In the US, government-supported organizations protect most traditional finance users by providing a sort of insurance on their deposits.
Among other things, these organizations protect funds in registered Institutions from being lost through insolvency or due to bank failures.
Would a similar organization work in DeFi?
What are the FDIC and SIPC?
The FDIC protects deposits in banks up to certain limits. If a bank becomes insolvent, the FDIC will preserve or liquidate its assets and begin to pay back customers.
The FDIC spends much of its budget on its Supervision and Consumer Protection program.
The program is concerned with the examination of banks to assess their operating conditions, management practices and policies, and compliance with applicable laws and regulations.
It also makes sure participating American commercial and savings banks comply with consumer protection laws. About $1.1 billion was spent on that program spending in 2021.thus, making up 58% of its
It spent $227 million on bank failure resolution and receivership management of these resolved funds. Further, It spent $316 million to manage its deposit insurance fund, and lastly, $303 million was for so-called ‘corporate general and administrative expenditures.’
That makes a total of $1.9 billion in FDIC operating expenditures. A more detailed view of their expenditures in 2021 can be found on their annual report here.
The SIPC protects user holdings in broker-dealers. If a broker-dealer loses your securities through insolvency, the SIPC will step in to liquidate their assets and bring legal action against anyone necessary to return as many funds as possible.
Both of these organizations function well to protect consumers against loss in traditional financebut they’re tailored for that purpose.
Apart from being able to raise funds through charging an assessment rate, which acts like a membership fee or insurance cost for institutions, the majority of their functionality comes from the ability to liquidate assets and take legal action against responsible parties.
This may not be likely or even possible with DeFi.
Could this model work in DeFi
DeFi hacks since last year are not only more prevalent and more costly in terms of percentage of the industry. They are also less likely to result in a return of stolen funds.especially
The most effective method to make up for lost funds from users in DeFi is not litigation. It’s repaying users with funds from the organization.
While the SIPC does this at times, it is often not needed since most of the funds are recovered.
The SIPC’s Board of Directors decided that 2022’s assessment rate will be 0.0015% of the gross revenue of the member investment firms.
Similarly, small numbers apply to the FDIC, where established institutions with more than five years of insurance under their belt pay between 0.015% to 0.4% of revenue.
DeFi hacks versus membership fees
Hackers got hold of about 0.25% of DeFi TVL not revenue in relatively safe protocols last year.
Because we cannot rely on recovering any of these funds, we must assume that the membership fee would need to be big enough to pay out these losses directly.
Furthermore, limiting these losses to a maximum dollar amount cannot be trusted to lower payout requirements because it’s trivial to split investments between addresses.
This means, for example, that a protocol like Maker with a TVL of $7.9 billion would need to pay about $20 million per year for its membership fee.
That is if we assume that 0.25% will stay a constant risk percentage for relatively safe protocols, excluding operational costs.
Uniswap, which makes no revenue from trades, would need to pay about $15 million per year, according to the same estimation.
While these are very rough estimates, it’s clear that these membership fees are not sustainable for many DeFi protocols.
Why DeFi is attractive to hackers
According to Token Terminal, DeFi protocols and their blockchains generated over $19 billion in revenue in the last 365 days as of August 31, 2022.
Some of these profits go to the founders and developers. Some get redistributed to the users through revenue-sharing tokens. Often, smart contracts make revenue accumulate in treasuries.
There are many ways lots of value can flow within and between those transparent blockchains and smart contracts.
So, it is no surprise that malicious actors like hackers or scammers are looking for ways to get their hands on some of those internet tokens.
DeFi versus TradFi
Why is there no such system in DeFi already? Let’s recap.
It points out that a system that would try to cover the entirety of DeFi protocols the same way the FDIC and SIPC do wouldn’t be sustainable. We cannot rely on or be funded by DeFi’s TVLnot to mention their revenue.
We saw that DeFi protocols’ revenues aren’t able to counter losses such as those from May 2021 to May 2022 (2.56%).
Even their TVL wouldn’t be sufficient to sustainably bear the cost of insurance with given hacked amounts, especially in current market conditions.
Why may that be?
Audited code versus exploits
One problem our research uncovered was that over 70% of the hacked protocols we examined had no audits that incorporated the exploited part of the code.
Besides, all other protocols were audited by only a small number of auditing firms or even only internally by the DeFi protocol itself.
However, we cannot conclude that these well-known auditing firms are incompetent or unreliable.
They typically also audited most of the unhacked part of the DeFi ecosystem, which could explain their overrepresentation in our data.
But ultimately, we can still say that there is a need for oversight of how auditing firms operate. This is to ensure thorough audits of the code of DeFi’s critical infrastructure.
Audits do miss exploits fairly often or just do not audit for all previously used attack vectors.
A potential solution
A potential solution would be the creation of a DIPS (DeFi investors protection system). This system should ensure investors and their deposits from losses of failing protocols and hacks.
It should do so by assisting in the supervision and reviewing the rigorousness of participating protocols’ audits. It can also potentially help with asset recovery efforts and potentially much more.
DeFi protocols should only be able to join the DIPS if they continuously go through the oversight of trusted, battle-tested andstatistically speaking most successful auditors.
By doing so, the DIPS could give seals of approval to DeFi protocols. Those signal users that their investments are with DeFi protocols that have been rigorously tested and audited.
Looking back at our numbers, this has the potential to decrease the currently massive amounts hacked drastically.
The idea of a DIPS that relies on DeFi’s TVLor even its revenues to cover hacks under its umbrella wouldn’t seem far-fetched anymore.
Let’s cover every dollar in DeFi with native blockchain solutionsnot repurposed TradFi solutions.
Dominik Prediger is a Web 3.0 developer at Ease.org. He’s a business informatics student with a focus on exploring the blockchain and learning about smart contract security.
Featured Image: Shutterstock/prodigital art/Natalia Siiatovskaia