It might be called crypto’s November nightmare. DeFi protocol Balancer was exploited to the tune of $128 million. Stream Finance also announced a loss of $93 million, leading to the depegging of its xUSD stablecoin. Both incidents occurred on November 3rd.
Decentralized finance is susceptible to risks and can lead to further systemic problems. And those problems can be serious. Currently, over $150 billion of value is locked up in DeFi.
A question arises here. Over $220 million in losses in a single day brings into question how much long-term risk DeFi poses to the cryptocurrency ecosystem?
Sponsored Sponsored
Smart contract configurability
Multiple experts told BeInCrypto that smart contracts are likely the main culprit in the Balancer hack.
“From a technical perspective, these attacks stem from vulnerabilities in the smart contracts themselves, which hackers exploited to deplete liquidity pools,” said Tim Sun, senior researcher at financial services firm Hashkey Group. “This highlights a deeper issue: even mature, previously audited protocols are still at risk under complex contract structures.”
Smart contracts are self-executing features that enable autonomous operation of DeFi, and are still relatively new.
Smart contract programming on the blockchain has been possible since the live release of the Ethereum network in 2015. The smart contract sector itself is expected to grow tenfold over the next decade.
Additionally, various features across the protocol require smart contracts to work together. This is a term known in the industry as “composability.”
Essentially, smart contracts are like Lego money. Each contract is a piece of lego or building block that powers the DeFi protocol. Therefore, systemic problems can occur if the foundation is not strong.
“The Balancer exploit is yet another reminder of how DeFi’s greatest strength, composability, creates complex interdependencies that amplify risks,” said Mark Peng Zaw, general partner at crypto VC firm Millea Fund.
Sponsored Sponsored
stop and start
The biggest difference between the Balancer exploit and Stream’s loss is what happened to the two projects afterwards.
“In the case of Balancer, the protocol was able to absorb the initial impact of the exploit and continue operating while the team implemented a recovery plan,” said Natalie Newson, senior researcher at blockchain security firm CertiK. “On the contrary, Stream was forced to cease operations due to bankruptcy, and given that the project had borrowed assets on several other platforms, the impact was felt on a larger scale.”
DeFi is supposed to operate automatically 24/7.
Therefore, when Stream decided to suspend deposits and withdrawals, the xUSD stablecoin lost 77% of its value.
It also didn’t help that xUSD’s counterparty, Elixir, had a behind-the-scenes deal with Stream to redeem xUSD at a 1:1 ratio. It’s time for projects like Stream, which claims to be a DeFi “super app” in its marketing, to be more transparent.
Sponsored Sponsored
Members of the crypto community were abuzz even before November’s nightmare about Stream Finance.
In the future, DeFi protocols like Stream will need to be more transparent. “What this triggers is a transition from blind composability to responsible composability,” said Sid Sridhar, founder of the Bima Labs stablecoin protocol.
“Protocols will emerge that isolate risk at the vault level, implement circuit breakers, use validator-managed insurance, and publish live proof of solvency.”
Market reaction to DeFi’s November nightmare
It wasn’t that long ago that Ethereum scion Vitalik Buterin discussed the concept of “low-risk DeFi” to gradually introduce blockchain to TradFi.
Sponsored Sponsored
Perhaps Buterin suspected that there were still problems with DeFi’s security, composability, and transparency.
This is likely to remain the case until the sector becomes more mature and audits are conducted on a regular basis rather than one-off security audits.
A form of real-time monitoring may be required, similar to traditional centralized systems that focus on attack rather than defense.
“These vulnerabilities will cause the industry to upgrade its security architecture and make continuous and frequent smart contract audits the norm,” HashKey Sun said.
Nevertheless, traders will be on the lookout for instability, such as DeFi abuse, in search of opportunities to make profits.
Of course, capital inflows signal buying, but capital outflows mean selling, and for market opportunists, short-oriented trading conditions mean a decline.
“Such incidents will not end the DeFi sector, but they will cause capital outflows, loss of confidence, and reduced liquidity in the short term,” Sun added. “Traditional finance took a century to learn how to price counterparty risk and securely manage payments,” Bima’s Sridhar said. “DeFi will get there in a fraction of the time, but with code, not regulation.”
