Paraphrasing one of my earlier comments here, because it is appropriate.

> DeFi already exists, and have been existing for almost as long as FTX. Likes of FTX and Binance was created in the first place because decentralized, trustleas on chain transaction is slow and expensive, and people don't like slow and expensive. Just because FTX blew up doesn't mean DeFi is at a better place than it was in the past. "DeFi fixes this" is like saying "moving back to horse drawn carriages solves drunk driving fatalities!" Maybe, but no one wants to deal with horse shit.

Except that DeFi has evolved since then. Transactions on Arbitrum and Optimism are basically instant and cost cents (soon to be fractions of a cent with EIP-4844) while being as secure as Ethereum. ZK rollups are coming out now that are even better than them.

So you get speed, low fees, and full transparency and safety. There's a reason both Brian Armstrong and CZ have said they see DeFi replacing their exchanges eventually.

You surely mean to say "basically instant" (with a 7 day period where your transactions can be challenged)? The asterisk seems kinda important to me.

Also, promising my half-assed project will be perfect by the time the finals roll around stopped working in the real world when I graduated from high school. Seems like only in crypto world it's acceptable to judge technology for not what it is but what it dreams to be.

7 day challenge doesn’t exist for ZK rollups because they can be verified instantly through their fraud proof. Yes, right now if you use optimistic rollups there is a dispute window but I expect next time the bull market comes around we won’t be using them as much.

I would recommend saving your optimistic opinion for the next bill run, then, when the ZK rollup is actually built. My comment that people used FTX because FTX is the fastest and cheapest option they had still holds.

DeFi, the various bridges they tend to use, etc have suffered hacks in the billions[0]. Turns out that smart contracts have bugs like every piece of software ever written and opsec is hard. Then, like all things with non-custodial crypto wallets lets consider how many have been individually cleaned out from phishing, clicking the wrong link, the ridiculously complex nature of the entire space, and poor UI/UX all over. Plus there's the tendency for people to lose access to their wallets forever... I known some very sophisticated people in the space that have been burnt by all of these issues and more.

From what I've seen it's basically at a point now where hacking a DeFi bridge essentially guarantees that you can keep 10% as that seems to be the standard for "bug bounties" now. That is, of course, unless you keep 100%...

It's very likely that if DeFi as a whole had the user base of FTX (or major centralized $EXCHANGE) the losses would be similar if not higher. The only thing that has stopped this from happening is the fact that the average centralized exchange user doesn't have a chance of figuring out how to do DeFi (see points above).

[0] - https://hacken.io/discover/top-defi-hacks-of-2022-and-how-to...

The big difference is DeFi apps are immutable, humans are not.

If someone has deployed a DeFi app that can't be changed and hasn't been hacked in a few months, I'm fairly confident it's safe. With an exchange it doesn't matter if it's been running 10 years, it could start stealing money tomorrow.

Code generally is but the target size and scope here completely changes the game.

When an iOS zero day is discovered (as one example) exploiting it often still takes multiple steps, i.e. some action each individual target needs to take. In most cases (rarer and rarer with the exception of log4j, etc) this limits exposure until it can be discovered and patched. Even in the case of things like log4j you can patch your instance before someone gets around to exploiting your instance.

It's widely known that governments, people like the NSO, hacking groups, etc sit on zero days for as long as possible waiting for an opportune moment with the highest return and biggest impact. Hacking groups, governments, etc have been known to sit in compromised networks for years before striking. Point here is they can be remarkably patient and with smart contracts by the time the issue is discovered there's no point - the smart contract is now at $0 and the attackers have disappeared into the night.

When smart contracts are deployed they sit at an address. If an equivalent "zero day" is discovered it's just there there waiting for someone to exploit it with global/universal impact. No action on the part of any users, no need to deploy target by target. I'm sure I could phrase that better but early-morning HN is what I do between waking up and the caffeine kicking in for real work :).

Point here is, I don't quite understand your "it's been around growing for a few months and $10m (or whatever) is there so it's probably safe". Why strike a buggy contract when it's received some amount of traction and is still early stages? Why grab $10m when you can grab $100m (or more)? As I noted there have been several cases (arguably most) where I'm pretty sure the attackers did just this.

Or, in the case of Axie Infinity, you can steal $620m the "good old fashioned way" by targeting and manipulating one of the people behind it. So, in practice, in many cases, humans are still involved.

This also doesn't get to my other points involving the challenge of securing your own wallet, etc. If you peruse around Discord, Reddit, etc where crypto people of higher than average knowledge, skill, and sophistication are reporting daily wallet hacks you'll see just how hard this is. The equivalent being there's a reason why (for example) the United States keeps gold reserves in places like Fort Knox where there is a literal army of 26,0000 soldiers securing it. Most people don't have that ability and even though this comparison is a little tired I think it applies quite well to the difference between keeping gold in your house vs securing it in a bank vault (for example).

That said, you have a point about centralized exchanges but there's a reason why banks don't run off or gamble (FTX) with customer funds - regulation. I think it's clear from the FTX situation something closer to "bank-ish" regulations are coming to centralized exchanges which only tips the calculus further here towards centralization. So, as is often noted, crypto in general is marching closer and closer towards centralization and consolidation which history has demonstrated is almost always naturally the case.

Hacks are different from insider fraud.

Tell that to the people who lose their money.

Events having similar outcomes does not imply the causes, protections, or likelihoods are the same.

I don't know how you got that from the points I've made. I'm also noticing the past two replies to my original comment don't attempt to address, debate, or refute any of the points I've made.

I understand what you're saying but the result is the same and it's little consolation to the people who lose their money.

If you get mugged and someone steals your wallet (FTX, crypto wallet, or physical wallet) = money gone.

If you lose your wallet (physical or crypto) = money gone.

If you get handed a counterfeit bill (physical hack) and it's detected and confiscated later = money gone (best analogy I could come up with for a DeFi hack).

In any of these cases if those funds were needed to buy groceries for your kids or pay your rent the end result is the same. Whatever philosophical point you and the last commenter are trying to make means absolutely nothing to the very real people in the very real world who are significantly impacted by these events. People work for their money and the blase attitude and callousness shown towards victims in this space is very disturbing. We wouldn't remotely be having this discussion if someone gets robbed at gunpoint (victim of a crime) vs FTX (victim of a crime), DeFi hack (victim of a crime), wallet hack (victim of a crime), etc.

In the real world outside of crypto these events are exceedingly rare. I've been mugged once and I'm an outlier. I report credit card fraud and it just goes away. I've never had a bank fail. I've never lost access to a bank, trading, etc account. I've never had a negative experience with a wire transfer. I could go on and on while meanwhile all of these things and worse are a daily occurrence for an outsized portion of people involved in crypto.

The FTX failure alone is estimated to have impacted 1 million people. Celsius has 100,000 creditors. Who knows with DeFi, crypto wallets, etc but as I said originally I personally know an order of magnitude more people who have encountered these issues than the equivalents in the traditional financial system (real world).

Forgive my naïveté, but aren’t you describing a decentralized exchange (DEX) instead of what FTX was? Looks like Uniswap, a popular DEX, is still alive and well.

Yea I work at Balancer and love decentralized finance. It is the shining light of the crypto market and it unfortunately gets so little attention in mainstream media.

We have a chance to make finance better with companies that are completely transparent. Where all funds are held by code which can be audited and proven that they can't steal funds.

Decentralized versions of what FTX did already exist:

- Exchanges: Uniswap, Balancer

- Lending Markets: Aave, Compound

- Options: Lyra, Ribbon

- Perps: GMX, Perpetual

We don't have to suffer through scammer after scammer until the end of time, and we don't need overbearing regulation to save us. We just need transparency.

Real finance is already being done in these platforms and I wish more people would take it seriously and realise this can be a much better future for everyone.

Plus because they're open source and composable we can innovate much faster but that's a thread for another time.

Your "love" of decentralized finance is clouding your judgement. "We just need transparency" -> this is patently false. The decentralized exchanges you mentioned are supposedly open and transparent and yet 97% of coins listed on Uniswap are scams. Being open source and transparent solves nothing.

What we need is better, more equipped, and less corrupt regulators.

You are conflating two things but they are not the same.

FTX (The entity) going bust and losing all customer funds and you buying a shitcoin and losing your funds.

One is FTX's fault, one is yours. If you are using a DEX, you understand that anyone can add their token to the list if they have enough liquidity.

The problem with DeFi is it can't handle credit risk. You see, banks can also eliminate credit risk. They could lend money, and then insist that the money be kept in a box under their supervision. That would eliminate credit risk, and the money would always be safe. Okay, but what would be the point of that? The entire point of lending is temporarily giving up control of resources so that other people can use them. Therefore credit risk is inherent to any lending activity that is useful. Lending without credit risk is pointless, it defeats the purpose. Most DeFi enthusiasts I have spoken with don't understand this.

GP is most likely mocking what they see as circular logic in the crypto-sphere. Re: Uniswap - a study posted here few days ago found that 97.7% of tokens launched there are either scams or rug pulls: https://news.ycombinator.com/item?id=33572361

I'm sure 99% of emails are scams but that doesn't make email a bad technology.

1. I received useful emails each day, and spams are always around 10%. Maybe I am just conservative about wher I put my email? Not being in crypto may help as well, but it's definitely not 1%-99% for me, more like 90%-10%.

2. More importantly, an email provider that doesn't make an effort to distinguish between 99% of spam emails and 1% of legit ones is definitely useless and worthless.

Uniswap the protocol is like SMTP - it's open and permissionless. Uniswap the website is more like Gmail, it has a whitelisted set of tokens to swap.

Because it's a protocol anyone can build a frontend on top of it to filter out any information they like, just like Email. Zapper, DeFi Saver and Zerion are examples of this. Element Finance runs using Balancer under the hood but you wouldn't know and aren't exposed to any tokens or pools they don't manage.

Without the capacity for powerful spam blocking email is a bad technology, or at least an unusable one. DeFi seems to pride itself on _not_ blocking its equivalent of spam.

The more interesting part of that article was the ML techniques described, and the actual conclusion that using said techniques, scam versus not-scam projects can be identified very early on. But that was lost is the typical ‘I told you so’ from the ‘crypto is bad’ crowd.

It doesn't sound like mocking scams, it sounds like mocking people not putting money where their mouth is. A lot of people already promoting "defi" are keeping their funds on centralized exchanges. Why? They still provide a performance edge and more features, but if all you need is basic trading, they should be being utilized even more.

DeFi has no fiat gateway though, that's the biggest bottleneck. The gateway is the centralized exchanges, and I think people tend to park their money on them once they deposit/convert their dollars.