🔍 How to protect yourself in DeFi
valuable weekly insights
DeFi Saver is a DeFi tool that offers advanced features for managing your positions across Aave, Spark, and other top apps. Check it out here.
GM friends.
Here’s what I’ll cover today:
🔎 My advice to protect yourself in DeFi
📊 Crypto chart of the week
🗞️ The latest DeFi news
🔎 My advice to protect yourself in DeFi
27 dApps were exploited in April, according to DeFiLlama.
This unfortunately shows that, in terms of security, using DeFi is still very risky, especially if you don’t manage your risk properly.
With that in mind, I wanted to share some advice for staying safe on-chain and minimizing potential losses from hacks.
Here are six security tips to protect yourself in DeFi:
Don’t deposit more than 10% of your portfolio in a single dApp
The goal of this is to limit your losses if one of the dApps you use gets hacked.
I make a few exceptions to this rule only for a few major dApps like Pendle that have been live for years without security incidents. But even in these cases, I don’t deposit more than 20% of my portfolio in a single place.
The idea is to never have more funds in a single DeFi protocol than you can afford to lose. This also applies to CEXs.
Not only can CEXs get hacked, but they can also freeze your funds.
Use Rabby Wallet + Ledger for your on-chain transactions
I’ve been using this combination for many years.
The advantage of using a hardware wallet like Ledger is that even if you install a virus on your PC, it can’t steal your funds unless you sign a malicious transaction.
Rabby also has many interesting security features. This includes transaction simulations, bulk revokes for transaction approvals, risk alerts, and so on.
You can connect your Ledger to Rabby Wallet by clicking on “Connect hardware wallets” in the Rabby browser extension, so you can get the best of both worlds.
Check the audits of the dApps you are using
By checking audits, I don’t mean just checking whether an app was audited.
Almost all dApps have been audited. What I usually check is:
Who completed the audit? Is it a reputable security firm that has also audited top dApps like Uniswap and Aave, or one that no one has heard of?
You can ask AI for more information about a specific security firm.
How many audits have been completed? I feel more comfortable using a dApp that has been audited many times by different firms, than one audited only once.
How many critical bugs have been found? This is not something you must verify unless you want to dive deeper, but if you see a lot of critical vulnerabilities mentioned in an audit report, this can indicate one of these two things:
Either the team was not careful when writing the smart contracts (which is obviously not great, as you want to use only dApps built with a security-first approach), or the auditor was excellent and found some vulnerabilities that were very hard to find.
You can usually find details about audits in the docs of each project.
Audits obviously don’t guarantee that a dApp won’t get hacked, but they at least reduce the likelihood of it.
Before we continue, here’s how you can use DeFi Saver to manage your Aave positions:
Brought to you by DeFi Saver
3 options if you’re stuck in an Aave position
The rsETH exploit triggered a bank run on Aave.
As a result, many people who use Aave, such as WETH lenders, remained stuck in their positions as the market utilization rose to 100%.
Aave is working on a recovery plan, but if your position is stuck and you don’t want to wait, there are a few things you can still do to adjust or exit your position.
DeFi Saver has several tools that can help you with this:
Collateral switching - With this one, you can switch your ETH collateral to wstETH or other assets that don’t have a 100% market utilization and can be withdrawn in just a few clicks (as long as there’s enough liquidity available)
Repay ETH debt with aWETH - Because of the current situation, aWETH (Aave’s ETH debt) is trading at a slight discount. So if you borrowed ETH on Aave, it makes a lot of sense to repay your loan with DeFi Saver’s Repay, as you will repay slightly less than you normally would have to
Loan Shifting - If you have a loan on Aave and you’re concerned by Aave’s current high borrowing rates, you can use this DeFiSaver tool to move your loan to another dApp like Sparklend, Morpho, Liquity, and others
Fortunately, it looks like Aave’s current recovery plan will cover all its bad debt.
But if you want to exit your Aave positions now or shift your loans to another protocol with lower borrowing rates, DeFi Saver can help you with that.
Check out DeFi Saver’s tools for Aave here!
My advice to protect yourself in DeFi (part 2)
Calculate your direct and indirect exposure to all DeFi protocols
DeFi composability is one of the main things that makes DeFi amazing.
But at the same time, the fact that many DeFi protocols are deeply interconnected means that a single app being hacked can affect dozens of apps. It’s very important to take this into consideration when thinking about how to protect your funds.
Consider the following scenario:
Suppose you have 10% of your portfolio in Ethena’s sUSDe and another 15% in USDT lent on Aave. If Ethena gets hacked (I am hoping it never happens), your maximum exposure to the hack is not 10%.
It’s 25% (10% + 15%). Why? Because USDT can be borrowed against sUSDe on Aave, your USDT lent on Aave could also be affected by a hack that impacts the sUSDe peg.
This is not only about Aave. USDT lenders on Fluid would also be affected in this scenario.
What this should tell you is that unless you’re willing to take the risk of losing up to 25% of your money in the event of an Ethena hack, you should decrease your sUSDe position, or your USDT lending position on Aave, or both.
This is an example for sUSDe, but you can apply it to any other yield-bearing asset. A lot of people overlook how much indirect exposure they have to a certain app/asset.
My point is that you should try to identify all single points of failure.
If a single potential exploit could cause you to lose a larger portion of your portfolio than you’re willing to risk, then you should diversify your portfolio more and move some funds to apps that are not directly interconnected with each other.
You can find a guide on how to see which money markets would be affected by a potential hack of a certain asset using DefiLlama’s risk metrics below:
Spread your funds across multiple wallets
The reason I suggest this is that if you accidentally sign a malicious transaction, all your funds could be gone in a few seconds.
If you have multiple wallets, you can at least reduce the impact if that happens.
One way to reduce the odds of this happening is by installing the DeFiLlama browser extension, which is free.
If you have the extension and accidentally click a phishing link, there’s a chance it will warn you and prevent you from getting hacked.
Deploy your funds in DeFi only when the yield justifies the risk
I actually wrote an issue about this a few weeks ago.
In short, what I said there is that I don’t believe it’s a good idea to lend your stables in DeFi if you’re only getting 2-3% APY, given the risks on-chain lending carries.
(2-3% APY was the average stablecoin supply rate on Aave before the rsETH hack)
And don’t get me wrong - I am a huge fan of Aave, and I actually used it a lot over the past few months for leverage looping strategies that generated decent returns.
But my point is this: If you deploy your capital in DeFi, ask yourself first whether the return you are getting is high enough to justify the risks involved.
If the return is high enough, that’s great.
But if you believe this is not the case, I think it’s better to just wait for a good opportunity to appear without risking your capital for a yield that is too low.
The most important thing in this industry is to survive.
At the same time, it’s true that you have to take risks to make it.
But you need to make sure you only take calculated risks with high upside potential, not random risks where you risk a lot of money for a very small gain.
Chart of the week
Hyperliquid-powered apps captured 50% market share in the RWA perps sector
Crypto meme of the week😂
The latest developments in DeFi
MegaETH launched its token and points program
Hyperliquid surpassed Robinhood in crypto revenue in Q1
Lighter enabled trading perps with $ETH as collateral
Theo launched thUSD to the public, the first yield-bearing stablecoin built on top of a tokenized gold product and paired with a delta-neutral gold carry strategy
Kinetiq launched the Markets app - a Hyperliquid mobile app for 24/7 trading
Pendle launched Omnichain PT swaps, allowing to buy fixed yield PT tokens on other blockchains in a single click
DeFi Saver announced it offers collateral shifting, loan repaying, and loan shifting features for those looking to adjust/exit their Aave positions
Aave announced a plan to fully restore rsETH backing
Pump Fun burned all bought back PUMP tokens (around 37% of its circ. supply)
Ostium launched an institutional hedging layer - an upgrade that hedges directional trading risk offchain and enables deeper liquidity
DefiLlama released risk metrics, a metric that shows how much money would be lost across lending markets if a token got hacked
Polymarket launched CLOB v2, its biggest upgrade yet
Synthetix’s new perps DEX officially became open to the public
Circle announced its investment in AAVE
Western Union announced plans to launch a stablecoin on Solana
That’s all for this week!
Until next time,
The DeFi Investor
Want to sponsor this newsletter?
Please send me a DM on Twitter (X). I have a sponsorship deck that I can send you.