A black swan event is a catastrophe that may or may not happen, but if it does, its precise avenue and the timing of its occurrence will have been nearly impossible to predict beforehand.
In the cryptoeconomy, black swans have been increasingly discussed around the Ethereum community as the project’s decentralized finance arena, or DeFi, has boomed in popularity over the last two years. Why?
Because as DeFi has grown, the amount of ether (ETH) locked in its various protocols has become increasingly considerable, making them ever attractive potential prize pots for malicious actors.
Also, it’s fair to say there’s an air of collective caution around Ethereum as the project’s already endured one black swan via the 2016 hack of “The DAO,” which acutely depressed the ETH price and led to the Ethereum Classic schism.
Many Ethereum stakeholders are thus keen on avoiding further catastrophes. Of course, concerns over a new black swan is a testament to Ethereum’s continued rise and success. Yet that success will be most effectively fostered if DeFi builders keep planning — and defending — against the worst.
Let’s dive a little deeper to explore some of the wider implications around a potential DeFi black swan and provide some more perspective on what the specter of such events means for the new and open financial system blooming atop Ethereum.
Don’t Pick On DeFi!
DeFi’s susceptibility to black swans isn’t unique. So, too, is the regular banking industry or any industry just as vulnerable, generally speaking. So this is not a matter of picking on Ethereum. The project’s progressed incredibly far on multiple fronts in just a few years, and it has plenty more room to grow barring major setbacks. That’s undeniable.
With that said, though, some Ethereum critics use the mere possibility of a DeFi black swan in the years ahead to denigrate the viability of Ethereum and DeFi in general. That’s a partisan position, to be sure.
“I simultaneously take issue with assessing the merits of a project based on Black Swan events — indeed, there are few products or enterprises that are not susceptible to some form of Black Swan,”
Matteo Leibowitz, a talented analyst with The Block, aptly noted last year.
And he’s totally right. Even still, the Ethereum community is also one to directly face up to challenges rather as opposed to burying its head in the sand, so to speak.
If there are potential black swan vulnerabilities in DeFi, Ethereum’s biggest proponents want to know and want to work to make things as right as possible as quickly as possible, even with plenty of tradeoffs at hand to consider.
Why Defi? Because ETH Is Money
The fledgling DeFi community is becoming a larger target for bad actors because, simply put, ETH is money.
In other words, where there’s money to be made, bad actors will always play. Ether is currently the second largest crypto by market capitalization behind bitcoin (BTC), so that’s a good enough target for plenty of “black hat” hackers. These agents would deal with anything, even conch shells, if there’s profit on the other side.
Moreover, since Ethereum dApps are by their very nature open software, malicious agents can probe and study them deeply and at their leisure, like what happened with “The DAO” incident. That dynamic has its advantages.
Another aspect to consider here, and which I briefly touched on earlier, is how DeFi is a growing pathway for “locking” in large amounts of ETH.
Indeed, there’s now more than $750 million USD worth of value locked into DeFi protocols, and the slightly higher $1 billion mark seems all but inevitable in short order.
This isn’t to say that every DeFi dApp has easy attack vectors, rather that they are apparently growing targets value-wise.
Who Are the Targets?
The top DeFi projects, right. Again, it’s not that these projects are low-hanging fruit per se. Just that they’re the biggest DeFi efforts and have recently seen upswells of value and attention. Those who rise get more eyes, as it were.
As such, the probable targets as things stand include the Maker, Compound, Synthetix, dYdX, and Dharma projects. These dApps, which collectively have more than $685 million worth of ether locked in their protocols, are surely desirable victims for hackers.
How’s It Play Out?
Let’s hypothesize just for the sake of brainstorming that a hacker group eventually finds a flaw in some DeFi project’s smart contract code that can be maliciously gamed to the detriment of good-faith users.
Maybe the project is a bigger DeFi effort, or perhaps it’s a smaller one. Either way, if hackers can find an avenue to drain a considerable amount of ether from a popular smart contract, that could lead to a whole lot of ETH ending up in a bad actor’s (or actors’) wallet in rapid fashion.
If that happened, the attacker might be able to steadily “launder” their money to hide their tracks by resorting to Ethereum’s growing privacy solutions, e.g. Tornado.cash. Another bout of acute sell pressure could be in order, then.
Expect Projects Like Nexus to Grow
Nexus Mutual is an interesting Ethereum dApp that functions as a community-owned insurance fund.
Though the project only just launched in spring 2019, it’s already vaulted to the top of the DeFi insurance sector as a first-mover initiative. One of Nexus’s early products is “Smart Conract Cover,” which allows users to “buy protection against financial loss caused by another’s misuse of a smart contract.”
Expect Nexus and related use cases to grow as the specter of a black swan remains a prescient community concern.
In the interest of not being alarmist, it’s also worth noting that DeFi is still relatively small compared to mainstream finance. Because that’s the case, the pool of people that have the requisite knowledge to attack Ethereum-based software is still relatively small.
Is caution worth having? Of course. But is it also clear that there aren’t many people out there for now that have the necessary skills to attack Ethereum dApps? Yes.
For the top DeFi projects, public audits are the norm. These audits, which are conducted by third parties who are being paid to call out weaknesses, are the standard in Ethereum’s community.
To that end, the top DeFi projects are constantly bearing themselves — and their code — to the Ethereum community in hopes of not just acting in good faith, but also with a mind toward eliminating any weaknesses or oversights that might have gotten past preliminary security measures.
The sky isn’t falling in for now. Ethereum’s DeFi space is extremely impressive and worth much optimism.
But a black swan event can never be ruled out, and DeFi — with its early vulnerabilities — seems at least somewhat fertile grounds for a big, bad event. Maybe a related catastrophe happens, or maybe not for many years. But whatever happens, caution is undoubtedly responsible.
If a major black swan event does hit a DeFi project in the near future, it could bring about more negative attention from global financial regulators.
It’s in the interest of Ethereum stakeholders, then, to avoid any financial disasters. No code is infallible, so we don’t know what will happen in the future. But it is clear that DeFi is an arena where extra care is key.
William M. Peaster is a professional writer and editor who specializes in the Ethereum, Dai, and Biticoin beats in the cryptoeconomy. He's appeared in Blockonomi, Binance Academy, Bitsonline, and more. He enjoys tracking smart contracts, DAOs, dApps, and the Lightning Network. He's learning Solidity, too! Contact him on Telegram at @wmpeaster