Safety and Security in Decentralized Finance (DeFi)


Listen to the audio recording of this article.

Part 1 – An Introduction to Safety and Security in Decentralized Finance

According to the article How to Bank the Unbanked: Global Findex Results by Tyler Smith, there remains a staggering percentage of the world population considered ‘unbanked.’  In some countries around the world, the number of people without traditional banking accounts (whether online or brick-and-mortar) outnumber those with by a factor of 2 to 1.  For example, only 37% of Mexico residents have a traditional banking account.  The percentages are even lower elsewhere in the world, such as 34.5% in the Philippines and only 31% of those living in Vietnam.  In contrast, access to mobile devices, wireless internet and social media platforms has risen drastically in recent years.  Upwards of 67% of those living in the Philippines and Vietnam, and 69% of those living in Mexico, are active social media users.  The true reason for the large disparity is debatable, but much of it can be attributed to a lack of formal identification, insufficient credit history or similar issues that dissuade traditional banks from offering their services.  Crypto technology, and specifically decentralized finance (or DeFi), offers an effective solution to this disparity because of its simplicity, global reach and the inherent reliability that comes from a digital public ledger.

However, there are key considerations when discussing the practicality of using DeFi as a global medium for value exchange.  One of the most critically important considerations is that of security.  Traditional banking typically offers a great deal of security for their users.  For example, if a customer finds that their debit or credit card information has been stolen, banks will often freeze the affected accounts, reverse unauthorized transactions, and issue replacement cards with new account numbers and security codes.  Information filed in a bank’s electronic records system is typically encrypted with several security layers to prevent theft or exposure.  In some countries, government regulation may also offer certain protections against banking institution failure, such as the Federal Deposit Insurance Corporation in the United States or the Fundo de Garantia de Depósitos in Portugal. It is important to recognize that DeFi does not offer these same protections—although we will find through this discussion that DeFi offers a much greater degree of security in other respects.

How does DeFi work?

When someone holds their financial assets in a bank, very rarely is physical currency kept in a locked box.  Instead, the banks document the customer’s balance (including transactions in and out) in a private ledger.  Deposits are pooled together, reallocated into various investment vehicles, and becomes one of the means by which banking institutions achieve profit.

Holding financial assets in DeFi is markedly different, in that the information is kept on the blockchain—a digital public ledger that cannot be altered once a transaction takes place.  DeFi ‘tokens’ or digital assets are not technically held in any bank account or wallet; instead, they are recorded on the blockchain using a unique public/private key pair.  Users can only access and utilize (i.e. send out) their assets associated with the key pair using the private key.  In practice, holders of DeFi tokens typically use third-party applications on a computer or mobile device (so-called ‘wallets’) that import the private key (also commonly referred to as a seed phrase), providing the ability to digitally sign and authorize transactions.  Many modern applications also include second-factor authentication options, such as biometrics or password protection, to offer another layer of security against unauthorized transaction signing.

When someone wants to send a token from their wallet to another (for example to purchase goods or services), they authorize the transactions by providing the public address of the receiver and signing the transaction.  Once signed, the information is sent to the blockchain and recorded permanently.  Computers, called nodes, continuously maintain a current copy of the blockchain.  Because most blockchains are decentralized (not owned/operated by any one entity), it is not feasible to hack and alter the blockchain data.  In other words, wallet balances and the transactions in and out of each wallet, cannot be changed without a valid signature using the private key.

Why DeFi is More Secure

Because the public ledger permanently records all transactions and balances cannot be altered, the value associated with the financial assets being stored on the blockchain cannot be changed without intentional interaction using the private key.  This provides a profound level of security against a wide variety of threats, including hacking, brute force attacks, theft, impersonation, institutional or government insolvency, etc.  Banks across the globe have been victim to sophisticated computer hacks that have resulted in staggering financial losses.  Paper currencies, gold, jewelry, and other physical assets require significant physical protection (armed guards, vaults, alarm systems, etc.), which often drive considerable expense.  In the most extreme of cases, the history books are full of examples of financial losses incurred as a result of crises and conflict.

As previously mentioned, banking institutions do not actually hold on to deposited funds in an isolated account or physical lock box. Instead, they pool deposits and reinvest it in order to cover operating costs, including real estate, staff salaries, insurance, etc. In fact, the United States required banking institutions to hold in “reserve” 3% of net transaction (checking) accounts until March 2020, but that percentage has since been reduced to 0%. Because banks do not store large sums of cash on a daily basis, if a large, sudden rise in withdrawal demand occurs (i.e. due to a prospect of institutional insolvency, conflict, economic downturn or natural disaster), so-called bank runs may occur. These are not as common today due to various government protections and insurance programs, but they are by no means distant history. In 2015, economic concerns in Greece caused a massive run on banking institutions. In fear of a total economic collapse, long lines were seen at banks and ATMs as customers tried desparately to pull their funds and keep their cash at home. In response, withdrawals were limited to only 60 Euros per day–meaning that customers were not allowed access to their own financial assets because the banks were physically unable to satisfy the withdrawal requirements of every customer.

When financial assets are stored in a non-custodial wallet (i.e. in a wallet for which you have a seed phrase), the assets are not moved elsewhere or invested by a custodial banking institution. The asset value is available 24 hours per day, 7 days per week. The only requirement for a withdrawal is connectivity to the blockchain. In other words–no government, bank or other person or entity can stop the transaction from occurring. You, as the owner, have complete control over your assets at all times.

In addition to complete control over the execution of transactions regardless of the wishes of others, investors holding value in blockchain form also have the ability to store an unlimited amount of value digitally, with practically no physical space requirements, and can do so securely in a highly effective but discrete manner. For comparison’s sake, based on today’s price for gold, someone attempting to transport US$1m would have to carry a package weighing in excess of 40 lbs/18 kg. Not only would that task be physically demanding, but there would be significant security concerns if bad actors were to realize what was being transported. In contrast, an investor with US$1m in a blockchain wallet would only need to take their seed phrase or wallet–which could simply be an application on their mobile phone–to the destination. Theoretically, one could also simply memorize the seed phrase, making a stolen or compromised wallet a non-issue. This makes the transportation of value as absolutely discrete and secure as possible.

The Bottom Line

Because of the way that blockchain technology works, the protection of DeFi-based financial assets is very simple, affordable and highly effective. Essentially, investors need only to: (1) backup and secure their seed phrase; (2) establish reasonable controls over access to wallets by balancing convenience with threat reduction using a combination of warm and cold wallets; and (3) follow simple procedures when interacting with the blockchain, such as when buying, selling or transferring assets. In each part of this series, we will discuss these aspects in detail.

In part 2, we will explore the physical security of private keys. In particular, we will look into some key considerations with respect to record keeping, physical storage, and techniques for those who are highly security-conscious or subject to increased risk.

In part 3, we will discuss the differences between warm and cold wallets, including what they are, how they work, and how best to leverage them for a posture that balances convenience with security.

In part 4, we will dive into the various security considerations for interacting with the blockchain, including some of the simple techniques and procedures that should be employed.

In part 5, we will take an introductory look at ways to research investments using simple techniques and publicly available information in order to select the right investment vehicles and ensure your portfolio is secure.

Click here to continue to Part 2: Secure Storage of Private Keys.

About the Author

Panikd Badger is an investor in DeFi, a voice chat moderator for the FEG Token in Telegram and the head of the FEGradio program. He hosts the FEGradio Live! broadcast every Tuesday and Thursday at 6pm EST/11pm UTC in Telegram, on and on YouTube. Be sure to check out for information about the program, or to listen to the 24-hour FEG Token Voice Chat or wide variety of independent radio programs under the FEGradio umbrella. You are welcome to reach Panikd Badger at any time regarding this article, or for any other matter, on Telegram using the handle @FEGradioLive or on Twitter using the handle @FEGradio.


Comments are closed.