DeFi Investment Risks

Disclaimer: Coinbase is not an investment advisor. This article is for informational purposes only and is not financial advice. Please do your own research and consult a financial advisor before making any investment decisions.

DeFi investments have seven main risk categories:

  • Software Risk

  • Counterparty Risk

  • Token Risk

  • Regulatory Risk

  • Impermanent Loss

  • Gas Fees 

  • Risk of Outsmarting Yourself

This article addresses each risk category to explain what it is, how to think about it, and how to evaluate it. This is not a comprehensive description of every risk associated with every DeFi investment, but it can serve as a foundation for considering some of the largest risks of a DeFi investment.

Software Risk

DeFi protocols are software applications that run on the internet, generally with very little human oversight, and often with millions or billions of dollars flowing through them. Like all software, DeFi protocols have two main software risks – coding errors, "bugs," that may cause the software to malfunction, and security vulnerabilities that allow thieves, "hackers," to break in and steal funds from the protocol.

For example, a bug in the Alchemix lending protocol allowed borrowers to reclaim loan collateral worth over $6M… without repaying their loans. Software security vulnerabilities can also destroy your DeFi investments. Many relatively reputable DeFi protocols, including Yearn Finance and Pickle Finance, have been victimized by hackers exploiting security vulnerabilities in their software to steal investors' funds. Thorchain was robbed twice in one week.

While Yearn, Pickle and Thorchain all elected to repay the victims of their thefts, they were not required to do so, and the repayments were not all instantaneous. You should assume that if you invest in a DeFi protocol and hackers steal your investment funds, your money will be gone.

There is no guaranteed method to avoid Software Risk in a DeFi investment, but there are ways to reduce it. You may notice that brand new DeFi protocols offer extremely high rates of return on investments, sometimes 1,000% or 2,000%. While those numbers are enticing, remember that the higher the investment return, the higher the risk.

In general, DeFi protocols with higher deposits and longer track records may have less Software Risk than newer or smaller DeFi protocols. This is because a new piece of software is like a new car model – it takes time for the engineers to work out the kinks. 

Longer running DeFi protocols have had more time to discover and repair problems with their software. And larger protocols are more likely to attract negative attention from hackers than smaller protocols. You can assume that larger protocols face frequent, if not constant, attacks on their security. If they have operated for months without suffering a security failure, it may suggest that their software security is reasonably sound.

So, it is fair to say that a DeFi protocol that has operated for over a year and has over $1B of total value locked in the protocol probably has less software risk than a DeFi protocol that launched two months ago and has $100M of total value locked in the protocol. 

Before you invest in a DeFi protocol, make sure you know how long it has been operating and the size of its total deposits. You can also check its website to see if it has taken reasonable steps to minimize its Software Risk, such as conducting code audits (paying independent security companies to review its software) and offering bug bounties (reward payments to anyone who identifies a bug in the protocol's software). You can also search the internet for news stories about the protocol being hacked.

If the protocol has been hacked, then find out when it happened, how the protocol's operators responded to it, and what steps they took to prevent it from happening again. That information can help you determine whether to trust the protocol with your money.

To be clear, there is no DeFi investment with zero Software Risk. But these considerations can help you evaluate how significant the Software Risk might be for a given DeFi protocol.

Counterparty Risk

Any loan agreement, in or out of the DeFi ecosystem, involves counterparty risk, which is the risk of loaning money to someone who does not repay. Most of the large DeFi lending protocols, including Aave, Compound, and Maker, require that borrowers over-collateralize their loans, meaning that borrowers must provide collateral worth over 100% of the borrowed amount.

Before you invest in a DeFi lending protocol, make sure you understand who will be borrowing your money (Individuals? Financial institutions?) and how its loans are collateralized (What percentage of collateral can a borrower withdraw? What types of collateral can borrowers post? Under what circumstances is the collateral liquidated?). These are basic questions to ask before depositing your money in a DeFi lending protocol.

Token Risk

Every DeFi investment involves certain cryptocurrency tokens. For example, if you deposit funds in a Uniswap liquidity pool, that investment exposes you to the two tokens in the pool, the liquidity provider token that you receive after making your deposit, and the Uniswap token that you receive as a reward. If you invest in a stablecoin pool, that pool likely has a combination of different stablecoins. Take the time to research each of the tokens involved (How long have they been trading? Are the organizations that created them reputable? If researching a stablecoin, is it collateralized by cash/cryptocurrency reserves, designed to maintain its value based on an algorithm, or both? If supported by reserves, how are the reserves held and where are they invested?). Each token in your DeFi investment has its own characteristics and its own risks. Take the time to find out what they are.

Regulatory Risk

Currently, DeFi protocols operate with almost no government oversight or regulation from any government entity. Simply put, this situation could change, and it is impossible to predict how any new government regulations of DeFi protocols might affect your DeFi investments.

Impermanent Loss

Decentralized exchanges (DEXs) calculate the prices of tokens in a liquidity pool differently than how the prices are calculated on the open market. When the prices of tokens in a liquidity pool change at different rates – for example, if one token rapidly increases or decreases in value while the other remains relatively stable – then the DEX will recalibrate the value of the tokens in the liquidity pool in such a way that the tokens in the pool will be worth less than they would be on the open market. Although you would be earning rewards from the DeFi protocol for depositing your tokens in the liquidity pool, you may encounter a situation where you would have made more money by simply holding your tokens instead of depositing them in a liquidity pool. 

Cryptocurrency prices are notoriously volatile, so it is very difficult to predict whether the prices of any two cryptocurrencies will rise or fall in the future, or at what rates. However, you can search the internet for an impermanent loss calculator to conduct a "backtest," an experiment to determine how your investment would have performed based on historical data.

Look up the old price data for your two tokens on coinbase.com – if you had deposited your tokens in a liquidity pool on a certain date in the past, and withdrawn them a few weeks or months later, how much impermanent loss would you have incurred? Now compare that number to your expected returns from the investment. If your liquidity pool promises you an APY of 40%, and your impermanent loss over the past year would have been 35%, then that would have been a profitable investment, although maybe not as profitable as you expected. 

As noted, cryptocurrency prices are volatile, so past performance is not indicative of future returns. But this backtest at least gives you information on how the tokens in your pool have performed in the past. Are their prices correlated (do they tend to rise and fall together)? Does one tend to rise or fall faster than the other? Of course, newer tokens will have less historical price data available than older tokens. You can consider this lack of historical information in assessing the risk of a given investment.

One way to avoid impermanent loss in your DeFi investments is by investing in either liquidity pools with only one token. If there is only one token in the pool, then there is no way for two prices to rise or fall at different rates and cause impermanent loss. Another way to avoid impermanent loss is by investing in liquidity pools that consist only of dollar-pegged stablecoins. Since all of these tokens are designed to always maintain a value of $1 per coin, their prices should not fluctuate and there should be no impermanent loss in the pool.

Impermanent loss is complicated and difficult to calculate, but hopefully, these considerations allow you to evaluate it without feeling overwhelmed by it.

Gas Fees

While DeFi protocols now run on many blockchains, some of which offer very low transaction fees, most of the largest DeFi protocols run on Ethereum. Unfortunately, on Ethereum transaction fees, called "gas fees," can be very high to deposit funds in a DeFi protocol. This is especially true if your DeFi investment requires more than one step to complete, as most do. It's important to consider whether gas fees will outstrip your likely investment returns. For example, if you expect to earn 10% interest per year on an investment, and your gas fee is equal to 10% of the investment, then it will take you a year just to break even. 

Ethereum is implementing changes to permanently reduce gas fees that you can read about here. In the meantime, while it's exciting to invest in DeFi and frustrating to be stymied by gas fees, don't let gas fees devour your potential investment returns. 

Outsmarting Yourself

Fundamentally, cryptocurrency investing can be compared to commodity investing, and commodity investing is complicated. DeFi protocols and blockchain technology are also complicated. In addition, most commodities – gold, oil, pork bellies – have existed for centuries, and most commodities markets have existed for at least one century. Cryptocurrency, on the other hand, is only about ten years old. And the DeFi did not become popular until 2020.

So, investing in DeFi protocols is not only complicated, it is also brand new. Consequently, even if you understand the known risks of engaging with DeFi (or think you do), you still don’t know the unknown risks of DeFi investing that have not yet come to light. Keep in mind that while more complicated DeFi investments may be more fun to try, or offer higher rewards, they may also be more difficult to understand and riskier. 

If you’re investing in DeFi, or even considering it, then you’re already on the cutting edge of commodities and technology investing. Don’t push yourself past the limits of your understanding or your investment risk tolerance. You can start with simpler DeFi investments – single token pools or stablecoin pairs – and advance to more complicated investments as you learn. You can start with small investments and build your DeFi portfolio as you see how your investments perform. Don’t outsmart yourself by trying to do too much too fast.