You can't predict black swan events, but you can label the risks that create them
A quick guide to how I think of & label the risks in decentralized (and traditional) finance
Risk is the reason we’re in this crazy game of self-banking and decentralizing finance. Oops, did I say risk, I meant returns. The ROI, the capital efficiency, the moolah, the dinero, the CASH.
What if I told you they’re supposed to be analogous. That returns are the reward for taking higher risk. This should be intuitive. Why invest $1000 in a stock that only returns 2% if there’s a US treasury bond guaranteed by the full faith and trust of a country that’s never (yet) defaulted also pays 2%?
Well in DeFi this relationship needs to be flipped entirely. Returns are everywhere!
What do you call an animal that flings money wildly hoping to win the lottery of DeFi? An ape. Aping is when you throw money at a new protocol with minimal research because you strongly believe in a first in, first out model of earning money. It’s purposefully joining a Ponzi scheme because eventually, you’ll be the one that get’s everybody’s money!
It’s a stupid, but popular mentality that I want to take this issue of the newsletter to breakdown in more detail. We’ll cover a few of the major types of risk in DeFi, their analogs to risk in traditional finance, and of course, the results of my degenerate experiment with the promise of 1,000,000,000%+ returns.
Foundational Risk
Imagine if sharks eat all the underwater internet cables and we lose internet as a species forever. Crazy right. Not quite at the level of existential risk, like the asteroid that got the dinosaurs or a solar flare burning all the oxygen in the atmosphere, but it’s technically possible.
In traditional finance, a foundational risk is could include a data breach. While this rarely results in “direct” financial losses (your account drained), it does leave bank customers vulnerable to identity theft and scams that successfully steal billions of dollars a year in time & money a massive “indirect” financial loss.
Imagine (no spoiler alert for decades old movies sorry) if Tyler Durden succeeded in destroying the global credit card database and erased all debt. This is a foundational risk: in that the banks wouldn’t know who owes or owns what.
To protect against these types of foundational risks, deposits at banks are typically insured. In the US, they’re insured by the federal deposit insurance corporation (FDIC). The trade-off here is that no risk = no reward. Or here, no risk = negative reward 😭.
While not technically the same as a high-yield savings account, you can see the historical chart of Certificate of Deposit yields from Bankrate.
So: your dollar is safe in the bank and if your bank goes insolvent, there is (in many countries) a government agency dedicated to the successful transfer and safekeeping of your funds to another bank.
But, when you look at the risk-reward here, you realize you’re losing money by leaving it in a bank account when the savings return rate is below inflation. This is a type of risk too, that everything you want to buy grows faster in price than you generate in interest. We’ll get back to this type of more standard (market) risk later.
In Decentralized Finance the foundational risks would include a problem with Ethereum (note, very complex computer science stuff on that link), or a major hack that leads to Ethereum changing the blockchain in an unnatural way.
Anything that fundamentally changes the rules of the game or puts the entire ecosystem at risk would be a foundational risk. There’s no government agency to protect us on this one, sorry y’all. This is a risk we accept when we go self-banking.
Custodial Risk
Custodial risk is about who has your money and the implicit risk from that person not being you. We covered foundational risks like bank insolvency or blockchain hacks and generally speaking, the insurance that covers traditional finance insolvency risk also covers the bank custodial risk.
But just to add some nuance let’s have a side conversation on why banks hold your money.
In the ideal world, banks hold your money because they’re professionals at finding opportunities to use that money to generate value (i.e. lending it to a trustworthy person / promising business). In exchange for finding the opportunity, validating trustworthiness, and coordinating all the paperwork & repayment (typically as a stream of income, not a lump sum payment this matters)- they take a % of the value generated as income for themselves and hand the rest to you as interest.
Well that’s all fine and dandy except that people are really bad at predicting the future. This means bank customers are bad at predicting how much money they need liquid versus illiquid. Unfortunately, people tend to be bad at this in a correlated way.
The economy is heating up -> money is flowing -> new businesses are getting created with bank loans -> the business is not as profitable as expected -> the business is going to go bankrupt and not repay it’s loan -> the bank suddenly isn’t generating as much money as it needs to to cover it’s operating cost -> it starts being a little riskier with customer money to make up the shortfall -> and now we have a problem.
You see, it’d be one thing if you knew who your money was being lent to, but you don’t, because your money is just pooled in with all the bank’s depositor money.
This isn’t so bad right? 1 bad loan spread out across all the bank’s depositors should just be a small drop in your interest rate. You understand, risk is part of the deal. You’re still good to withdraw that money you need for an unexpected home repair.
Shit, what?
The bank has more bad loans than it has deposits? Yes my friend. Fractional reserve banking is a thing. You see, in a “created by a regular person” system, a bank with $100,000 in deposits would work to loan out $10,000-$20,000 to trustworthy people, maybe more if it’s really good and the depositors consent. They’d generate maybe $500-1,000 in interest (5%), split the earnings among everyone, and take a small cut for it’s operating cost. This leaves $80,000+ available in case people need to make withdrawals to buy things like home repairs.
Unfortunately, we live in a tremendously complex global monetary system that not only allows but relies on banks to create money by making loans backed by only a fraction of the deposits (this sounds familiar).
The calculation is quite simple, get the fraction of money in reserve (let’s say 10%), and invert it (1 / 10% = 10). A bank with $100,000 in deposits, can make $1,000,000 in loans. Literally creating money that did not exist prior.
This does have it’s positives. It makes it significantly easier to borrow money and create new businesses, help people to buy homes, etc. In many ways it was the catalyst to the massive global growth of the 1900s. If you believe humans are fundamentally inventive, trustworthy, and well-meaning, then removing blockers to accessing money can be awesome.
It all works until it doesn’t. Now, I’m not saying full-reserve banking doesn’t have it’s negatives too. There are always tradeoffs.Fractional reserve banking is pretty good at giving people a chance if they have credit history, but it does so without the clear consent of depositors and thus relies on workarounds like insurance and government intervention that erodes the point of loans in the first place (incentivizing savings through interest to provide funding for new business ideas).
But I think we can agree the regular person’s idea of banking is much easier to think about. In a full reserve system, the amount of loans is significantly smaller both in size and number. It’s easier to track who has the money and what they’re doing with it, making things like liquidation during bankruptcy much simpler (i.e., if your fully reserved money was lent to Bobby’s defunct laundromat, you know you now own some washing machines- good luck trying this in a system 10x as big and global without loans created with money that didn’t exist before).
Knowing who has your assets is critical. When you use a FinTech app like Robinhood (at time of writing) custody isn’t even possible. You don’t own the Ether, you own a receipt against their pile of Ether. When you use other apps like Paypal or Coinbase (at time of writing) you also don’t own the Ether (you own a receipt against their pile of Ether), but you can choose to take custody by sending it to your own Ethereum address. Custody is a spectrum.
In DeFi, when you lend out your crypto, you don’t own it anymore. You are trusting a smart contract to handle the lending and repayment of loans. The premise here is that smart contracts are trust-less. If the code is audited and interpretable, you can confirm that the contract will do what it says it does every time its conditions are met, in perpetuity (the contract lives on the blockchain and cannot be edited after launch!). This doesn’t mean the contracts are always safe, plenty have been exploited due to bad logic or too much complexity, but they enforce their own set of algorithmic law.
In DeFi, lending is not based on things like applications, credit history, or trust. They’re based on collateral.
If you want to borrow $100,000 DAI from MakerDAO, you need to put up $150,000 in collateral. MakerDAO has a negative trust ratio. Now of course you may ask, why would someone who clearly has the money want to take out a loan? Because they don’t want to sell!
You can look into home equity lines of credit for a real world example, but it’s really not that crazy. If you have a house you paid $200,000 for and it’s worth $400,000 you can either continue to live in it or sell it for $200,000 profit. But what if you want to live in it AND use some of that profit for something, for example $10,000 in education to boost your long term earning potential.
You can take a loan with your $400,000 house as collateral and borrow $10,000. If you fail to pay it back, your house is sold, the $10,000 (+ fees) is taken by the bank, and you keep the rest.In Decentralized Finance, you might have $150,000 in ETH that you don’t want to sell, but need cash. Putting that $150,000 in ETH in a MakerDAO smart contract to create DAI is one way to give yourself an equity line of credit.
This exposes you to custody risk (you’re trusting the MakerDAO smart contract was built correctly and will only give your ETH back to you!). And just for completeness, it also exposes you to liquidation risk (if ETH loses value below a threshold, it’s sold by MakerDAO to pay your $100,000 debt). This is a market risk that we’ll get to soon.
Ok, I promise these last ones will be pretty quick I covered the 2 most important risks already.
Security Risk
Security risk is the micro version of foundational risk.
In DeFi you use a wallet that you have complete control over because you have the private key that validates you control the funds assigned to a public key. Anyone with your private key is you as far as the blockchain is concerned.
Losing your private key, or the seed phrase that can re-generate it, is equivalent to (at worst) losing all your money / (at best) a clone of you able to access your bank anytime they want (with perfect copies of your identification).This is a major reason people like using private companies like Coinbase to manage their crypto.
They trade security risk for custody risk.
If you believe Coinbase is trustworthy because they are public, somewhat regulated, have “Forgot My Password” features, etc. then it might make sense for you to trade your security risk into custody risk (here, trustworthy means relative to you managing it yourself).
Of course, a hack of Coinbase then becomes a single point of failure and it’s not unprecedented. I linked The DAO under foundational risk because it was so bad that Ethereum itself changed to fix it (splintering Ethereum and Ethereum Classic), but there’s also the Mt. Gox decade long disaster (2011 - 2019). This is better described as a security (arguably custody) risk because the foundational blockchain (Bitcoin for Mt Gox) did not change itself to fix the damage.
Access Risk
Access risk is similar to security risk and custody risk but the twist here is that nobody has to steal anything for you to lose access to your funds. While someone accessing your private key is a security risk, it’s also just entirely possible you lose it and forget the seed phrase and your assets are stuck on the blockchain unmoved forever. Because of the cryptographic nature of the blockchain, it’s quantifiably impossible to guess all possible seed phrases until you get lucky and get your money (or really, get lucky and access anyone’s money!).
Assuming your key isn’t stolen, access risk is more than just forgetting your keys, it can be a variety of inabilities to access funds you own without having made any mistakes.
The most obvious example is when you give custody of your funds to a smart contract (custody risk) that you trust, but that contract’s interface on the internet goes down. Whether it be a DDOS attack or domain squatting you must remember that the blockchain is web 3.0. Accessing blockchain functionality on web 2.0 (the standard internet browser) means interfacing with websites that are controlled by 3rd parties. So even if the smart contract is trustworthy and the developers don’t steal your funds, your ability to access your funds can be impacted by standard website problems.
The backdoor way around this is to go to the web 3.0 smart contract and interact with it directly. To do this without coding skill you can check blockchain aggregator sites like Etherscan and find the relevant contract on the blockchain and use Etherscan’s minimalist user interface to interact with contracts.
In reality, you most often just wait out the DDOS or pray they fix their website ASAP.
Exchange Risk
This is probably the 2nd most common risk behind Market Risk but it’s one we tend to forget about. Having a crypto asset is irrelevant if you can’t use it or sell it. If you looked at my wallet you would find all kinds of garbage little coins with no value. There are 2 main reasons people get stuck with assets they don’t want:
The transaction cost (paid in ETH on the Ethereum network) is too high relative to the asset value. Would you really want to pay $40 in ETH in transaction costs to sell $30 of a garbage coin for $30 in ETH?
There is not enough liquidity. In DeFi, liquidity pools serve as Automatic Market Makers (AMMs). The typical trade of X for Y using the X/Y Liquidity Pool might costs ~0.3% of your trade to pay those who take on the risk.
But if an asset it too risky - people may not choose to provide liquidity at all. This is why many projects will self-deal their own tokens to incentivize liquidity- but this has its own risks.
You may have even heard of the phrase “rug pull”. This is when a group behind a crypto asset will incentivize liquidity with rewards (in their own garbage token) so they can sell the garbage token they created onto their users. Then when the pool is filled with a lot of garbage and very little of a more popular token (e.g. ETH), they pull their liquidity or stop rewards killing their own project and stranding users with a lot of nothing.
You know that 1,000,000,000% APY I started this Off the Cuff with? Yeah, it got rug pulled. The APY was denominated in their garbage token, the Tokenomics were bad, the contract had a fatal developer error, the coin lost all its value, and the rewards were ended. This was my 3rd or 4th 100% loss I’ve experience in DeFi. It’s never fun and you’d think I’d have learned my lesson by now.
This is not a safe, insured, regulated, trustworthy place to invest. DeFi is the wild west. This is why I don’t give financial advice, you must always do your own research and be extremely skeptical.
Market Risk
The last, broadest, and most common risk is Market Risk. This is the inherent risk from group speculation on something’s value. In traditional finance, stocks are valued based on expected dividends (cash payment to stockholders from profit) and overall feelings about the competitiveness and future of the company. Not all companies pay dividends though. Notoriously, big tech companies like Google, Amazon, and Facebook have (at time of writing) never paid a dividend to stockholders. The price goes up because people feel the businesses are strong and expect others will pay a higher price for the stock in the future.
This is pure speculation, but it’s entirely legal to not pay dividends. Some argue this actually makes more sense because dividends are not algorithmically determined from profit or revenue or earnings, they’re decided by corporate leaderships and thus mostly arbitrary and can be manipulated. I personally disagree.
In decentralized finance, there are both dividend paying protocols (e.g., SushiSwap’s governance token SUSHI can be staked for xSUSHI. Part of the fees from SushiSwap liquidity pools go to xSUSHI holders) and non-dividend paying protocols. The difference between dividends derived from revenue generating activities and self-dealing your own tokens to support liquidity can be subtle. But the point is prices in DeFi are tough to evaluate just like traditional finance and stocks.
Reasons that a coin’s price can change (thus affecting your potential sale price) include:
Positive or negative news about the protocol that changes overall market sentiment (literally, “how is everyone feeling about this today?”).
Increases in supply that dilute the total value (having 1/1,000th of a protocol is more valuable than having 1/1,000,000th all else equal).
Successes or failures in meeting defined objectives (e.g. points on a roadmap) - this often relates to (1).
Changing expectations for how value is delivered to token holders (e.g. paying dividends or airdropping tokens to users as a reward).
Key developers / staff leaving the protocol which may affect 1 or 3. Including developers “getting bored and quitting” lol.
Alright I know this one was a long one but I appreciate you sticking through! Next time you think about your investments try and think about which risks you are inherently accepting! If you enjoyed this you can always subscribe / share: