The need for proper operational security in decentralised finance
Kate Kurbanova, co-founder and COO of Apostro, writes that the decentralised finance is lacking proper risk management and security practices which prevents more institutional investors to enter the market.
The decentralised finance sector has been growing rapidly, attracting retail and institutional investors alike. However, the DeFi space still faces significant barriers that prevent investors from committing to decentralised finance in earnest.
Despite achieving a TVL of almost USD200 billion at the beginning of May 2022 (which is more than 700 per cent growth since last year’s January), DeFi is still a relatively new market and has to deal with underdeveloped areas and often inefficient security practices. As a result, there is no shortage of attacks against projects in this sector, and market participants have to constantly face the threat of losing their funds. This is a significant problem which stops many potential investors in their tracks when considering entry into decentralised finance.
Institutional investors, in particular, tend to lean on the side of caution. From their point of view, proper risk management and security practices are a crucial part of any trustworthy project. Based on their experiences in traditional finance, these players are used to dealing with higher security standards. And so, when facing the underdeveloped practices in DeFi, they get discouraged from participating in the market.
According to a recent blog post by Chainalysis, cybercriminals have already stolen USD1.3 billion from crypto market participants in Q1 2022 alone, with 97 per cent taken from DeFi protocols. For comparison, digital asset investors lost USD3.2 billion in total during 2021, with decentralised finance accounting for a roughly USD2.3 billion loss.
In addition to straightforward hacks, DeFi investors have to be aware of scammers trying to lure victims in with fraudulent schemes and tactics, such as rug pulls, exit scams, pump and dumps, and phishing. Furthermore, there are also systematic risks within the decentralized finance space, for which algorithmic stablecoins provide an excellent example.
Unlike fiat-pegged (centralised) and crypto-backed (decentralised) stablecoins, algorithmic stable assets often maintain price stability without collateral. Instead, an algorithm is responsible for keeping the stable instrument at the target value.
However, algorithmic stablecoins we see on the market today are innately brittle due to their design. This uncollateralised asset class is trying to hold the peg by using different algorithms or market incentives – but nevertheless, they are highly vulnerable and rely on the market and reference asset price. Such experiments work as there is a demand for stablecoins, especially when it comes with juicy APY, but people should not forget about the risks involved.
Investors face much more significant risks in the DeFi space than in traditional finance (TradFi), not without reason. There is a specific framework in TradFi responsible for ensuring project stability, which DeFi lacks today. With existing insufficiency in risk management tools and overall infrastructure, many investors are unable to commit to the market.
To reassure investors to come into this sector more readily, DeFi innovators need to put a significant effort into developing proper security measures and adopting risk management practices tested and proven to be useful in the traditional finance sector.
For example, DeFi projects could adopt and implement time-proven methods used in TradFi, such as time delays on suspicious transactions, which give developers ample time to investigate potential issues and take action to mitigate the negative impacts. Furthermore, it works best by coupling it with automatic fraud detection and onchain limits – be it liquidity capping on trading or deposits/withdrawals. It could be an excellent way to prevent or delay many DeFi exploits without negatively affecting the average user.
It would make great sense for decentralised finance innovators to leverage TradFi's cybersecurity expertise. It could potentially improve DeFi's skill set in this field while encouraging specialists to join their forces and create a safer and stronger Web3 protocol infrastructure.
The decentralised finance market has provided people with alternative ways to earn, save, or even borrow money. However, despite its rapid growth, the sector is highly targeted by hackers, fraudsters, and other cybercriminals.
At the same time, smart contract bugs, human error, and systematic issues observed in some protocols raise the stakes for investors. While the average cryptocurrency user may be more comfortable with these risks, the lack of proper security solutions and an overall safe infrastructure around DeFi make institutional players hesitant to enter the sector.
Due to their backgrounds and extensive financial industry experience, institutional investors need decent operational security and more assurances before committing funds to DeFi projects. For these reasons, the sector should adopt proper safety standards and practices, ensuring the long-term stability of market participants.