Cointime

FTX Disaster Is the Best Example for the Downfalls of CeFi

Shermin Voshmgir· 19 min read

This blog post will cover following topics:

  • Brief History of DeFi
  • Potentials of DeFi
  • Difference between CeFi and DeFi
  • Challenges of DeFi

Decentralized finance (DeFi) refers to a collection of Web3 based financial service protocols that were designed to operate autonomously without a privately operated institution acting as clearing institution. The original vision was to build a more efficient, transparent, censorship-resistant, and open decentralized financial system using smart contracts. In a true DeFi setup, the role of the smart contracts is to connect all counter-parties to a financial transaction, using conditional rulesets of who is allowed to do what in the financial environment provided by a specific DeFi application. The smart contract — or a series of smart contracts — computationally formalize(s) and automatically enforce(s) these rulesets, thereby replacing many roles of classic financial institutions.

Token transfers, tokenized credit and lending services and other financial services are automatically triggered if the conditions to a smart contract are fulfilled and then executed and documented by the underlying blockchain network. The collectively maintained ledger of transactions acts as a permanent record for token ownership and token transactions, with more frictionless asset settlement than classic centralized finance (CeFi) system, also referred to as TradFi (traditional finance). The publicly verifiable nature of blockchain networks provides more transparency and accountability than CeFi services as well as higher settlement speeds.

Brief History of DEFI

The term “DeFi” was mentioned for the first time in 2018 in a Telegram chat between some Ethereum developers and entrepreneurs. However, Bitcoin predates the term DeFi and was the original DeFi application long before the term was even coined. In 2008, the Bitcoin Whitepaper introduced the concept of an algorithmic governance infrastructure for financial transactions, using a “chain of blocks” that are cryptographically secured by a P2P network of participants. Bitcoins vision and open source code spurred an innovation cycle of open financial services that built on a publicly maintained infrastructure. Even though terms such as “blockchain,” “Web3” and “DeFi” were all coined many years after Satoshi published his initial Bitcoin white paper, the concept of DeFi dates to the conception of Bitcoin which was a result of decades of applied research collectively performed by researchers and activists advocating financial cryptography who coordinated their findings over a bulletin board an a mailing list dedicated to financial cryptography.

Early developers of the first DeFi applications — beyond payment tokens — used the versatility of the Ethereum network to expand Bitcoins vision to a wider array of tokenized financial services where buyers, sellers, lenders, and borrowers could interact wallet to wallet — without the need for CeFi institutions to mediate their transactions. Today, many DeFi applications are not wallet to wallet anymore, but wallet to smart contract, where the smart contract (or a series of smart contracts) replace(s) the role of traditional financial players. Liquidity pools are a good example for smart contracts that have replaced the role of market makers in relation to decentralized exchanges, which will be discussed in detail in the updated edition of my book.

Over the years, a range of easy-to-use DeFi applications have emerged. While it all started out with tokenized P2P payment systems (aka cryptocurrencies), the innovation soon shifted to improving the privacy and stability features that Bitcoin, Ethereum and similar payment tokens lacked. The next innovation cycle came with the so-called ICOs (initial coin offerings) which culminated in the ICO craze of 2016 and 2017, where many projects used the smart contract features of the Ethereum network to issue tokens for fundraising purposes, thereby taking advantage of easy token issuance in a highly unregulated environment. Among many failed projects and intentional scams were also many useful projects which used their raised funds to build more sophisticated P2P payment systems and additional peer-to-peer financial services such as decentralized credit and lending services, decentralized exchanges, and a growing body of P2P derivatives and P2P insurance services. The term DeFi started to get traction in Summer 2020 (aka “DeFi summer”) where many credit and lending protocols that promised high yields emerged. This led to a DeFi boom, drove crypto prices up and attracted many traditional financial investors and intermediary services.

From an infrastructure perspective, DeFi applications were originally predominantly built on the Ethereum network. An increasing range of DeFi applications are being built on other types of blockchain networks and second layer networks — such as “Avalanche,” “Arbitrum,” “Binance Chain,” “Optimism,” “Polygon” or “Solana.” DeFi solutions that are built on the Bitcoin ecosystems are also well under development. However, the Ethereum ecosystem still leads the DeFi development, probably because of being a first mover in the space and due to network effects resulting from their token standards, or EVM compatible token standards, which makes the DeFi space more composable and allows for a more seamless developing environment and user experience.

From a regulatory perspective, the DeFi space was largely unregulated in the early years, which created a wild-west environment that attracted both developers with serious intentions as well as all sorts of scammers. This led to a gold-rush atmosphere that fostered productive and morbid symptoms alike. The lack of explicit regulation, a lack of know-how, combined with a lot of insider trading, untested smart contracts, as well as the complexities resulting from composable protocols, all combined with bad actors or power players led to market asymmetries where a few people made a lot of money and a considerable amount of small-hold investors lost much money. The misunderstanding of what really constitutes DeFi and how it is different from CeFi also led to many market failures and scamming possibilities.

Potentials of DeFi

The settlement systems that the classic financial industry uses, still rely on outdated infrastructure. It is estimated that more than 40 percent of financial institutions today conduct their asset settlement over COBOL- based systems — which is a programming language from the 1950 that was predominately used to program mainframe computers. Today, only a few developers remain who command this programming language. The concept of composability — typical to smart contract based blockchain networks — is non-existent in traditional financial systems that build on private computer infrastructure such as mainframe computers. Transparency does not exist. Data exchange is process heavy. As a result, traditional finance involves a large bureaucratic overhead and cost intense. It requires a range of intermediary services to address important functions such as (i) mitigating counter-party risk, (ii) market making, and (iii) securing assets from being stolen. Even in its modernized internet based form, due to the nature of the dominant client-server based Internet architecture, these intermediary functions and processes are not transparent. While all these intermediary functions also need to be addressed in DeFi, they are addressed with smart contract based mechanisms and executed on a publicly verifiable infrastructure with following advantages:

Full control: If users choose “self-custodial” wallet solutions, they remain in possession of the private keys and are in full control of their funds. Token holders manage their assets with their own wallets, rather than having them managed by custodial services such as token exchanges that offer custodial wallets without giving private keys to their customers. However, full control also means full responsibility over managing one’s private keys. If you lose them you lose access to your assets. Self-custodial wallets, which is the whole point of Bitcoin and all DeFi applications that followed — can potentially disintermediate many financial services that currently provide services to mitigate counter-party risk, act as market makers, or secure funds from being stolen.

Instant asset settlement & globally accessible 24h markets: Due to the public nature of distributed ledgers, DeFi applications are designed to be globally accessible by anyone around the world with an Internet connection and a Web3 wallet. Once the smart contract is deployed, DeFi applications self-execute with fewer human and institutional intervention — except for code upgrades, bug fixes, and dispute resolution. Asset transfer or exchange is settled in a matter of minutes (depending on the block creation times and network congestion), as opposed to classic financial markets where finality of asset settlement can take up to 3 days.

Transparency, accountability & open source business logic: Traditional financial institutions work with private systems that are not publicly verifiable. They are only audited by third parties. Among others, clients of financial institutions have to pay these institutions to get access to old bank records once they close their accounts. In DeFi all token transactions are publicly verifiable, reducing market friction and increasing the interoperability of financial services. While this level of transparency has certain advantages in terms of institutional accountability, and open composable systems, it also raises very serious privacy issues which are addressed by a growing body of privacy preserving payment solutions such as “Monero,” “Zcash,” “Tornado Cash” etc. Furthermore, the trading mechanisms of a DeFi application are encoded as open source code, which means that anyone can inspect how the system works — in theory. In reality, however, one needs to be able to read the code and understand the economic dynamics of a market. In the best case, distributed ledgers and user-centric identity solutions could increase ecosystem transparency and accountability, not only about one’s own token holdings, but also about the governance of the DeFi applications. Loopholes can be fixed collectively and systems can be built on top of each other.

Modularity & composability: DeFi applications can be built in a modular way due to the interoperable nature of token standards, at least within different applications that are built on the same blockchain network. This modularity in combination with the open source nature of these financial applications has led to fast paced innovation of financial applications profiting from “swarm intelligence.” On the flip side modularity also adds levels of complexity that excludes many users who are not tech and financial savvy and can be front-run by more tech and financial savvy players.

Pseudonymity: Early DeFi applications, starting with Bitcoin, only required pseudonymous (blockchain) accounts without lengthy identification and application processes. This made Bitcoin and the successive landscape of DeFi services more inclusive for a large group of underbanked population worldwide, which account for an estimated 25% of the grown up world wide population. While the early years of DeFi allowed for a more invlsive financial system, the loophole is closing. At the time of writing this book more and more DeFi solutions — especially the ones operated by privately owned companies or somewhat institutionalized DAOs— require a full KYC process due to regulatory pressure, which is not surprising as it is also mandatory for the traditional financial system.

Governance: The governance structure of DeFi institutions is also public. Truly decentralized financial applications offer governance rights to their network participants — aka the possibility for token holders to autonomously co-manage the DeFi infrastructure they are part of. As opposed to CeFi, where the key actors are privately or government operated institutions such as central banks, retail banks, investment banks and other types of payment processors or financial institutions, DeFi has created its own set of Web3 based publicly operated financial institutions. DeFi applications can be owned and maintained by their users through some form of a decentralized organization where the bylaws of the organization are executed by smart contracts, often referred to as DAOs (Decentralized Autonomous Organization). At their best practice, DAOs have a number of financially sovereign and distributed stakeholders who interact independently or in tandem with each other. These decentralized organizations may be more or less decentralized in their institutional setup. However, their level of decentralization and autonomy may vary and in the worst case be non-existent or restricted, which is often a result of imbalances in the power structures, and raises questions of how decentralized or autonomous the respective DAO really is. At the time of writing the book, mostly VCs together with the protocol founders control the governance decisions of many DeFi protocols. If this trend is not reversed, the term DAO in the context of the governance structure of DeFi protocols is misleading.

DeFi vs. CeFi

In theory, DeFi could give more control and sovereignty to individuals over their own assets, and more transparency into an emerging decentralized financial system as a whole. Full control is facilitated with self-hosted wallets and the public-private key infrastructure of blockchain networks. Transparency is a result of the nature of smart contracts and their underlying blockchain infrastructure. But this is only the theory for now.

While the initial idea of Bitcoin and DeFi was sovereign asset management, the reality of the vast majority of token holders today is far from sovereign. Most token holders use the services of financial intermediaries that have emerged around the Web3 — most predominantly centralized exchanges. CEX act on the intersection of the Web3 and are privately operated on private server infrastructure. They are not decentralized at all, nor do they operate on public blockchain infrastructure. Centralized exchanges and other tokenized financial services operated by private institutions offer custodial services to their customers by managing their tokens with so-called hosted or custodial wallets, which they settle on privately managed ledgers. Their customers have no control of what happens to their tokens. Centralized token exchanges are therefore the “new banks” of Web3.

They are prone to the same systemic risks as traditional financial institutions, with the add on risk that they have been poorly regulated until now in many countries. In the case of centralized exchanges and other centralized credit and lending services, customers have no control if their tokens are used as collateral for other financial investments without their knowledge, and whether they are potentially over-leveraged.

As opposed to many early DeFi products, CeFi services often accept short-term tokenized deposits which they lend to each other and others, leveraging tokenized positions sometimes up to 20-to-1 ratios. Their operations are secured by paper contract based business deals with counter-parties that act as investors, the terms of which are not publicly verifiable.

In the case of decentralized lending protocols for example, the information on where tokenized assets are held in collateral, and how much these collaterals are leveraged to purchase other crypto assets is publicly verifiable. This means that all market participants can understand the current dynamics of the financial markets, because there are no backdoor deals. CeFi users, on the other hand, have restricted information, depend on the disclosure tactics of their financial services providers, and don’t know where potential threats lie. They rely on market rumours and on inside know-how as they don’t have insight into the balance sheets of their banks or centralized token exchanges. They don’t know how their collateral assets are being managed, and whether they might have been over collateralized in backdoor financial deals.

Many hacks of centralized exchanges typical to the early years of centralized exchanges, and cases of embezzlement and mismanagement of customer funds that we have seen over the scope of this year, are a symptom of systemic risks associated with private institutions that act as a black box to their clients . The recent events that unfolded around the centralized exchange FTX and their market maker company Alameda Research are the best example for the lack of transparency and control over one’s funds using legacy financial infrastructure, and the resulting systemic risks of traditional finance.

The same is true for the events that unfolded around the collapse of Terra Luna stable token in May 2022 which led to some cascading effects in the wake of the collapse of the stable token. CeFi service providers such as Celsius, Nuri, Voyager Digital, BlockFi and similar services that went bankrupt were venture-backed or bank-funded financial technology start-ups, who had over-leveraged the tokenized funds of their clients, which is typical for CeFi institutions. As opposed to standard practice in traditional finance, these over-leveraged CeFi operators could not restructure or renegotiate their tokenized liabilities after the fact, requiring a change of the terms and conditions. In a smart contract world such backdoor deals are not possible, unless they are provisioned for in the contract, in which case the rules are transparent to everyone, and no investor gets preferential treatment over another investor. Many of these CeFi companies therefore collapsed, as they were forced (by the smart contracts) to pay back their DeFi loans to their DeFi counterparts such as Aave, Maker or Compound. Otherwise the smart contract that held their Terra tokens, would have liquidated all their collateral tokens. While decentralized exchanges continued functioning some centralized exchanges were forced to halt their withdrawals, and their users suffered the losses after both Terra and FTX collapsed.

Regulatory oversight advocates argue that better government regulation can mitigate these systemic risks — which has certainly been true to a certain extent for traditional finance — but the whole point of DeFi is to use public blockchain infrastructure for preventing such risks in the first place by baking the regulation into the smart contract.

This is not to say that all CeFi services are to be avoided, which is not even possible at this point. More and more CeFi services have started using proof-of-reserve mechanisms and similar on-chain proofs to enhance their centralized services with the possibilities of blockchain transparency. Kraken — a token exchange — was the leader in this, long before the FTX fallout. Many big centralized exchanges worldwide seem to be catching up now. Unfortunately, the bad actors in CeFi such as FTX shed a bad light on the whole industry, especially since financial and Web3 education is still poor, even among many journalists. Most people today still have problems distinguishing real DeFi from CeFi in order to be able to assess the strengths and weaknesses of both systems and to make educated financial decisions, and educated financial reporting. This has led to the public misconception that “DeFi has failed.” The opposite is true. While the whole crypto space took a nosedive in terms of crypto asset prices in May 2022 in the wake of the TerraLuna collapse, DeFi protocols such as Compound, Aave, Uniswap, MakerDAO did not collapse because they were not prone to the same systemic risks as their CeFi counterparts, especially as DeFi protocols are over-collateralized by design.

This is not to say that DeFi is perfect, or that it does not face any challenges. After all, TerraLuna was a DeFi product (an algorithmic stable token) that collapsed, but in its aftermath it was mostly CeFi institutions that took the hit. Furthermore, the risks involved in investing in such an experimental stable token as TerraLuna were publicly known, and institutional DeFi investors should have known better — in the light of these well known risks — not to overleverage their positions, especially given their fiduciary duties to their customers whose tokenized assets they were managing.

Challenges of DeFi

While DeFi has many potential, it also opens a new can of worms of challenges that need to be considered when designing, regulating, or investing into such services. The greatest challenges are wallet usability, secure inter-blockchain token transfer and economic attack vectors on smart contracts that often result from the complexities of the composability of these DeFi systems:

Wallet Usability: The greatest challenge of mass adoption of real DeFi services is related to wallet usability and financial education. DeFi applications can only open traditional financial services to the general public — mitigating current inefficiencies of financial markets — if the user experience of self-sovereign wallets improves, and if user-centric identities become mainstream. At the time of writing this book, the usability issues of self-hosted wallets still excludes many people who don’t have the time and mental bandwidth to understand this new form of sovereign asset management. Many early DeFi applications were built for developers, not for users. A wide majority of token holders prefer the convenience of “not having to worry” about their private keys because sovereign wallet management requires the user to guard their private keys as they would with cash or other tangible valuables. Losing once private keys equals losing access to one’s funds. While the tokens are still attached to one’s blockchain address, without private keys one cannot authenticate oneself. Many people seem to find it too much of a responsibility or too complex, and they mostly have no insights on how the financial industry works. They might have also become used to the conveniences of password recovery mechanisms that Web2 based financial services offer. As a result, centralized exchanges and credit & lending services are often preferred over truly decentralized financial services. This undermines the decentralization efforts, because it only allows tech savvy token holders and companies to build products on DeFi protocols and take advantage of innovative financial products.

Blockchain interoperability: Blockchain networks and other distributed ledgers are isolated systems. They have no native mechanisms to communicate with each other. This means that one blockchain network does not have the information about the state of tokens managed in another blockchain network. Only the nodes within a specific blockchain network can securely communicate with each other and coordinate the state of all token transactions within their own network. Bitcoin tokens — for example — cannot be sent over the Ethereum network, because only the full nodes in the Bitcoin network have the information about which Bitcoin address holds which Bitcoin tokens. While a wide range of interoperability solutions are being developed and deployed, many of these solutions are still under development and have technical and economic attack vectors. In a fully interoperable environment, a user from network A could send tokens to another user on network B without the need for an intermediary, such as a centralized exchange. However, as long as full blockchain interoperability is not given, exchange services will be needed to be able to swap one token for another using the intermediary services of either centralized exchange, or smart contract based solutions of decentralized exchanges.

Exploitable smart contracts: When the business logic of a smart contract is not completely thought through, or the code does not coincide with the intended purpose of the business logic, DeFi contracts can be exploited for unintentional use. Such exploits can only be conducted by technology and finance savvy individuals and institutions, to the disadvantage of less technology and finance savvy market players — usually the majority of smallhold investors. DeFi smart contracts would therefore need better auditing for a sustainable and inclusive decentralized financial ecosystem. Without quality control of the smart contract and auditing of the code regarding technical security and economic security regarding intended use, consumer protection is not provided in the absence of an institution that can be held liable for the fallouts of the smart contract.

Complexities resulting from composability: While the composable nature of smart contracts are an ideal breeding ground for collective innovation, it also leads to complexities and in-transparencies resulting from such complexities that most market participants will not grasp. Only a few tech and finance savvy individuals and institutions are usually able to understand these complexities and have the access to data mining and AI tools to exploit unintended vulnerabilities in a smart contract to front run the rest of the market, to their own benefit and to the detriment of all others who don’t have the means to do so. There is much the DeFi (and CeFi) space can learn from the financial market crash in 2008 where — as a result of overly complex and entangled securitization-driven derivatives — the global financial system almost crashed because few people understood the cascading effects of the bundling of assets and the interrelation with other assets. A similar, and not at all surprising market fallout happened in DeFi in May 2022 in the wake of the collapse of the stable token TerraUSD. In such a complex and composable ecosystem overleveraging and under-collateralization is not a good idea and should probably be avoided. This might change once everyone has a personal AI assistant making computationally complex decisions, but such a future scenario is still far from reach. For now, only high net worth individuals and institutions as well as a few selected financial savvy individuals have access to trading bots infrastructure and can front run small-hold investors, which btw is also the case in traditional finance.

DeFi Governance: While many DeFi projects claim to have “decentralized” and community-based governance structure in the form of a DAO, who constitutes the “community” and how the power structures are distributed is often unclear or does not reflect the community of users, but rather the community of founders and investors. At the time of writing the book, mostly VCs together with the protocol founders control the governance decisions of many DeFi protocols. If this trend is not reversed, the term DAO in the context of the governance structure of DeFi protocols is misleading.

This is an excerpt of the the upcoming and updated edition of “Token Economy” which will be published in 3 volumes, one of which will be entirely dedicated to the concepts if Money, NFTs & DeFi.

Sources & Further Reading

All Comments