When decentralized finance, or DeFi, took off in 2020, it was pitched as an antidote to the failings of legacy finance. Decentralized lending was supposed to be DeFi’s killer app – a way for people to borrow and lend digital assets instantaneously on blockchains, without banks or credit scores. The Aave paradigm is not built to scale with such an amount of complexity, said Paul Frambot, CEO of the DeFi lending protocol Morpho.
The $70 million hack on Curve, one of the largest decentralized crypto exchanges, revealed cracks in the DeFi promise. The hack set off a Rube Goldberg-esque series of events that pushed DeFi lending to its limits – threatening to send the price of a key DeFi asset into a downward death spiral, and raising critical questions about whether community-driven financial platforms are equipped to manage risk.
DeFi lenders have fewer tools than banks do to judge creditworthiness, so they tend to have strict over-collateralization requirements – meaning borrowers must put up more value in collateral than they take out as loans. However, when a hack siphoned $70 million from Curve last month – dragging the price of CRV down 20%, closer to prices where Egorov’s collateral would have been auto-liquidated – the exchange founder’s DeFi lenders realized they might soon be saddled with millions of dollars in bad debt.
Briefly, a sort of Mexican standoff ensued between some of Egorov’s biggest lenders as they weighed liquidating the Curve founder early in an effort to avoid being the last ones stuck with worthless CRV. The Aave DAO is known for conservative management, said an Aave spokesperson, but the Curve crisis showed that risk management is too complicated to be handled by a DAO.
In an effort to manage risk, firms like Gauntlet and Chaos have proprietary tools to measure risk and propose parameter changes. Literally every day, risk managers are pushing risk parameters that are completely trusted and opaque – like we have no idea how they’re calculated, said Frambot. Yet you know the DAO is going to greenlight it because it comes from a trusted brand.
The Curve fiasco demonstrated the capriciousness that can result from this kind of system. In June – more than a month before the Curve exchange was hacked – Gauntlet proposed freezing CRV in Aave V2, arguing Egorov’s massive CRV collateral risked becoming bad debt. Aave’s community voted unanimously against the proposal, which would have prevented Egorov from increasing the size of his CRV position.
DeFi lending platforms face risk management challenges after the Curve hack, as the reliance on code is not enough to make things quick, cheap, and broadly accessible. The money loaned out by DeFi lending platforms is pooled from a decentralized community of individual depositors, each of whom earns a cut of the interest paid by borrowers. If a borrower can’t pay off their debt, these lenders are the ones left holding the bag.