’ve said, there isn’t a safety net for this financial system. Crypto doesn’t have a standardized insurance policy like FDIC for banking. But the DeFi ecosystem is developing its own means to protect users from unexpected losses.
DeFi insurance operates like traditional market insurance, but must also cover crypto-specific threats like hackers and faulty smart contract code. Opium.finance insurance, for example, offers tradable, tokenized insurance that protects against smart-contract hacking and stablecoin default.
It’s worth exploring DeFi insurance options, to protect your assets from circumstances like the infamous DAO Hack of 2016.
One of the biggest red flags in the Defi ecosystem comes when a program lacks transparency. If DeFi products don’t allow their code to be accessible, it’s easy to wonder what they are hiding. If the code is open access on the blockchain, then you can take vetting efforts into your own hands.
Etherscan lets you view and analyze assets, balances, and transactions on the Ethereum network. BscScan does the same for the Binance network. Tools like these allow you to notice discrepancies, like in the massive Squid Game scam of 2021.
Commenters on BscScan aired their suspicions: Squid Game rose out of nowhere and seemed too good to be true. Its worth only went up and up, never moved downward. In reality, Squid Game was a combination of two common crypto scams. It was a “Honeypot,” where code allows investors to only buy coin and not sell it, and a “Rug Pull.” In rug pulls, developers hold most of the supply, trade them for real tokens of value, then disappear with investor money.
If you want to practice DeFi safety, wariness is key. But, just as auditing software can alert you to malicious or flawed coding, there are always methods to mitigate risk. In this world of decentralized exchanges, there are many things that you should not count on.
Market volatility is part and parcel of cryptocurrency. But if that’s too disturbing, explore defi platforms that are linked to stable coins like USDC and DAI. Stablecoins are tied to fiat currencies like the USD. Even with this, stable coin failures are possible. Another good reason to explore insurance options.
Oracle manipulations, like the C.R.E.A.M. Finance and bZx hacks, take advantage of data reporting. Most defi protocols now use reliable oracles like Chainlink or Uniswap’s TWAP. But some just list that they use an oracle, without naming the source. This vagueness is a red flag that DefiSafety, in particular, looks out for.
Google doesn’t vet its advertisers. So a common trick by hackers is to create fake Google ads that appear to be for legitimate DeFi services. These will often redirect you to a page or Google form asking for sensitive financial information. NEVER give anyone your crypto wallet keys. To find the authentic DeFi service, go to its verified Twitter page and follow the website link from there.
Just because a new coin is blowing up in media coverage does not make it a wise investment. Squid Game, for example, was given huge positive coverage by BBC and CNBC before it was revealed as a scam.
Paris Hilton, DJ Khaled, and Floyd Mayweather have all posted on Instagram or Twitter to promote an Initial Coin Offering that turned out to be fraudulent. Jamie Foxx posted about the coin Cobinhood, which three years later was audited and shut down. Just because your favorite celebrity mentions it online does not make it a safe business venture.
A very common scam is from the classic internet threat of “phishing.” Phishing is when a scam artist pretends to be a verified person or company to trick information out of you. Watch out for bots on all social media services and emails. Don’t believe the email display name, don’t trust a fake sense of urgency, and don’t click attachments. An authentic email should have a company email address and few spelling errors. A email signature also is a good sign of authenticity.
It’s common for protocols to airdrop free tokens to your wallet. But not all of them are real. Some scammers will give out free tokens, making people believe that they suddenly have thousands of dollars. A user may follow the tokens to their originating website and connect their wallet. The scammers use a malicious smart contract to then siphon off whatever is in the user’s wallet.
Growing interest in DeFi applications shows that there’s significant appeal in investing outside of the traditional financial system. Bank savings accounts might offer a 0.5% APY, where DeFi lending platforms could offer 8% APY.
Investing digital assets in a DeFi project can seem daunting, but to deposit funds in centralized finance has its risks. Defi networks are just a bit more complicated.
In traditional finance, you depend on financial institutions to look out for your best interest. Decentralized finance, meanwhile, is like the wild west of cryptocurrency holdings. You have got to look out for yourself, because few others will do it for you.
Hedera and its native token, HBAR, offer the highest grade of security possible (ABFT). Hedera also is much faster than blockchain alternatives, has predictable transaction fees, and operates on a carbon-negative basis.