The Cure for Bad CeFi is Better DeFi

Almost like the Titanic, CeFi’s “unsinkable ship” met an untimely demise driven by its own hubris. It seems every few weeks a major platform defaults on a loan payment and unleashes a whirlwind of suspended trading, frozen withdrawals, and scrambling bankruptcy lawyers. But we can’t blame the bear market here. The reality is FTX, Celsius, and the like became insolvent because they failed to properly assess inherent risks associated with operating any financial management platform—crypto or otherwise.

For DeFi projects watching this disaster from the sidelines, there is a rare opportunity to build back better to move crypto past this reckoning. After all, they didn’t stop building boats after the Titanic.

These downfalls go far beyond a failure to be proactive, as the risks CeFi seemingly ignored are the same ones traditional financial institutions have faced for centuries. Platforms handling billions worth of assets must be cautious with their leveraging, while simultaneously enabling protections and implementing stringent KYC/KYB procedures.

Crypto’s other vital financial framework, DeFi, stays much truer to the original promise of the blockchain in that it offers actual decentralization. In that sense, DeFi really can’t be compared to the CeFi platforms that cosplay as DeFi, but in reality, merely replicate TradFi’s centralization. 

CeFi wearing a DeFi mask

DeFi is mostly transparent in the sense that protocols are open source and transactions can be viewed at any time by anyone. But there are ways in which bad actors can make the waters murkier. One scenario the crypto industry is all too familiar with by now are CeFi projects posing as DeFi, with Celsius being the most noteworthy example.

What typically happens in cases involving custodial solutions like Celsius is that platforms market themselves as decentralized, when the reality is quite the opposite. These projects operate using centralized principles while being the sole custodian of a client’s assets. Mishandled centralized custody and profiteering have consistently proven to be recipes for economic chaos—think of the 2008 financial crisis, which of course spurred Bitcoin.

The problem with referring to a lending platform like Celsius as decentralized isn’t just about semantics. From client verification protocols to how an investor actually builds a portfolio, the distinction between DeFi and CeFi goes beyond branding and into the fundamental building blocks of how these two very different approaches to digital assets work.

Braving DeFi risk

Equating the risks of CeFi and DeFi would be inaccurate and disingenuous, as they battle diametrically different obstacles in improving operations and maintaining viability. Nevertheless, DeFi must address its own set of inherent risks to offer a viable alternative to reckless CeFi projects. 

• How can DeFi approach KYC? It would seem easy to follow the parameters that many TradFi institutions use and adapt them to crypto structures. For instance, one could point to the fact that a person can’t waltz into a bank, make grandiose claims, and instantly leverage oneself. In the rare instance where someone actually pulls that off, it typically backfires expeditiously. While many crypto projects are unfortunately eager to accept theatrics and claims as reality, it’s not so simple to just copy and paste this traditional KYC and KYB process onto DeFi.
  
  DeFi already has the capacity to leverage on-chain metrics to establish creditworthiness. Instead of standard comprehensive  KYC or KYB processes as in TradFi, DeFi relies on over-collateralization and margin calls in order to provide creditworthiness, and it’s widely used.
  
  In addition, crypto addresses an individual need for privacy through zero-knowledge proofs. This means DeFi can satisfy certain identity verification requirements without revealing extraneous information.
  
  The bigger challenge DeFi platforms have is in AML detection, but even for that, there are on-chain analytic solutions that don’t require traditional KYCs. The challenge will more be for regulators to learn and understand these mechanisms. 

• Human risks in DeFi. The old IT saying “You can’t code for stupid” applies here perfectly. In many ways, the human element of any software is the biggest risk vector, both from a creator and a user point of view.
  
  In DeFi, this is of particular risk as the technology is new, rapidly evolving, and outside of very small circles is very poorly understood at a code level. This creates a major point of risk for users, the majority of whom are unlikely to be able to understand and validate the security of a particular set of smart contracts. This can also become problematic when projects become a “black box” and eschew transparency, which alienates regular users from wanting to learn DeFi while possibly attracting less-than-savory characters.
  
  Where crypto enthusiasts often espouse the virtues of transparency, many projects don’t keep their own promises. Instead, they hide behind anonymity and create excuses for bad behavior by invoking Satoshi Nakamoto. Transparency also means individuals have to be more forthcoming with their identity, with all the baggage that comes with it.
  
  But transparency aside, this leaves a risk of code not acting as expected, either deliberately by the developer or through negligence. In the case of protocols that allow token holders to vote on key technical and economic parameters, bad actors with voting power can abuse the system, i.e. by manipulating funds flows, collateralization ratios in lending protocols, or weights in liquidity pools.
  
  This is a challenge DeFi platforms will have to address if they are to expand their user base, considering even current DeFi investors don’t always understand the code complexities of smart contracts.

• Tech and financial risks in DeFi. Ethereum has proven itself as a highly reliable base chain since its launch, but younger L1 and L2 solutions are subject to regular changes, upgrades, and issues. Solana, for example, has experienced several outages. The network is built in a way that when it has an outage, all systems using it simply cease to function. 
  
  The code of the DeFi protocols themselves also presents a risk. Flaws in code can be exploited in seconds, and while many are spotted by white-hat bug bounty hunters, the financial benefits of following through with the “hack” can be tempting.
  
  Another risk worth addressing is that of fees and pricing. Decentralized financial models and many of the proof models used by L1 solutions lead to demand-driven pricing. In short: The price to complete transactions and call smart contracts rises as additional users tap into the network.
  
  During the recent Otherlands sale by Bored Ape Yacht Club, for example, the Ethereum ecosystem became heavily congested for several hours. The fee for only completing a transaction spiked to a whopping $13,000.

These are only a few of the many risks DeFi innovators will have to navigate when building their platforms. Taking a novel approach to expanding investment access as an answer to traditional financial gatekeeping is one thing, but even disruptors have to follow the basic laws of gravity. 

Serious DeFi platforms can look to centuries of experience and precedence in TradFi in order to identify potential risks, but they cannot rely on traditional or centralized solutions to mitigate them. Making better DeFi infrastructures requires a tailored risk management approach that does not sacrifice the features and benefits that make DeFi appealing and transformational.

Lead image generated with stable diffusion.