Decentralised finance (DeFi) represents a novel way of providing financial services that cuts out traditional centralised intermediaries and relies on automated protocols instead. In simple terms, DeFi participants are part of a peer-to-peer network (built on a public blockchain) where assets represented in the network can be transferred automatically (via so-called smart contracts). Most DeFi applications do not provide new financial products or services, but mimic within the crypto-asset ecosystem those provided by the traditional financial system. The main difference is the way DeFi provides services, not relying on centralised intermediaries. This novel method of service provision has its own risks and also presents challenges for the traditional regulation of financial services, particularly due to the lack of intermediaries as regulatory “entry points”. Against this backdrop, this focus piece provides an analysis of DeFi, focusing on the similarities and differences between DeFi and traditional finance, what this implies in terms of risks and the potential avenues to mitigate risks and respond to regulatory challenges.
The size of DeFi has grown exponentially over the last year, although it still remains low compared with total crypto-asset market capitalisation. While the idea of a decentralised system started with the launch of the Ethereum blockchain, DeFi’s main growth began in 2021 (Chart A). The size of DeFi is generally measured by the sum of all digital assets deposited in DeFi protocols (“total value locked”, TVL), which increased from approximately €18 billion in January 2021 to over €240 billion by the end of December 2021 (Chart A, panel a). DeFi tokens, a set of crypto-assets that are used in DeFi protocols, experienced an almost tenfold increase in 2021. However, in comparison to the size of the overall crypto-asset market, DeFi can still be considered a niche segment (Chart A, panel b). After the crash of the stablecoin TerraUSD in early May, TVL in DeFi fell by almost 40% or €80 billion, with credit and staking protocols suffering the biggest decreases. Similarly, the value of many DeFi tokens plummeted, especially the DeFi token Luna, which is directly connected to TerraUSD.
Crypto-assets deposited in DeFi protocols (TVL) and the market capitalisation of top DeFi tokens skyrocketed in 2021 but are still dwarfed by total crypto-assets
Users have strong incentives to join DeFi given the high generation of revenue and its distribution back to liquidity providers. The number of participants positively correlates with the revenue earned in DeFi, which is key in attracting the liquidity supply that underpins DeFi protocols (Chart B, panel a). As a consequence, new users are incentivised to join protocols with high revenue potential, which in turn contributes to the potential scale-up of these protocols. For example, Uniswap is the biggest DeFi protocol, both in terms of total revenue (with this revenue entirely distributed to the liquidity suppliers) and total user numbers. In addition, liquidity providers can earn high interest in DeFi (Chart B, panel b). For example, providing Tether (USDT) liquidity on the lending protocol Compound yielded an interest rate as high as 11% APR in February 2021. Such high rates have been an important driver of DeFi activity given the low interest rate environment and the search for yield by investors. However, it remains to be seen at what level interest rates within DeFi will be sustainable going forward and whether risks are priced in appropriately. Notably, interest rates within DeFi have already trended downward since early 2021.
Total revenue in DeFi correlates positively with the number of new users; the same holds for lending rates and TVL on Compound
Essentially, the main financial services provided within DeFi replicate traditional financial services within the crypto-asset ecosystem in an unregulated and decentralised way. The largest applications in DeFi provide credit services, for example the lending of crypto-assets against crypto collateral, facilitate the automated trading of crypto-assets against liquidity pools containing crypto-assets, or provide crypto-asset or derivative investment services (Chart A, panel a, and Table A). The main distinguishing feature is that these services are provided without central intermediaries. In addition, there are a number of auxiliary services that are needed for the decentralised platforms to run and that result from having no central intermediaries. Examples include the storage and transfer of crypto-assets through platform interfaces, the provision of informational resources through so-called oracle services, and blockchain bridges that aim to solve interoperability issues by bridging crypto-assets from one network to another (e.g. wrapped bitcoin). While these services are not directly needed in traditional finance, some of them are akin to functions provided by market infrastructure, such as custody or clearing and settlement activity.
DeFi features such as how crypto-assets are held or trust is generated, the openness and composability of the system and its governance structure distinguish it from traditional finance. The system is non-custodial, as participants always manage their digital assets directly without any centralised intermediary. Instead of relying on a centralised and regulated intermediary to generate trust in the system, this is automated by code governed by predefined rules. Through these smart contracts, transactions are executed in a peer-to-peer manner based on predetermined rules that require little or no human oversight. For example, over-collateralisation and the enforcement of required margins through smart contracts are substituted for a credit risk assessment of the borrower. DeFi applications use open-source technology, allowing a high level of composability. The different applications can then be combined to create new applications (though mainly when using the same blockchain), akin to using Lego bricks. However, this also increases the complexity of the system due to the recycling of digital assets within different applications.
Overview of selected DeFi services and comparison with traditional financial services
DeFi protocols or platforms claim to have a decentralised governance structure, although in reality governance is often concentrated. Decentralised governance relies on voting rights via governance tokens and decentralised autonomous organisation. Governance token holders can influence the main characteristics of the protocol, such as collateral requirements and asset eligibility. While in principle governance rights/tokens can be held by many parties, at this stage governance tokens are often concentrated in the hands of developers, early investors or holders with large balances, suggesting institutional ownership. For instance, 80% of the total supply in circulation of Uniswap’s governance token UNI is held by the Uniswap team, early investors and token holders with balances of over 1 million UNI. Further, 1% of the total token holder addresses hold around 97% of the total governance token supply (Chart C, panel a). As such, while purportedly claimed to be decentralised, DeFi applications retain a high level of centralisation.
DeFi is subject to some of the same vulnerabilities known from traditional finance, which can be amplified by the specific features of DeFi. These risks arise from excessive leverage and risk taking, liquidity mismatches and interconnectedness. Like its traditional counterpart, DeFi lending is subject to market, liquidity and credit risk and, as a result of leverage, can exacerbate procyclicality. When market values begin to fall, leveraged investors may be forced to liquidate their holdings, thereby generating large downward price spirals. The interconnectedness within DeFi, but also with other parts of the crypto-asset ecosystem, can further amplify any distress. For example, the strong use of stablecoins and unbacked crypto-assets can make DeFi susceptible to spillovers from the materialisation of stablecoin risks or strong price movements of unbacked crypto-assets. The recent developments related to the crash of the stablecoin TerraUSD exemplify these vulnerabilities, as the related DeFi protocol Anchor essentially collapsed (Chart A). The interconnectedness within the DeFi system poses further risks in that tokens from one protocol are often used across other protocols, all linked through smart contracts. Smart contracts automatically execute if predetermined conditions are met, even if in certain market conditions it would be better not to. Hence, as smart contracts take on the role of traditional market infrastructures such as exchanges or central counterparties, there could be strong ripple effects across the DeFi system as smart contracts continue to execute and cannot be stopped. Moreover, the absence of banks and the concomitant access to the central bank balance sheet removes shock absorbers and buffers in the system (except for private backstops, for example through the over-collateralisation of lending).
New risks inherent to DeFi, such as operational risks stemming from the underlying technology and governance risks, have risen with the expansion of DeFi. Technical and operational risks can originate from the immature and decentralised technology, in particular pertaining to the smart contracts that enable automation. The vulnerability to operational risks is particularly problematic for users due to the irreversibility of transactions on the blockchain and no recourse possibilities in the absence of a central authority. Bugs within the codes (whether erroneous or intentional) can also be exploited to steal funds from participants. Alongside the recent growth of DeFi, the scale and frequency of attacks have also increased. As of March 2022, known funds stolen by DeFi attackers reached just under €1 billion, and in the same month the largest DeFi exploit to date occurred (Chart C, panel b). The concentration of governance tokens and resulting power to control the conditions of a protocol give rise to governance risks. There could be collusion, and other unfair practices or flaws in the governance design could be exploited to take over the protocol and its funds. For example, a DeFi project recently lost €167 million as attackers used a flash loan to obtain a majority voting stake and siphoned off funds by changing the rules in their favour.
The governance of DeFi protocols is quite concentrated, while funds stolen through exploits have increased alongside the expansion of DeFi
The lack of traditional centralised entry points for regulation and its opaque and anonymous nature pose challenges for policymakers in terms of enforcement and effective regulation and supervision. The nature of DeFi may facilitate regulatory arbitrage and, despite providing existing financial services, it may fall outside the regulatory perimeter. If DeFi protocols are not controlled by a central entity or such entities cannot be identified, it is not clear to whom regulations should apply. As some DeFi activities may already fall under current EU financial legislation, further steps will require a careful analysis to better disentangle actual regulatory gaps from lack of enforcement and DeFi trying to escape financial regulation through decentralisation and opaqueness.
Where regulatory gaps exist, the innovative ways in which DeFi provides financial services will require innovative ways of regulation to close regulatory loopholes. Where central entities are not available, tackling the “intersection” of DeFi and centralised finance to regulate these new developments could be a consideration. DeFi protocols/code must be deployed, governed and upgraded, requiring human interaction. As a consequence, holders of governance tokens, decentralised autonomous organisation and platform developers could be brought into the regulatory perimeter. DeFi may also require the introduction of technology-based regulatory systems, so-called embedded regulation, where regulatory requirements are embedded technically into DeFi.
As vulnerabilities start to build, an internationally coordinated approach is needed to mitigate DeFi risks before they pose a risk to financial stability. To date, interlinkages with the traditional financial sector have been limited, but they have the potential to grow rapidly given institutional interest. As current risk mitigation and safeguards within the DeFi system seem inadequate, the enforcement of existing rules and introduction of further potential regulatory measures are needed to mitigate risks to financial stability. In a first step, this would include identifying regulatory circumvention of existing rules with appropriate legal action and enforcement, where applicable. Where regulatory gaps are detected, this would require both the identification and agreement of relevant entry points for regulation as well as the specification of what regulatory standards are needed. The global nature of DeFi and the dispersion of its stakeholders require international coordination to ensure a consistent approach. How DeFi will evolve, however, remains uncertain given the open questions regarding its regulation, real economy use cases and future scalability. For example, regulation could fuel further institutional interest and growth or could negatively affect the viability of the business model if DeFi advantages are negated.
Adachi, M., Bento Pereira Da Silva, P., Born, A., Cappuccio, M., Czák-Ludwig, S., Gschossmann, I., Paula, G., Pellicani, A., Philipps, S-M., Plooij, M., Rossteuscher, I. and Zeoli, P. (2022), “Stablecoins’ role in crypto and beyond: functions, risks and policy”, Macroprudential Bulletin, Issue 18, ECB, July.
Allen, H. (forthcoming), “DeFi: Shadow Banking 2.0?”, William & Mary Law Review.
Aramonte, S., Huang, W. and Schrimpf, A. (2021), “DeFi risks and the decentralisation illusion”, BIS Quarterly Review, Bank for International Settlements, December.
Auer, R. (2019), “Embedded supervision: how to build regulation into blockchain finance”, BIS Working Papers, No 811, Bank for International Settlements, September.
Auer, R., Monnet, C. and Shin, H.S. (2021), “Distributed ledgers and the governance of money”, BIS Working Papers, No 924, Bank for International Settlements, January.
Carter, N. and Jeng, L. (2021), “DeFi Protocol Risks: The Paradox of DeFi”, in Coen, B. and Maurice, D.R. (eds.), Regtech, Suptech and Beyond: Innovation and Technology in Financial Services, RiskBooks.
Catalini, C. and Gans, J.S. (2019), “Some Simple Economics of the Blockchain”, Working Papers, No 2874598, Rotman School of Management, November.
European Commission (2022), European Financial Stability and Integration Review 2022, April.
Financial Policy Committee (2022), “Financial Stability in Focus: Cryptoassets and decentralised finance”, Bank of England, March.
Financial Stability Board (2022), Assessment of Risks to Financial Stability from Crypto-assets, February.
Hermans, L., Ianiro, A., Kochanska, U., van der Kraaij, A. and Vendrell Simón, J.M. (2022), “Decrypting financial stability risks in crypto-asset markets”, Special Feature A, Financial Stability Review, ECB, May.
International Monetary Fund (2022), “The Rapid Growth of Fintech: Vulnerabilities and Challenges for Financial Stability”, Chapter 3 in Global Financial Stability Report – Shockwaves from the War in Ukraine Test the Financial System’s Resilience, April.
International Organization of Securities Commissions (2022), IOSCO Decentralized Finance Report, March.
Nadler, M. and Schär, F. (2020), “Decentralized Finance, Centralized Ownership? An Iterative Mapping Process to Measure Protocol Token Distribution”, December.
Organisation for Economic Co-operation and Development (2022), Why Decentralised Finance (DeFi) Matters and the Policy Implications, January.
Schär, F. (2021), “Decentralized Finance: On Blockchain- and Smart Contract-based Financial Markets”, Review, Second Quarter 2021, Vol. 103, No 2, Federal Reserve Bank of St. Louis, pp. 153-174.
World Economic Forum (2021), “Decentralized Finance (DeFi) Policy-Maker Toolkit”, White Paper, June.
Zetsche, D., Arner, D. and Buckley, R. (2020), “Decentralized Finance”, Journal of Financial Regulation, Vol. 6, Issue 2, pp. 172-203.
The authors are grateful to Mitsu Adachi and Urszula Kochanska for valuable discussions and suggestions.
While there is no generally accepted definition of DeFi, different publications have used certain features to characterise it. See, for example, Organisation for Economic Co-operation and Development (2022) or World Economic Forum (2021).
It can be argued that decentralisation in finance initially emerged with the launch of bitcoin as the foundation of peer-to-peer financial services. However, the technological application of decentralised platforms was contingent on the establishment of the Ethereum network. See “A Brief History of Decentralized Finance (DeFi)”, 12 March 2022.
DeFi tokens include blockchain-native DeFi coins such as Terra (LUNA), as well as tokens fulfilling specific purposes in decentralised applications and protocols (including algorithmic stablecoins, e.g. DAI). Native DeFi coins are used to transfer value in a financial transaction and are built on their unique, native blockchain networks. The latter, which provide users’ access to a wide range of financial applications and services, include governance tokens, utility tokens, asset tokens representing physical assets, and non-fungible tokens (NFTs). Governance tokens, for example, give holders the possibility to take decisions that affect the future of the protocol.
TerraUSD’s dominant usage was in the credit DeFi protocol Anchor.
The DeFi token Luna, whose supply together with that of TerraUSD is varied to achieve the stable value of TerraUSD against the US dollar via an algorithm based on arbitrage opportunities, experienced a significant sell-off that resulted in Luna’s market capitalisation being almost completely wiped out.
DeFi total revenue consists of “protocol revenue”, transaction fees that are kept by the protocol and token holders, and “supply-side revenue”, fees that are given to the users providing liquidity for the protocols.
See “Annualized DeFi revenue by protocol”, The Block.
See “DeFi users over time”, Dune Analytics.
For further drivers and motivations of DeFi users, see OECD (2022).
See IMF (2022) for an analysis of the riskiness of DeFi lending and whether DeFi margins underprice risks.
Oracle services allow smart contracts within blockchains to receive external data from outside of their ecosystem, as blockchains do not have access to information that is not on-chain.
See IOSCO (2022).
See FSB (2022) and OECD (2022).
Governance tokens are DeFi tokens that give holders voting rights to take decisions that affect the future of the protocol. Their distribution can take various forms, such as sales or airdrops (meaning free distribution) to platform users or interest payments that provide liquidity through crypto-assets to a DeFi protocol (see OECD, 2022). Governance token holders can also trade their tokens on crypto-asset exchanges.
See Nadler and Schär (2020) for an analysis of the token distribution of a large number of DeFi tokens.
1 UNI ≈ USD 9.33 as of 21 April 2022. The supply structure accounts for amounts held in the Uniswap (UNI) project’s treasury that have not yet been circulated. See “Uniswap Governance & Decentralization: Holder Types by Total Balance”, Dune Analytics.
See Aramonte et al. (2021), World Economic Forum (2021) and IOSCO (2022).
See, for example, Aramonte et al. (2021), Carter and Jeng (2021) and European Commission (2022).
See IMF (2022) and Hermans et al. (2022).
Leveraging in DeFi can take place through various financial models with different levels of leverage, e.g. borrowing (less than 2x), margin trading (2x-5x), perpetual contracts (5x-100x), options (0-20x) or leveraged tokens (2x-5x). See “A Deep Dive Into Leverages in DeFi Borrowing, Margin Trading, Leveraged Tokens and Options: FinNexus”, CoinMarketCap.
Amid the crypto-asset market stress after the crash of TerraUSD, the price of the largest stablecoin Tether came under pressure, temporarily losing its peg, which led to large outflows of more than 10% of its market capitalisation. This shows the contagion effects within the crypto-asset markets. See Adachi et al. 2022 for further details on the use of stablecoins and contagion channels.
See Schär (2021), which also includes an illustrative example, and Allen (forthcoming).
See Aramonte et al. (2021).
The list of smart contract risks affecting DeFi security includes front-running, inadequate gas-griefing, dependency on timestamps, and integer overflow or underflow (https://hacken.io/research/defi-security-risks-and-hacks-in-2021/). In addition, a public blockchain such as Ethereum also constitutes a systemic point of weakness, as technical glitches or inefficiencies in the first layer of the DeFI ecosystem can put the entire infrastructure at risk.
In March 2022, the gaming-focused Ronin network announced a loss of over USD 625 million after an attacker used hacked private keys in order to forge fake withdrawals.
Governance risk also originates from the decentralised nature of the public blockchain, where validators are compensated to process transactions and are expected to act honestly according to economic incentives. However, validators may find it more convenient, in the absence of regulation and centralised control, to collude and fraudulently exploit the network (see Aramonte et al., 2021, and Auer et al., 2021).
A flash loan allows participants to obtain uncollateralised credit because the crypto-assets are borrowed and repaid within the same block of transactions. The loan is automatically revoked in case of full repayment incapability within the same block. However, flash loans have been subject to manipulation and attacks and currently represent a significant portion (around 30%) of the total amount stolen in DeFi exploits.
See “Hackers steal $180 million in crypto from Beanstalk Farms”, Ciso.in. Further examples of successful governance attacks, validator cartels and other operational failures can be found in Carter and Jeng (2021).
See IMF (2022).
See Zetzsche et al. (2020).
A number of DeFi protocols have launched regulation-compliant DeFi platforms to help with institutional investors’ participation, for example Aave (see https://thepaypers.com/online-mobile-banking/aave-launches-regulation-compliant-defi-platform--1253749#). Another example is Société Générale’s application to the MakerDAO governance forum to accept on-chain bond tokens issued by the bank as collateral for a stablecoin DAI loan (see https://www.coindesk.com/business/2021/09/30/societe-generale-applies-for-20m-makerdao-loan-using-bond-token-collateral/). In addition, the “tokenisation” of traditional financial assets such as securities could, if developed further, facilitate transactions in a much broader range of assets on DeFi applications in the future. See FPC (2022).