ichthyoid

On March 12, the cryptocurrency market crashed. Following the global outbreak of COVID-19, along with stocks and other investment markets, almost every coin that wasn't a stablecoin dropped precipitously, with some bottoming out at a nearly 30% loss. A day later, another bottom would be found, but recovery would prove only to solidify the original 30% loss.

For cryptocurrency in general, the loss wasn't really anything unusual. The 2018 crash was far worse in terms of percentage, where over the course of a few months, the crypto market lost about 80% of its worth. But since it happened over a few months, there were many chances for people to save their capital over a longer stretch of time. The flash-crash of March 12th was so sudden, that many could not gain access to save their investments.

And this led to a Black Swan event for MakerDao's Multi-collateral DAI.

MCD: What Went Wrong

I've previously written about MakerDao's MCD stablecoin. In summary, it is a stablecoin that is soft-pegged to the value of the US Dollar. It achieves this by being backed by a small variety of other cryptocurrencies, rather than having a 1-to-1 relationship with a physical dollar where you could trade it in to an actual bank, as in the case of stablecoins like USDC. The advantage of this would be that, in the event that a bank could not provide you with a physical dollar to trade in your stablecoin for, that stablecoin could be essentially worthless. By using multiple types of collateral to back up the DAI, MakerDao can more or less assure the peg of the coin to be worth a USD, while not needing anything physical to depend on.

But then, March 12th happened. And since the entire cryptocurrency market is more or less correlated with each other (currently), as Bitcoin became oversold, all alt-coins, including Ethereum and BAT (the only collateral backing DAI at the time), dropped with it.

Usually, when collateralizing Ethereum or BAT to create DAI, the owner is encouraged to heavily over-collateralize, since their collateral would be liquidated once the assets reach only 150% of value of the loan. When the price of all cryptos in the market dropped 30%, many people who didn't over-collateralize lost their assets due to the liquidation.

But this wasn't the worst of it.

During a liquidation, the MakerDAO protocol was designed so that anyone (called keepers) could step in to buy and close out a loan. This usually results in a sort of auction, and the original asset owners would receive some of the value of their asset back after subtracting the liquidation fee and the loaned amount. However, due to the massive congestion in the Ethereum market, many keepers could not gain access to this function in time.

Instead, a single keeper was able to swipe the assets for $0.

MCD: The Result?

All in all, about $4.5 million dollars was taken from the MakerDAO system. And since no money was paid to obtain the collateral assets, original owners (as well as MakerDAO itself) did not receive any of the value they would have theoretically owed.

Because blockchain systems and cryptocurrencies are decentralized and trustless, there's not much that MakerDAO could do to take back the assets lost or reverse the course of what happened.

It should be noted that, despite all the above having happened, none of what happened above was technically outside of the lines of the MakerDAO protocol. In fact, the protocol of MakerDAO makes provisions for events in case the auction function isn't able to raise enough DAI to cover its obligations. It does so through the creation and auctioning of MKR, another token created to help with the governance and value creation of DAI.

So it wasn't a hack, a bug, or some other thing with MakerDAO's protocols which caused people to lose the assets. Instead, it was network congestion inside the Ethereum protocols which prevented people from gaining some value for their lost assets. This wouldn't be as bad for those who still had DAI from their loan. However, there are those who reinvested their DAI for leveraging. Those users have lost 100% of their assets.

bZx: Another Case of Smart Contract Exploitation

MakerDAO's black swan event isn't the first time a DeFi protocol was taken advantage of. Recently, another decentralized exchange called bZx also lost a lot of value for its customers through an exploit found in its loaning process.

In two separate cases, bZx's exchange was hit by a user exploiting its flash-loan protocols. While not exactly the same attack in both instances, the attackers basically borrowed a large sum of ETH and use it as leverage on other trading platforms. By either shorting coins or pumping stablecoins on specific platforms for only a few seconds, the attackers were able to make a profit off what they borrowed through smart contracts inherent in bZx's decentralized exchange system. (To get a more detailed picture of the attacks, you can read about them here and here.)

In response to both attacks, the people behind bZx shut down the exchange platform in order to work out the kinks. To some, it showed the more centralized nature of the exchange. To others (and its makers), it was a necessary action to solve the issue.

Again, like the MakerDAO exploit, the attackers didn't actually do anything outside of the guidelines of bZx's protocols. In fact, a similar thing had been done to Robinhood, a mostly automated stock trading app, a few months earlier, where customers were able to create infinite leverage with only a few thousand dollars in an account. These attacks weren't the result of hacks or bugs. They were the result of people taking advantage of overlooked or unforeseen quirks in a system, and using them to obtain money or assets they wouldn't otherwise have been able to get. In fiat-based systems, these exploits are more easily dealt with, since fiat money can almost always be traced to certain people. The money stolen can be recovered and returned, because a centralized authority is controlling everything.

So DeFi Solutions Create More Problems?

With decentralized systems, such as decentralized exchanges and blockchains, these problems are much more difficult to resolve in a way which satisfies all parties, especially the individual customers who have lost assets and capital.

The goal of decentralized finance is to get rid of the need for an authority to transact. This authority was previously required so that we could transact safely. But the same authority historically exploits this power for its own gain. And so, DeFi is meant to help individuals transact without the need to trust another party.

But automation often comes with its own issues as given above. The most important of these is that exploiting DeFi platforms is often not the result of illegal actions, but taking advantage of the protocols already in place. And then, of course, the loss that incurs because a centralized authority doesn't exist to reimburse customers.

As I see it, these are the risks inherent in any decentralized system, and will never go away. They are, in fact, the problems that always came with a lack of authority. Some of them can be slightly mitigated through education. For example, in the MakerDAO situation, users could be warned of the intrinsic risk of putting their ETH in a CDP as they do so.

But others, like the bZx situation, require rethinking or recoding the platform.

The MakerDAO system has already begun to put more protocols in place to prevent a similar exploit from happening again. These rules include giving keepers more time to respond to black-swan level events, adding USDC as collateral to help in a liquidity drop, making the UI for auctions easier to access, and lowering governance action to 4 hours from 24 hours.

But the great thing about the MakerDAO protocol changes is that these rules are voted in by a community of people (MKR coin holders), rather than some centralized company. And I believe this is the best way forward.

I think this really all goes to show just how early we are in the journey of decentralizing finance. While I truly believe in the mission and goals of DeFi, it's going to be a while before the majority of the public is able to rely on these platforms for their normal daily lives.