Is Centralized Finance Safe?

TLDR:

1. When you use centralized finance, you take on it’s risks. $100+ billion dollars have been lost by centralized crypto products/bridges since crypto’s inception. Banks have also historically lost billions due to corporate greed, and they’ve censored money movement.

2. The failures of centralized finance occur because they can occur. As Murphy’s Law states, “anything that can go wrong will go wrong”. Using self-custodial finance doesn’t require trusting a central party, and thus it removes the ability for a central party to fail its users. This is why self-custodial finance is a more secure alternative to finance.

   
   

Centralized finance (CeFi) refers to finance where centralized intermediaries control user money. This includes banks (ex. JPM, Wells Fargo), online payment systems (ex. PayPal), and crypto exchanges (ex. Binance, Coinbase, Kraken). When you use centralized finance, you trust the many central intermediaries that touch your money, and you take on the risk that these central intermediaries won’t act in your best interest. This risk you take on has materialized in the form of astronomical losses for society. In this post, we detail some of these losses that have occurred due to centralized finance.

Failures of Centralized Crypto Products/Bridges:

For many, crypto is synonymous with fraud, scams, and failures given the billions lost in crypto in the past few years. The actual culprit behind these losses though is centralization, which is antithetical to crypto’s intention in removing intermediaries. In the case of centralized crypto failures like FTX, Celsius, and others, users gave up control of their funds to companies they thought they could trust, but the fragility of these systems inevitably led to loss of user funds. See section A of the appendix for an account of centralized crypto company losses since crypto’s inception.

Failures of Banks:

Centralization has lead to the loss of astronomical amount of funds not only in crypto but in traditional banking as well. Banks have impeded on the financial freedom of their users by losing money, confiscating money, and censoring money movement. See section B of the appendix for an account of major bank failures from the past two decades.

Centralized finance requires trust from users, but that trust can be broken, and centralized finance companies have lost inordinate amounts of user funds when breaking this trust. By removing the need to place trust in centralized companies, self-custodial finance removes the ability for financial failure on a grand scale.

Appendix:

Section A: Failures of Centralized Crypto Products/Bridges

• Pre-2022: 850,000+ Bitcoin Lost by Centralized Crypto Products

  • MtGox: 850,000+ Bitcoin Lost (Source)

    Mt. Gox, a Tokyo-based exchange once responsible for 70% of all bitcoin transactions, was forced to declare bankruptcy and abruptly cease operations after 850,000 Bitcoins were “lost” in hacks and bugs.

  • Quadriga CX: $190M Assets Lost (Source)

    Canada’s largest cryptocurrency exchange had millions of dollars of crypto ‘disappear’ upon its founder’s death, leaving investors to deal with the fraudulent ponzi scheme’s fallout.
    
    

• 2022: ~24 Billion Lost by Centralized Crypto Products/Bridges

  • Celsius: $12B Assets Lost (Source)

    With the promise of 17% APY, Celsius claimed it had “more than enough” assets to fulfill customer obligations. They did not—Celsius concealed its fraud and insolvency until they were forced to freeze accounts the day Celsius filed for bankruptcy.

  • Celsius: $509M Lost by Lender to Celsius (Source, Source, Source)

    Despite repeatedly claiming they did not make any unsecured loans, Celsius lost over $509 million in ultimately uncollateralized claims, leaving a $1.2 billion hole in their balance sheet and a $4.7 billion hole in investors’ pockets.

  • Voyager: $500M Assets Lost (Source)

    Voyager Digital was forced to file for bankruptcy after Three Arrows Capital, one of Voyager’s largest borrowers, defaulted on a Voyager loan worth over $650 million.

  • BlockFi: $297M Assets Lost (Source, Source)

    BlockFi filed for bankruptcy with over $1.2 billion in debt, alongside $100 million in fines from the SEC and states, preventing the actual transfer of $375 million from interest-over 48,000 user accounts on Nov. 10, 2017.

  • Terraform Labs: $45B Assets Lost (Source, Source, Source, Source)

    Beginning in May 2022, Terra’s uncollateralized stablecoin TerraUSD (UST) began to break to its peg to the US dollar due to a continued sell-off, plunging to 10 cents within a week; its cryptocurrency counterpart Luna fell to “virtually zero,” effectively wiping out $45 billion of market capitalization and contributing to the loss of hundreds of billions of dollars across the crypto ecosystem.

    On April 5, 2024, Do Kwon and Terraform Labs were found liable for fraud by the SEC.

  • FTX: $8B Assets Lost (Source) (Source

    FTX founder Sam Bankman Fried was found by Coindesk to have mismanaged FTX customers’ funds by siphoning them to his own trading firm, Alameda Research. FTX also inflated its own valuation with speculative tokens, leading to a historically large collapse that triggered market-wide shockwaves (see Voyager, BlockFi above).

  • Vauld: $46.5M Assets Lost (Source)

    India’s Enforcement Directorate (ED) issued a freezing order at Vauld, preventing transfers of $46.5 million of assets amid a money laundering probe. One month earlier, Vauld had also previously suspended withdrawals on its platform following market downturn.

  • Ronin Bridge: $615M Assets Stolen (Source, Source)

    Ronin, a bridge tied to the blockchain game Axie Infinity, lost nearly $625 million in a backdoor exploit of Poly Network’s validator nodes.

  • Binance Chain Bridge: $600M Assets Stolen (Source)

    Binance, the world’s largest cryptocurrency exchange, lost $570 million in a hack of its cross-chain bridges, forcing Binance to temporarly halt operation of its Smart Chain.

  • Nomad Bridge: $200M stolen (Source, Source)

    Hackers siphoned the bridge Nomad of $190 million following an update to the bridge’s smart contract through a ‘chaotic’ exploit that allowed certain transactions to be processed without validation.

  • Wormhole Bridge: $320M Assets Stolen (Source)

    Wormhole, one of the most popular bridges between ETH and SOL, lost over $320 million due to an attacker exploiting a vulnerability in “guardian “ accounts and minting 120,000 wETH.

  • Harmony Horizon Bridge: $100M Assets Stolen (Source)

    A pair of North Korean hacker groups drained $100M of ETH, USDT, and wBTC through a malware campaign called “TraderTraitor” that compromised private keys.
    
    

• 2023: ~200+ Million Lost by Centralized Crypto Products/Bridges

  • Prime: $80M Assets Lost ****(Source, Source)

    Prime Trust was found by Nevada Department of Business and Industry have a to owe customers over $80 million after it had been using customer funds to buy crypto to meet withdrawal requests.

  • Multichain Bridge: $130M Assets Lost ****([Source](https://www.chainalysis.com/blog/multichain-exploit-july-2023/#:~:text=Multichain's exploit is potentially the,recent issues suffered by Multichain.), Source, Source)

    Locked funds were abnormally moved to an unknown address, leading to suspicions that an attacker had exploited Multichain’s router protocol to siphon $130 million.

  • **Stake.com: $**41M Assets Lost ****(Source, Source)

    An attacker withdrew $41 million from Stake.com’s casino accounts, reportedly resulting from private keys compromised in a leak.

    
    

Section B: Failures of Banks

• Bank Failures Since 2008

  • Lehman Brothers (Source)

    Lehman Brothers’ bankruptcy, which resulted from extensive losses in mortgage-backed securities, marked the largest bankruptcy filing in U.S. History at the time and catalyzed the 2008 Financial Crisis.

  • Washington Mutual Bank (Source

    The 2008 collapse of Washington Mutual, the largest bank failure in American history, resulted from a 10-day, $17 billion run on its deposits following losses from its irresponsible lending practices and predatory loans on subprime mortages.

  • Wachovia Bank (Source, Source)

    Exposed to risky loans and mortgage deals, Wachovia Bank suffered losses of $9.11 billion amid the subprime mortage crisis, leading to increased financial regulations post-recession.

  • Silicon Valley Bank (Source)

    Silicon Valley Bank’s 2023 failure, one of the largest affecting the tech industry, resulted from a run on deposits, despite government protections, after the bank announced a capital raising of $1.75 billion.

  • Signature Bank (Source)

    Signature bank’s collapse, two days after SVB’s, was attributed to “poor [risk] management” and pursuit of “rapid, unrestrained growth”; its failure nevertheless underscored the systemic risks with specialized banking sectors and contributed to increased regulatory oversight from the government.

  • IndyMac Bank (Source)

    IndyMac Bank’s aggressive lending practice, involving insufficient underwriting and alt-A mortgages, contributed to its 2008 collapse, starting a flood of bank failures and costing the FDIC an estimated $12.4 billion (largest loss in FDIC history).

  • Colonial Bank (Source)

    The Colonial Bank’s 2009 collapse was caused its purchasing of over $1 billion of worthless mortgages from Taylor, Bean & Whitaker and exacerbated by its fraudulent lending practices. Its failure prompted stricter enforcement of government regulations through the Dodd-Frank Act.

  • Guaranty Bank (Source)

    Guaranty Bank’s 2009 collapse resulted from relaxed loan underwriting and poor risk management in the face of mortgage losses, costing the Deposit Insurance Fund $3 billion.

  • BankUnited (Source)

    The 2009 failure and subsequent PE acquisition of BankUnited, caused by its subprime mortgage exposure, was Florida's largest bank collapse but led to a pivot to more sustainable banking practices under new ownership.

  • First NBC Bank (Source

    First NBC Bank of New Orleans’s board of directors failed to act on warnings surrounding its risky lending practices (and actively covered it up), leaving the FDIC to pay approximately $1 billion.
    
    

• Banks Confiscating Money

  • Cyprus Bail-In (2013) (Source

    During the financial crisis in Cyprus, depositors' funds exceeding €100,000 were confiscated as part of a "bail-in" measure to stabilize the banking system. This incident left many individuals without access to their savings, highlighting the vulnerability of traditional banking systems.

  • Venezuela's Currency Control Policies (Source)

    In Venezuela, strict currency control policies have led to funds being frozen or confiscated. Citizens have faced difficulties in accessing their funds and transferring money internationally due to government restrictions and the collapsing economy.

  • Greek Debt Crisis (2015) (Source)

    During the financial crisis in Greece, capital controls were imposed, restricting the amount of money that individuals could withdraw from their bank accounts. This measure aimed to prevent a bank run but led to people losing access to their funds temporarily.

  • Indian Demonetization (2016) (Source

    In an effort to combat corruption and the use of illicit funds, the Indian government invalidated certain high-value banknotes. This sudden move resulted in people facing difficulties in exchanging their old notes for new ones, temporarily depriving them of their financial assets.

  • Argentinian Economic Crisis (2001) (Source)

    In response to the economic crisis, Argentina implemented strict banking restrictions, including limiting cash withdrawals and freezing bank accounts. Many Argentinians were unable to access their funds, causing widespread financial distress.
    
    

• Banks Censoring Movement of Money

  • WikiLeaks' Banking Blockade (2010) (Source)

    Traditional financial institutions, under pressure from governments, imposed a financial blockade on WikiLeaks, effectively censoring the movement of funds to the organization. This incident raised concerns about centralized control and the ability of banks to restrict financial support for certain causes or organizations.

  • Remittance Restrictions (Source)

    In various countries, individuals face challenges in sending and receiving remittances due to regulatory limitations imposed by traditional banking systems. These restrictions hinder the flow of funds and negatively impact families relying on remittances for their livelihoods.

  • PayPal and WikiLeaks (2010) (Source

    Following pressure from the U.S. government, PayPal, a popular online payment platform, suspended WikiLeaks' account, effectively blocking donations to the organization. This incident showcased the centralized control that payment processors exercise over fund movement.

  • Financial Blockade of Iran (2012) (Source)

    International sanctions imposed on Iran led to significant restrictions on its banking system. This hindered international financial transactions involving Iranian entities and limited their access to the global financial network.

  • Chinese Capital Controls (2016-2017) (Source)

    To stabilize its economy and manage capital outflows, China implemented strict capital controls, including limitations on individual foreign currency purchases and restrictions on overseas money transfers. These controls curtailed the movement of funds for individuals and businesses.

  • Nigerian Remittance Restrictions (Source)

    In Nigeria, the government has imposed restrictions on the transfer of funds outside the country. This has created difficulties for individuals and businesses in sending and receiving international payments, limiting economic opportunities.

  • PayPal and Palestinian Activism (Source, Source)

    PayPal has been known to restrict or suspend the accounts of Palestinian activists and humanitarian organizations, hindering their ability to receive funds and support their causes. This highlights the potential for censorship based on political or ideological reasons.

  • Iran Hijab Fines (2023-2024) (Source)

    Following a ruling by Iran’s Supreme Council of Cultural Revolution, Iranian women who do not observe the country’s mandatory hijab, whether in-person or online, may have between 50,000 and 500,000 Iranian rials deducted from their bank accounts, with fines escalating up to 240 million rials ($400) for ‘repeat offenders.’

Definitions:

Crypto custodian: A crypto custodian is a financial institution or service that holds digital assets on behalf of investors.

Bridge: In the context of crypto, a bridge is essentially a protocol by which a custodian holds digital assets on behalf of investors and mints a corresponding IOU token (bridged token) on another blockchain for use. You can imagine a bridge is a crypto custodian but IOUs can be traded on the blockchain instead of just the custodian’s centralized website.

Contributors:

This article was written by Shehzan Maredia and edited by Pippa Lother, Nadav Kohen, and Midhun Sadanand.