The Rise and Fall of FeFi (Fake DeFi)
Level 2 - Value Investor
Welcome Avatar! Another day, another imploding crypto company.
Companies (even really big ones) fail, that is simply a fundamental nature of business and markets. When our favorite restaurant or clothing company shuts down, we might feel a little sad. But when a company that holds thousands or millions of your assets fails, it stings for a long time.
With the failure of Voyager, Celsius and others, we’ve decided we need a new term for these companies that use decentralized assets while being fully centralized (and poorly managed!) themselves. These companies use DeFi in their marketing, but it’s a fugazi. These fake DeFi, or “FeFi” companies shine a negative light on the entire industry due to their huge scale.
Real DeFi did not fail.
Why did mature and well-built DeFi suffer zero losses during recent volatility?
Let’s dig in.
What *Really* Qualifies as DeFi?
“Comparing Centralized to Decentralized Finance” | Source
For our purposes, DeFi is a *fully* decentralized financial application.
The smart contracts must either be immutable or controlled by fully on-chain governance. Governance may be able to tweak parameters (e.g decide acceptable collateral, interest rates) but should not be capable of changing the agreement between users and the protocol.
We see control of admin keys by a team as unsatisfactory – acceptable only as a brief interim step on the path to true decentralization. This corresponds to “centrally governed DeFi” in the diagram above.
To qualify as DeFi, the settlement layer must also be sufficiently decentralized.
Layer 1 Ethereum meets this threshold, as do appchains (independent layer 1 blockchains) with decentralized validators.
Ethereum scaling solutions (layer 2 rollups) are centralized but we expect this to change. There are potential legal issues putting a DeFi app on a Layer 2 scaling solution which has a centralized sequencer.1
Finally, DeFi must be Free Software, not merely open source. If a centralized entity controls intellectual property rights for any part of the application it isn’t DeFi.
For now, we’d say that true DeFi is:
Free Software
Deployed on a sovereign and decentralized blockchain
Either immutable or subject to minimal on-chain governance
Apps which fall short of the above standards may either be early stage apps with a genuine desire to become DeFi or they may be Fake DeFi.
Simple Checklist
Ask about the three C’s:
Centralization
Control
Custody
All the CeDeFi (FeFi) stuff that blew up started with “deposit your crypto and [offer]”.
By accepting third party custody individuals take on management risk for their funds, often in exchange for low yields. 9% yield sounds great until you lose 100% of your funds. If it isn’t non-custodial, just move on.
Centralization
*Any* centralized point is an Achilles heel that can be targeted by lawyers, hackers, governments, and regulators.
We recognize that projects are often part-centralized during their bootstrapping phase. Make a judgement on whether to invest (investing early can sometimes be the right thing to do) but limit your risk because anything centralized has points of failure that could be exploited. Decentralized platforms are forced to be anti-fragile to survive. That’s why we consider fully decentralized applications to be in a matured state.
Centralization can be subtle - a single organization controlling a rollup sequencer, or most of the validators on an appchain.
Check the docs, then ask on socials if still unsure.
Control
Here’s where you need to make more of an effort. It’s important.
If the team control the keys and can upgrade the smart contracts it’s no bueno.
They might decide to take over your account or even hold some of your money hostage. In these contexts, “governance” is a joke and can be used as a way for a team to evade responsibility and make ‘the community’ the patsy for an unpopular decision.
Even if there is on-chain governance, you need to do some digging on how decentralized the token ownership is. If the team (plus investors) still control the majority of the voting tokens you’re not much better off as you are forced to trust team. Sometimes, protocols will state that certain team tokens cannot or will not vote on governance.
Even fully on-chain governance should never have complete and total control of the protocol. This is how a flash-loan attacker was able to temporarily control enough voting tokens in Beanstalk to drain everyone’s funds by sending to an external wallet. This feature should *never* have been part of the on-chain governance.
The best protocol are governance-minimized. Tornado Cash developers are at least in part left alone by law enforcement because they do not and cannot control the protocol at all. For protocols where governance is necessary, choose ‘Lindy’ well governed protocols with a widely distributed token supply. However, beware of tokens being borrowed to swing a vote, such as the recent MakerDAO example which will be discussed in depth for paid subscribers soon.
DeFi Education has already covered most of the highest quality protocols and we’re going to be updating our readers soon on the reputable blue-chips MakerDAO, Aave, etc. so you can shortcut the research process by reading our (very thorough) research pieces.
Crypto vs Traditional Financial System
The Bank for International Settlements produced this table you can use as a guide
Source: BIS Quarterly Review, December 2021
Why does decentralization matter?
Because The Lawyers Are Coming?
For ideological reasons?
Well, yes and no.
We think investors care first and foremost about capital preservation and risk-adjusted returns.
DeFi matters because people who loaned their assets through well designed and mature DeFi protocols lost zero funds in the recent crypto crash.
Two unique aspects of DeFi technology provide safety:
Transparency - all blockchain transactions are public and so anyone can obtain fraud-proof data on counterparty assets and liabilities
Automated enforcement - defaulting parties are automatically liquidated by smart contracts according to agreed upon parameters
Lending activities are usually based on a public risk profile decided by the protocol (through discussion with token holders) and published in smart contracts and protocol documentation.
These rules are enforced at the smart contract level - borrowers must provide valuable collateral, not merely a promise to pay later based on reputation. A rogue borrower cannot go to multiple protocols and pledge the same assets as collateral against multiple loans.
Liquidations are conducted based on market incentives in a fair, predictable, and transparent way. Important customers do not get special treatment in private. Protocol risk teams manage loan to value ratios and supervise collateral quality to make sure that lenders are unlikely to suffer losses even in extreme market conditions.
In short, technology fixes the weaknesses of the traditional banking model. And DeFi’s performance during a significant crypto crash proves the technology works.
CeDeFi is essentially the worst of both the CeFi and DeFi models. It’s CeFi, but without the regulatory protection, oversight and accountability that the traditional banking system provides
Celsius meets DeFi
As you may have heard, Celsius, a popular centralized crypto ‘bank’ recently defaulted.
But. It repaid ~$41 million in DeFi loans on 7 July, for a total of $225m between 1 and 7 July.
Source Oasis.app
Why?
If it wanted to redeem its 21,962 BTC worth ~$461 million then it had no other choice.
DeFi has the best liquidation preference!
Smart contracts with an automatically enforceable security interest in Celsius’ collateral ensured that MakerDAO lenders were protected. If Celsius was ever in default, its collateral would be automatically liquidated to repay lenders. A careful risk management team at MakerDAO sets parameters - governed by MKR holders - to ensure that borrowers at risk of default are liquidated in an orderly manner. It works.
Celsius’ other creditors now need to go through a long drawn out process with a slow and expensive legal system and may end up recovering very little.
DeFi was the first (and only) system to have automatic recourse to collateral outside of the legal system and have computerized automated monitoring and enforcement of loan covenants. A fantastic achievement.
Other wallets reported to be linked to Celsius repaid significant loans to Aave, Compound, and Notional Finance between the default event and today.
Under a properly designed smart contract, you as a lender get your money back. In a TradFi contract you can get screwed (who reads the fine print anyway?).
Here’s the relevant clause from Celsius’ Terms of Use:
Celsius and our third-party partners may experience cyber-attacks, extreme market conditions, or other operational or technical difficulties which could result in the immediate halt of transactions either temporarily or permanently. Provided that Celsius has taken reasonable commercial and operational measures to prevent such events in technical systems controlled by Celsius, Celsius is not and will not be responsible or liable for any loss or damage of any sort incurred by you as a result of such cyber-attacks, operational or technical difficulties or suspensions of transactions.
Challenges
Funds stored in a securely written smart contract designed by a mature DeFi protocol are safer than a centralized solution.
But. How do you know which protocols are well designed? How do you assess the security of a smart contract? Digging for the facts on whether a protocol is centralized or whether a few participants have too much control over investor funds is time consuming.
Then there’s the new regulatory and legal dimension. What if a protocol you use is shut down by the authorities? Is there any way to predict which protocols are likely to be targeted for enforcement action and which are sufficiently decentralized to be compliant?
These are the problems we aim to solve for DeFi Education subscribers.
In short - how to invest without getting rekt.
If you’d like to access our deep dives on the crypto markets - new sectors to watch, analysis of protocol design and value accrual, in depth analysis on smart contract security - you can subscribe now to access over 100 articles.
Coming up, we’ll be covering recent important governance developments at MakerDAO (DeFi’s largest decentralized stablecoin) and Aave’s attempts to enter the market with their GHO stablecoin. Stables are still one of the biggest crypto use cases
1) SEC guidance “Framework for ‘Investment Contract’ Analysis of Digital Assets”
That decision tree, and the paper it came from, is so good (and this post ofc). Thanks for the write up.