DeFi Risks: 7 Critical Threats You Need to Know as a User (2024)

In May 2021, Donald, a father of two, lost $50,000 to a DeFi project. He planned to use the profit from his investment to care for his disabled daughter, Lisa, and send his son, Edward, to college.

Donald was smart. He didn't go all in at once. He threw in $1,000 first and cashed out the capital plus the promised 8% daily reward. Now convinced everything was perfect, he put in the whole $50,000.

On the day of his supposed withdrawal, he tried all he could but never withdrew a dime. He did some quick research and found out his money was long gone. Heartbreaking? Sounds stupid?

Whether you've lost money in DeFi, like Donald, or you're starting and want to avoid such mistakes, I've got you.

In this article, I’ll show you seven common DeFi risks, how to identify them, and how to manage or avoid them. The risks include:

1. Smart contract risk

2. Liquidation risk

3. Volatility risk

4. Slippage risk

5. Maximal extractable values (MEV) risk

6. Regulatory risk

7. Impermanent loss risk.

7 DeFi risks affecting users

1. Smart contract risk

A smart contract is a written agreement made on a blockchain using computer codes. Smart contracts make it easy to automate transactions and tasks on the blockchain.

Consider a smart contract like a device with a power button and a lock. Once you switch on and lock it, no one can stop it from doing its job. Assuming participants in a transaction meet the specified conditions, the smart contract delivers on the instructions.

For example, you can write a smart contract instructing it to lock away $10 in BNB for every $1,000 it receives. When you send in $1,000, which meets the condition in the smart contract, $10 worth of BNB locks away.

Smart contracts are still evolving, hence the various risks they carry. Based on a study, blockchain projects and users have lost billions of dollars to smart contract risks.

Smart contract risk is the probability that a smart contract will malfunction when put to work. Such risks include:

• Susceptibility to bugs: Bugs are errors from human mistakes in computer programs. Since smart contracts are computer programs, they're prone to mistakes during development.
• Ability to malfunction during interaction: Why do smart contracts interact? To get information to meet a task. This interaction is a complex process of executing different commands. Smart contracts can malfunction during the process.
• Transaction irreversibility: Smart contract transactions are irreversible. For example, you can't reverse the transaction from our previous example. That is, when the smart contract locks away (burns) $10 in BNB, it's gone forever.

Causes and effects of smart contract risk

Transaction irreversibility

• Cause: Why are smart contract transactions irreversible? Blockchain records are updated using several thousand interconnected computers. For that reason, reversing a transaction means convincing other computer (node) operators to agree. And that is likely impossible.
• Effect: You'll lose any crypto sent to the wrong contract by mistake. No matter the amount. In 2020, Dawidkabani lost his $50,000 life savings when they sent crypto to the wrong contract.

Susceptibility to bugs

• Cause: Bugs or coding errors come from developers' mistakes during the smart contract development.
• Effect: Bugs leave a weakness for bad actors to exploit and drain crypto. Harvest Finance lost $34M due to this kind of weakness.

Ability to malfunction during interaction

• Cause: There is a risk of malfunctioning when two or more smart contracts interact. This cross-interaction is the origin of the infamous re-entrancy attack. In a re-entrancy attack, attackers steal cryptos in a smart contract using another malicious contract.
• Effect: When a smart contract malfunctions, you may lose crypto deposits.

How to manage smart contract risk

Here are the best ways to manage smart contract risks:

• Read smart contract audit reports of DeFi protocols. The goal is to ensure there are no potential weaknesses before investing or interacting with them.
• Confirm that the audit reports come from reputable auditors such as Certik, and OpenZeppelin, among others.
• For protocols you interact with, confirm their age and the total value of assets they hold. The older a protocol is and the bigger the assets it carries, the better.

2. Liquidation risk

Liquidation in DeFi is a situation where a smart contract uses collateral to pay back debt. Let's assume you borrowed crypto from a lending protocol like Aave. When it's time to pay up, and you don't, the smart contract takes your collateral to pay the debt.

Liquidation risk is the probability that a DeFi protocol will take away your collateral to pay up debt.

Causes of liquidation risk

Liquidation happens for two reasons:

1. Your loan matures, and you don't pay it back.
2. The devaluation of your crypto collateral due to price changes. Let's assume you borrowed $1,000 in DAI from Maker Protocol while using $1,500 worth of ETH as collateral. Because ETH price is never static, the value of your collateral will drop when the price of ETH drops. When your ETH depreciates to about $1000, the protocol takes your collateral to repay the debt.

Effects of liquidation risk

Liquidation makes you lose your collateral. And your collateral is always worth more than the borrowed fund. For instance, you borrowed $1,000 in the example above but lost $1,500.

In a study of DeFi liquidations, the researchers showed that four DeFi platforms made over 28,138 liquidations in about 3 years. Hence, borrowers lost over $220,000.

Managing liquidation risk

There are three popular ways to manage liquidation risks in DeFi:

• Check your lending protocol regularly to ensure your loan-to-value ratio (LTV) doesn't drop below the specified percentage. Every loan you take will have an LTV ratio attached to it. LTV is the value of the loan you took divided by the value of the collateral multiplied by 100%. For instance, Crypto [dot] com recommends ensuring your LTV ratio is below 70%.
• Keep spare crypto for boosting your collateral, in case your LTV ratio increases.
• Pay back your crypto loan as and when due.

3. Volatility risk

Volatility is the rapid up-and-down movement of crypto prices. For example, Bitcoin can lose or gain $1000 in minutes.

Volatility risk is the probability that the value of your crypto investment will drop due to these rapid movements.

Causes of volatility risk

For example, fear that crypto prices may drop after a piece of bad news may push investors to sell large amounts of their crypto. Hence, causing rapid drops in prices.

Greed to make so much money quickly may cause investors to throw large sums of money into the crypto market. Hence, causing prices to shoot up.

Effects of volatility risk

Volatility leads to temporary or even a permanent loss of funds.

At the end of 2021, the price of Bitcoin shot up to $69,000. But as I write this in December 2022, the price of Bitcoin is about $17,000. So, if you had 1 Bitcoin from 2021 to now, its value has dropped by $52,000.

But does volatility affect DeFi? Yes.

Before using any DeFi service like lending, borrowing, or yield farming, you need to buy some crypto. Holding these cryptos exposes you to risks of volatility.

Managing volatility risk

There are two effective ways to manage volatility risks in DeFi:

• Invest a small part of your net worth into DeFi tokens.
• In addition to volatile cryptos, hold stablecoins as a hedge against volatility.

4. Slippage risk

Slippage occurs when you request to swap your crypto at a price, but the smart contract completes the transaction at a different price.

Let's assume you want to swap some USDT for ETH. At that point, 1 ETH is trading for 1,000 USDT. Instead of your order filling at 1 ETH for 1,000 USDT, it fills at 1 ETH for 1100 USDT. That means you buy less ETH than you planned to.

Slippage risk is the probability that you'll lose money when swapping crypto.

Causes of slippage risk

The leading cause of slippage is price volatility. That is the rapid up-and-down movement of crypto prices.

Strong price movement makes the market unstable. Hence, causing you to buy at a different price than you intended. Slippage happens mostly with instant swaps (market order).

Low liquidity is another cause of slippage. That is a less-than-required amount of crypto in a smart contract.

Let's assume you place an order to swap 10 ETH for USDT using a protocol. The protocol will partially fill your order if it has a low amount of USDT. Hence, you may succeed in swapping say 6 ETH while 4 ETH becomes a pending transaction.

Because the 4 ETH order is pending, whenever USDT flows into the contract the 4 ETH will be swapped automatically. But at the initial price of ETH instead of the current price after USDT flowed in. And that may result in some loss.

Effects of slippage risk

Slippage causes you to swap your assets at an unintended price, making you lose money.

Let's assume you want to swap 1 ETH to USDT at 1 ETH to $1000. If your order fills at $990 due to slippage, you’ll lose $10. Imagine the compounding effect if you swap up to 100 ETH.

Managing slippage risk

There are three trusted ways to manage the effects of slippage:

• Use limit orders to ensure your trade orders or swaps get executed at your desired price.
• Pay higher gas fees to speed up your transactions to escape the effects of volatility.
• Never trade or swap during high volatility like after a piece of bad news.

5. Maximal extractable value (MEV) risk

Maximal extractable values are various ways miners/validators (blockchain network controllers) make extra profit from crypto transactions by including, excluding, and reordering transactions in the records.

In a smart contract-supporting blockchain like Ethereum, validators can decide which transactions to add to the blockchain first. Assuming you pay more than the required transaction fee (gas fee), they complete your transactions faster.

MEV risk is the probability that you’ll lose money due to the actions of blockchain network controllers.

Causes of MEV risk

MEV risk is caused by attackers trying to take advantage of validators'/miners' power over transactions to the detriment of other users. They achieve this using tactics such as front-running and sandwiching, among others.

Confused? Let's take an example. Let's assume you and your friend decide to carry out simultaneous instant swaps using a DeFi protocol. The base gas fee for the transaction is 0.002 ETH. Your friend can make his transaction faster by increasing the gas fee to 0.004 ETH.

Once he does that, validators will pick up his transactions first for confirmation. Because they’ll get a bigger reward from him. So, he'll swap at a better price than you.

Effects of MEV risk

MEV attacks lead to loss of funds. For example, in this MEV attack, the loss was as high as $1.5M.

Managing MEV risk

There are two practical ways to limit MEV risks:

• Use limit orders to buy or sell at your desired price. A Limit order is a way to buy or sell at a desired future price instead of the current market price.
• Break your trades into smaller amounts to avoid being a target for attacks. Attackers target large buy or sell orders because they're more profitable.

6. Regulatory risk

Introducing regulation into DeFi may help protect users and their funds. But that will be counterproductive as DeFi was designed to give users freedom in using their money.

Cause of regulatory risk

DeFi was designed against regulation. So, it takes a lot of work to regulate DeFi transactions and activities.

Effects of regulatory risk

Poor regulation of DeFi activities has caused a lot of users and investors to lose significant amounts of funds. According to Chainalysis, attackers stole $3.8B from DeFi in 2022.

Managing regulatory risks

The best way to manage them is by taking responsibility for funds. Two steps are essential to help a user like you stay safe:

• Use cold wallets to store your funds off the Internet. Ledger is an example.

• Research DeFi protocols or services before investing or interacting with them. For instance, check out their whitepaper, security history, tokenomics, and reviews.

7. Impermanent loss risk

Impermanent loss results when the value of assets you deposit to a liquidity pool (smart contract) depreciates compared to when you deposited them. The depreciation is caused by:

• Change in ratios of the deposited cryptos
• Change in the price of the cryptos with time.

Impermanent loss risk is the probability that you'll lose money due to the change in the price of cryptos after depositing in a liquidity pool.

Causes of impermanent loss risk

Let's assume a liquidity pool has two cryptos ETH and BUSD. The pool determines the price of the assets using a simple formula that considers the ratio of the two assets.

For example, in a constant product liquidity pool, X Y = constant. So, the product of two cryptos in the pool must always equal a constant number. Assuming 1 ETH equals 100 BUSD, and you provide liquidity of 1 ETH and 100 BUSD, the constant product is 1ETH 100 BUSD = 100.

Whenever you swap BUSD to ETH, the smart contract rebalances the constant to 100. It never changes. If the constant doesn't change, it means the ratios of ETH and BUSD have to change with each swap to balance the constant to 100.

This change in the number of original ETH and BUSD in the pool to balance the constant is how impermanent steps in.

Effects of impermanent loss risk

Impermanent loss only becomes permanent when you remove liquidity (your assets) from a pool. In other words, you lose part of your initial capital.

The higher the changes in the market prices of the assets used in providing liquidity, the more the impermanent loss. So, impermanent loss is lower in stablecoins than in volatile coins like Bitcoin and Ether.

Managing impermanent loss risk

You should provide liquidity with assets of low volatility like stablecoins. Low-volatility assets are more resistant to impermanent loss. A pool with stablecoins, like DAI and USDT, is less prone to impermanent loss than a pool with volatile assets like $ETH and $UNI.

The bottom line

As the famous investor Warren Buffet said, “Never invest in what you don't understand.” Before interacting or investing in DeFi protocols, understand their associated risks. When you understand these risks, you'll know how to avoid them and keep your funds safe. And following this guide will help you do those effectively.