As 2023 comes to a close, the decentralized finance (DeFi) market is once again assessing the damage from hacks and exploits. According to a recent report from IntoTheBlock, it’s not nearly as bad this year as it has been, with losses down from a whopping $53.5 billion in 2022 to just $1 billion this year.
But is “just” $1 billion really an acceptable annual loss for a burgeoning industry struggling to break out into the mainstream?
This post is part of CoinDesk's "Crypto 2024" predictions package. Jeff Owens is the co-founder of Haven1.
The answer, unequivocally, is no. Yearly losses of $1 billion would be a concern even for a traditional financial sector. For DeFi, which is only beginning to recover after an annus horribilis in 2022, this represents an unacceptable level of risk for all but the most thick-skinned investors.
See also: What We Know About the Massive Ledger Hack | Opinion
DeFi isn’t a multi-trillion-dollar industry. Its total value locked (TVL) has barely cleared the $50 billion mark — still more than 70% below the all-time high of $180 billion at the height of the bull market in November 2021. That year, IntoTheBlock reported total losses from DeFi exploits of around $4 billion.
In this context, a fall to $1 billion no longer seems quite so positive. As a percentage of TVL, the hacks that occurred this year represents a narrow drop from 2.2% in 2021 to around 2% in 2023.
If we look at data from other sources, the trend is even more concerning. Research from Immunefi found a 59.9% quarter-on-quarter increase in crypto losses in Q3 2023, with DeFi accounting for a staggering 96.7% of the $685.5 million total. This is up from 80.5% of total crypto losses that Immunefi attributed to DeFi in 2022.
So, far from becoming more secure, DeFi appears to be turning into the problem child of the crypto industry when it comes to fraud risk.
See also: Calling a Hack an Exploit Minimizes Human Error | Opinion
Not only is the risk not diminishing, but the attacks are also becoming more sophisticated. Take the recent KyberSwap hack, for example, which resulted in losses of $54.7 million. At the time, the protocol called the exploit “one of the most sophisticated in the history of DeFi”, requiring a “precise sequence of on-chain actions”. Similarly, the recent Ledger hack, which saw $484,000 drained from wallets, was intricate and multi-layered, allowing the hackers to stealthily siphon assets from the wallets of unsuspecting users.
The reality is that most users lack the knowledge and experience to protect themselves from such risks. Even seasoned DeFi investors are regularly caught out by increasingly intricate cyberattacks. And this is precisely the reason DeFi is struggling to attract mainstream investors, most of whom consider the risks to be simply too great. A survey conducted recently by Haven1, the company I co-founded, found that more than 50% of DeFi users avoid active trading due to a lack of knowledge and fear of exploits.
And institutions? Forget about it. A pension fund or asset manager would never be able to invest client assets into an industry that loses the equivalent of 2% of its market cap every year to cyberattacks. The risk-to-reward ratio is simply unacceptable. Yet without institutional capital, the DeFi ecosystem will continue to languish as the crypto market’s nerdy sidekick.
See also: Poly Heist Shows DeFi Needs Hackers to Become Unhackable | Opinion
If we truly want to bring trillions of dollars of retail and institutional money into the DeFi space, we need a shift in focus. Security and customer protection must become core areas for development to bring this year’s $1 billion in losses down to zero. Only then will the public see DeFi as a legitimate financial ecosystem that can compete with incumbent traditional players.
Encouragingly, we are already seeing a number of exciting innovations in this area, including NFTs for digital identity verification, features to pause smart contracts as a rapid response to exploits and the development of enhanced security infrastructure. But we need to see much more of this in 2024. Security guardrails must be integrated into DeFi protocols at a network level to provide users with much-needed peace of mind.
As the crypto market’s recovery gathers pace in 2024, we must find a balance between decentralization and consumer protection to change the perception of DeFi as the lawless “Wild West” When it comes to personal finances, trust is the most important factor, even in a trustless environment. If we want DeFi to go mainstream, those of us building in the decentralized ecosystem must work hard to gain that trust by shifting that risk-to-reward ratio toward acceptable levels. Once we solve the risk problem, the users will come.