Prologue

As the world continues to shift towards digitization, the financial industry continues to evolve. Decentralized Finance (DeFi) has emerged as a new way of conducting financial transactions, offering users more control and freedom over their assets. However, with the growth of DeFi, there is an increasing need for effective risk control and regulatory technology (RegTech). In this article, we will explore the importance of risk control and RegTech and navigate the future of DeFi.

1/ Introduction

1.1 What is DeFi?

The world of finance has undergone significant changes in recent years, with technology playing a pivotal role in reshaping conventional financial services. Gone are the days when conventional financial services relied on middlemen to broker deals between parties, and hefty fees had to be paid for their services. With the rise of digital platforms and blockchain technology, conventional financial service providers have been forced to adapt their business models to remain competitive.

With the rise of blockchain technology, a new financial system without a middleman is built - Decentralized Finance (DeFi), which runs on smart (automated) contracts and allows users to participate in financial activities without intermediaries. In contrast to a conventional institution that controls who gets loans and who does not, smart contracts provide financial services based on automated rules. This system is trustless, transparent, and operates 24/7, offering users more control over their assets, and without the middlemen taking their cut. DeFi has skyrocketed in recent years, with the TVL (Total Value Locked) reaching an all-time high of over $180 billion in Dec 2021(as of 07/03/2023).

Source: Defillama

In short, DeFi is a set of financial applications that provide lending, borrowing, trading, and investing in a more transparent and permissionless way. DeFi offers several advantages over conventional finance, including faster transactions, lower fees, and greater accessibility. However, the DeFi system is still in its infancy and is plagued by several risks that investors and users need to be aware of.

1.2 Landscape of DeFi

Inspired by DeFi Landscape

The DeFi landscape has grown significantly in the last few years, with various projects offering different solutions. DeFi projects can be categorized into four layers:

  • Assets: including stablecoins(crypto-collateralized, algorithmic, and fiat-collateralized stablecoins); Real World Assets(RWAs); Synthetic Assets, etc.
  • Basic DeFi: providing basic financial services, like lending and borrowing, and trading. These protocols will play as the strong engine for DeFi.
  • Advanced DeFi: it’s more complex and it’s also key in TradeFi. Advanced DeFi is crucial for DeFi Lego, and professional traders are keen to see the growth in this section.
  • Aggregator: sits on the top of DeFi lego. These protocols are aiming to increase capital efficiency and bring DeFi to the wider economy.

1.3 The importance of risk control and regulatory compliance

Many might argue that their very natures can’t align with decentralization and regulation. However, risk control and regulatory compliance are critical components of any financial system, including DeFi. Here’s why:

Protecting Funds: DeFi protocols are running on smart contracts, and self-executing codes are controlling the movement of funds. However, these transparent programs may be vulnerable to hacks or attacks:

  • As shown on Chainalysis, 2022 is the biggest year ever for crypto hacking with $3.8 billion stolen;
  • And there are $790M+ tokenomics-related losses happening in 2022 based on Certik’s report, due to internal and external issues.

Hackers can scan DeFi codes for vulnerabilities and strike at the perfect time to maximize their theft, thus resulting in funds loss. In this case, some effective risk control ways, such as smart contracts audits, on-chain data monitoring, alerts, and penetration testing can help minimize funds loss.

Mitigating Systemic Risks: DeFi ecosystems are interconnected, which means even a single failure in one specific protocol can result in far-reaching consequences in the whole ecosystem, like Terra’s failure, FTX’s collapse, etc.

Source: Beosin’s report

Regulators and RegTech can play a crucial role in ensuring that DeFi complies with relevant regulations and further minimize the potential systematic risks.

Ensuring Fairness and Transparency: DeFi must be transparent and fair enough to foster trust among users. Regulatory compliance will definitely make sure that all the protocols operate in a proper way with consistency and fairness, preventing bad behaviors like exploiting vulnerabilities or engaging in fraudulent activities.

Avoiding Compliance issues: Many countries have released the regulatory framework to constrain decentralized financial activities. If protocols can’t meet the regulatory requirements, it may result in severe penalties.

In summary, risk control and regulatory compliance are essential for the long-term sustainability and mass adoption of future DeFi.

2/ Risks in DeFi

Mapping with risks in conventional financial services, there are two kinds of risks in general:

Systemic Risks: majorities related to market risks, and inflationary risks. Most of the time, these risks are devastating, and what we can do is monitor and reduce the loss as much as possible.

Unsystematic Risks:

  • Liquidity risk, including asset liquidity risk and funding liquidity risk, is crucial for both conventional finance and DeFi.
  • Operational risk, including model risk (finance model), people risk, and legal risks.
  • Financial risk may include settlement risk and credit risk.
Adapted from by the link

DeFi is still a nascent industry, and it is subject to similar risks to conventional financial services, these risks can be categorized into different layers based on (Kofi Kufuor, The State of Crypto Security (Oct 2022)) and the concept of assessing risks in DeFi):

Infrastructure Risk:

  • DeFi is built on blockchain technology, so some risks are from the underlying blockchain, such as 51% attacks on validators.
  • Oracle is the data center in the DeFi ecosystem, which can feed various data into DeFi, thus may some single failure.
  • Key management is another critical topic in security.

Smart contracts: Smart contract vulnerabilities are one of the most significant risks in the DeFi ecosystem, with hackers exploiting these vulnerabilities to steal funds from users.

Protocol logic:

  • Exploit risk: Access control exploit, mathematical mistake exploit, or deposit/withdrawal logic exploits;
  • Goverance/Tokenomics: this a crypto-native term, a bad or improper tokenomics design may result in severe consequences, like Terra, Celsius Network, Beanstalk, Fortress, Axie Infinity, Solend, and Babylon Finance.
  • Liquidity: it's the risk that there may not be enough buyers or sellers available to execute transactions at a given time, resulting in slippage or price volatility.

Operational Risk: in the crypto world, investors must be aware of scams, which are also called “rug-pull”; some human or operation risks should also be addressed here.

Financial Risk:

  • Market volatility, like the conventional financial market, DeFi markets are susceptible to price fluctuations.
  • DeFi is decentralized and without middlemen, and there are not too many regulators right now. But crypto already draws more attention from governments, and the policy mistake can cause huge damage to the DeFi space.
  • Event risks are common to the finance system, and which is also called “left-rail - risk”. These events may lead to an extreme imbalance of supply and demand, such as the stablecoins de-pegging (Terra’s failure, USDC de-pegging)

3/ The Current State of DeFi Risk Control

Source: A developer’s guide to the web3 security stack, Coinbase

The risks associated with DeFi can be mitigated through various tools and methods. As we already addressed the security risks above, here we are discussing the tools which are designed to solve the risks in DeFi. Generally, several actions can be taken to mitigate the risks in different layers:

  • Conduct regular security audits: DeFi platforms should conduct regular security audits to identify and fix vulnerabilities in their smart contracts.
  • Implement multi-signature wallets: Multi-signature wallets require more than one person to approve a transaction, reducing the risk of a single point of failure.
  • Use insurance: DeFi platforms can offer insurance or bounty policies to protect users against losses caused by hacks or vulnerabilities.
  • Increase regulation: Governments and regulatory bodies can increase regulations to protect users from scams and fraudulent activities in the DeFi space.
  • Educate users: DeFi platforms can educate users on the risks associated with DeFi and how to protect themselves from such risks.
  • Collaborate with security experts: DeFi platforms can collaborate with cybersecurity experts and white hat hackers to identify and fix vulnerabilities in their systems.

In conclusion, the risks associated with DeFi can be solved through a combination of approaches. By implementing these measures, DeFi platforms can provide a safer environment for users to transact and invest in.

4/ The future of DeFi: Risk Control & RegTech

DeFi is still a rapidly growing ecosystem that includes stablecoins, lending/borrowing, aggregator, insurance, and derivatives. Honestly, ecosystems need continued innovations and also in risk management, and compliance solutions. With the adoption of DeFi by institutional investors and traditional Web2, without the new regulatory frameworks and RegTech, it will be hard to keep the momentum going.

Some potential developments in the future of DeFi may include:

  • Increased adoption: As more people become aware of DeFi and its benefits, we can expect a significant increase in adoption. This will also lead to increased liquidity, more development, and ultimately greater mainstream acceptance.
  • Expansion into new areas: Currently, most DeFi applications are focused on lending and borrowing, trading, and stablecoins. However, there is potential for DeFi to expand into other areas such as insurance, identity verification, crypto-native stablecoins, and gaming.
  • Interoperability: with the emergence of different DeFi protocols, there may be a need for interoperability between these protocols to facilitate seamless transactions across different blockchains.
  • Improved user experience: User experience is still a major barrier for non-crypto users. As the ecosystem matures, we can expect to see improvements in the design of DeFi applications, making them more accessible and user-friendly.
  • Integration with traditional finance: DeFi and traditional finance can coexist, which will enable users to access a wider range of financial services.

Along with the development of future DeFi, ecosystems also need stronger and well-organized supporting infrastructures, especially tools of Risk Controls and RegTech to maintain the sustainability of future DeFi. Here are some predictions for the future security of DeFi:

  • Security as normal and introduce Risk Control Framework: Continuous improvement on security, It is a constant cycle of, Audit->Monitoring/Alert->Detect Security Risks-> Solving the Issues by a dedicated and professional team.
  • Increased Regulation Technologies: With growth comes increased scrutiny from regulators, we can expect to see more regulatory oversight (as Wu blockchain said), which could impact how DeFi operates. The response to security risks should be more standardized and streamlined, which needs continuous innovation in RegTech and Risk Control, real-time monitoring, and alerts to figure out the potential risks and take action quickly.

4.1 Risk Control Framework

At this early stage of DeFi, the ecosystem needs a constructive risk control system to proactively monitor and manage the risks. So it is essential to have a robust risk control framework in place to mitigate these DeFi risks. Here is a high-level DeFi risk control framework that can help protocols manage risks:

  • Risk Identification: it is the first step in risk control. All the security testing tools and audit service providers can play key components in risk identification.
  • Risk Assessment: this step can help assess the impact of identified risks and prioritize the focus on those risks. Threat intelligence, risk management, and blockchain forensics can help address this process.
  • Risk Mitigation: after identifying and assessing risks, risk mitigation strategies can be implemented, such as two-factor authentication and regular security testing. Key and access management tools, and security testing tools can play a key role here.
  • Risk Monitoring: it is essential to continually monitor the platform for potential risks and vulnerabilities. This can include regular security audits, monitoring on-chain activities, etc.
  • Contingency planning: finally, it’s important to have a contingency plan to respond to unexpected incidents. Bug bounty, responding procedures, and in-time communication should be addressed in this plan.

4.2 Embracing RegTech

Regulatory technology (RegTech) refers to using technology to help financial institutions in complying with regulatory requirements. RegTech is essential in managing risks in DeFi, as it helps ensure compliance with regulatory requirements and reduces the risk of fraud and money laundering.

RegTech solutions can automate compliance processes, reduce compliance costs, and enhance regulatory reporting, monitoring, and analysis. Some examples of RegTech applications include anti-money laundering (AML) and know-your-customer (KYC) verification, risk management software, cybersecurity tools, end-to-end transaction monitoring, and regulatory reporting systems.

Blockchain technology as a game changer is leading to a new breed of RegTech 2.0. Addressing interoperable smart contracts will automate regulatory reporting, and make it more transparent, improving consistency, efficiency, and data quality. Regarding the DeFi ecosystem is still in its early stage, there is a lack of regulatory oversight, making it more susceptible to fraudulent activities. Here are some ways RegTech can help DeFi:

  • Compliance automation: automate compliance tasks, such as Know Your Customer (KYC) and Anti-Money Laundering (AML) checks, making it easier for DeFi platforms to comply with regulatory requirements.
  • Risk management: help DeFi platforms assess and manage risks associated with their operations, such as smart contract vulnerabilities, providing real-time monitoring and alerts.
  • Reporting and analytics: generate real-time reports and analytics on DeFi platforms' compliance and risk performance, making it easier for them to demonstrate compliance to regulators.
  • Identity verification: provide secure and reliable identity verification services for DeFi users, helping to prevent fraud and money laundering.
  • Audit trail: audit trail of all transactions on the DeFi platform, making it easier for regulators to track and investigate suspicious activities.

In conclusion, RegTech is playing a crucial role in helping DeFi platforms comply with regulations and mitigate risks.

4.3 Examples of successful solutions

There are many players working on RegTech solutions, here is a comprehensive list.

Among these providers, Chainalysis and Certik are the most outstanding.

Chainalysis - a blockchain-based data platform that provides solutions for businesses, banks, and governments to make critical decisions and protect customers from potential risks. They offer risk and compliance management tools for businesses developing crypto strategies and operations. Their products include Reactor for connecting crypto transactions to real-world entities and KYT for transaction monitoring for compliance. They have helped law enforcement agencies across the world to catch cryptocurrency criminals, and have successfully recovered stolen funds and identified suspicious transactions.


CertiK - which provides smart contract auditing services to identify potential code errors and security risks. The audit process involves line-by-line inspection of contracts’ source code, formal verification, and manual inspection. The top five vulnerabilities found during an audit are centralization risks, buffer overflow, integer overflow, reentrancy attacks, and lack of input validation. CertiK's Security Leaderboard includes a KYC Badge for transparency, credibility, accountability, and real-time community alerts. Through CertiK, DeFi users can verify the audits of projects to ensure they have been properly audited and have live security monitoring, reducing the risk of cyber hacks.

5/ DeFi Data from NodeReal

NodeReal specializes in providing a reliable and secure infrastructure for blockchain and decentralized applications. In the context of DeFi and its risk control, NodeReal can provide comprehensive data service to support the various use cases:

  • DEX indexing for data indexing protocols, such as Dexscreeners, DexTools, and APY Vision. DEX indexing is also an important component for the top DEX players, eg. PancakeSwap, Uniswap, etc.
  • Liquidity Monitoring for top RegTech tools - Cerik is the top player in DeFi RegTech and is teaming up with us for reliable risk monitoring and alert.
(from https://www.certik.com/ )
  • Some trading houses, including WooFi, and Zapper, are based on our data service to do the best trade execution.
  • Last but not least, DeFi data is also a critical part of the data analytics platform.

6/ Conclusion

The future of DeFi is undoubtedly bright, and it is expected that DeFi will continue to grow and evolve in the coming years. While DeFi presents both new opportunities and new risks, in order to embrace the adoption of future DeFi, completed risk control and regulatory compliance will continue to be the critical components. At the same time, continued innovation will help to make DeFi more secure, transparent, and accessible to a wider range of users.


About NodeReal

NodeReal is a leading one-stop blockchain infrastructure and service provider that embraces the high-speed blockchain era and empowers developers by “Make your Web3 Real”. We provide scalable, reliable, and efficient blockchain solutions for everyone, aiming to support the adoption, growth, and long-term success of the Web3 ecosystem.

NodeReal’s Semita helps developers to build their custom Application Chains or scale their blockchains with layer 2 solutions, like ZK Rollup and Optimistic Rollup.

Join Our Community

Join our community to learn more about NodeReal and stay up to date!

Discord | Twitter| Youtube | LinkedIn