Sep 1, 2022

Transcript: Q&A #3 Where does the Yield in DeFi come from and what are the risks?

Share on social media

In this 3-2-1 Q&A blog, we will answer 3 questions our users asked us, 2 most critical twitter threads our readers need to be aware of, and we’ll analyze 1 DeFi hack. In summary, here is what you will be learning about:

Question 1. Where does the Yield in DeFi come from and what are the risks? 

Question 2. Can you summarize the latest updates on Regulations in Crypto in the US, EU and the UK?

Question 3. What is new at Coinchange?

Twitter Thread #1: NFT Money Market Protocol BendDAO Liquidations

Twitter Thread #2: TribeDAO Unwinding 

DeFi Hack Analyzed: Acala Network hack 

Three Questions From Our Users

Question 1 

Where does the Yield in DeFi come from and what are the risks? 

Let’s first talk about how yields are generated in DeFi: Yields in DeFi are generated in many different ways but primarily come from providing liquidity to Decentralised Exchanges (DEXs) and Lending/Borrowing protocols. Yields is the combination of mainly two type of revenue: 

  1. Protocol revenue 
  • When DeFi users interact with the protocol, there is the gas fee for the underlying blockchain and then there is the protocol fee. The majority of the protocol fees may be rewarded to token holders and contributors.
  1. Token issuance
  • DeFi protocols reward contributors with their governance tokens. These tokens can have a limited or unlimited supply depending on how the smart contract was coded

In many cases contributors receive yield from both these sources, the protocol revenue and the governance token issuance. 

If we look at the largest sectors by TVL which offer yields, as of July 2022, we can see that lending protocols (like AAVE, Compound) are the leading category with 25.7 Billion USD in TVL, followed by DEXs (like Uniswap, Sushiswap) which have 23.5 Billion USD, followed by Bridges with 10.4 Billion USD in TVL. 

Yields on Lending protocols depend on borrowing activity and expose lenders to credit and default risks. However the liquidation process is governed by the code and thus when thresholds are hit, the loans get liquidated automatically and thus are lower risk than CeFI lending risks that Celcius took. Also, yields from DEXs and Bridges rely on trading volume and expose liquidity providers to impermanent loss risk. 

In short, DeFi yields come in various different forms, some have more risks than others and having a proper risk analysis framework can help you protect your capital. You can learn more about how Coinchange mitigates such risks by visiting our blog page and security tab at

Question 2 

Can you summarize the latest updates on Regulations in Crypto in the US, EU and the UK?

Okay so let me start with US first: 


Congress has been pondering over a bill since the President's Working Group on Financial Markets published a Stablecoin Report in Nov '21

Since then, Terra's collapse occurred which has renewed the urgency, and a bi-partisan bill almost made it to a House vote in late July. The Voting was going to take place on July 27th, but was delayed after Treasury Secretary, Janet Yellen, raised some concerns over how customer’s crypto assets are held in custody on their behalf, and how their funds can be guaranteed.

The Bill is not publicly available, but CoinDesk has reported two key points to expect, 

- Outline of how non-bank firms can issue stables

- A ban on commercial companies issuing stables

Discussions are expected to continue next month. 


We spoke about MiCa in our first episode of 3-2-1 QnA but I’ll quickly summarize it again:

Legislation will take effect in 2024.

- Stable issuer must have legal presence in EU

- Must have proof of liquid reserves as token backing

- Issuers will fall under jurisdiction of EU Banking Authority

- Any crypto company will be held liable for losing user funds


UK regulation looked to be maturing faster than in US/EU, with a regulatory report published as early as Jan ‘21 (later updated in July ‘22). The report looked favorably at advancing the regulatory framework around alternative payment solutions. Recently in May ‘22, the UK Treasury retained its pro-stablecoin stance, and intended to legalize stables as means of payment. With a change of leadership between May and July, however, regulation has slowed somewhat.

So, that’s where we currently stand in terms of regulations. 

Question 3 

What is new at Coinchange?

There is a lot of progress happening at Coinchange in the middle of this bear market. Here are some updates: 

  • We are expanfding into Europe!! We have established a financial entity and are applying for a Small Payment Institution license which will be one step closer to the National Payment Institution license. This allows us to facilitate onboarding and funding of new European users. 
  • Coinchange attended the DeFi Security Summit at Stanford University in California. This event was full of blockchain security experts presenting on how the crypto space can be secured. Coinchange discussed the best security practices with security engineers from Immunefi, MakerDAO, Gauntlet, Polygon and smart contract audit firms such as CertiK and Hacken. We will be collaborating with some of them to make our Coinchange Risk Assessment Framework even more robust.  
  • We partnered with Tradezing and Xsolla on our two newest reports on NFT namely the NFT Landscape Report and the NFT Financialization (yield generation) Report which you can check out here

Two Twitter Threads You Need To Be Aware Of

Twitter Thread #1 

NFT Money Market Protocol BendDAO Liquidations

This thread is about BendDAO which is an NFT Lending Protocol. You put up your NFT as a collateral and borrow ETH against it. Or you could simply lend your ETH to NFT holders who collaterlized their NFTs in case they are not able to repay the loan. It includes Blue Chip NFTs such as Bored Apes and Mutant Apes. 

How does the liquidation work? BendDAO auctions the NFTs at a discount to their Floor Price. For example Bored Ape #533 has a floor price of 72ETH but is being sold at auction for 68.4ETH which then lowers the Floor Price of other NFTs, resulting in a series of liquidations. 

So why was this different than any other liquidations such as AAVE or Compound liquidating their crypto assets? Because BendDAO has a hard-coded rule when they auction the NFTs at a specific price and if there are no buyers at that price (liquidator), the protocol continues to hold the NFTs until they get back to the value that the protocol wants to sell at. As a result, the ETH lender rushed to withdraw their ETH when they saw no buyers for the NFTs. 

To save the protocol from a credit crisis, the Bend Dao dev team suggested the following changes: 

  • The liquidation threshold for collateral would be constrained to 70% of the loan value, down from 85%. 
  • the auction period for NFTs on its platform would be reduced from 48 to four hours. 
  • The requirement for the minimum bid price of NFTs on Bend DAO to be pegged to 95% of the floor price on popular NFT marketplaces like OpenSea, would be removed.
  • Interest rates on loans are to be reset from the current 100% to 20%. 
  • And lastly, the BendDAO treasury would be empowered to cover the bad debts and use revenue.

Coinchange Take:  It appears that things have gotten better but the situation is far from over. We see this happen in TradFi all the time:  Leverage + Volatile Asset = Liquidation cascades. People are gradually learning how these also apply to the NFT Space. BendDAO “underestimated how illiquid NFTs could be in a bear market when setting the initial parameters”. As we mentioned earlier, we dive deep into the risks involved in these types of NFT money market protocols in our latest report called NFT Financialization. 

Twitter Thread #2

What’s the matter with Fei Protocol and why is Sam Kazemian, the founder of Frax not happy with them?

This thread is written by Sam Kazemian who is the founder of FRAX protocol

First let me give a bit of background. 

Fei is a decentralized stablecoin protocol and Rari capital is a Lending Market. In late 2021 Fei Protocol did a merger with Rari Capital DAO and named it the TribeDAO. It was the largest merger of two decentralized protocols. Later in April 2022, the Fei-Fuse money market was drained due to a reentrancy bug. Many early adopters of Fuse lost millions. For example 

@fraxfinance a huge FEI/Fuse backer+lender+user lost ~$13m. 

@OlympusDAO lost ~$9m. The total hack resulted in about $80m lost.

However, the FEI/TRIBE DAO had 100s of millions USD in what they called Protocol Controlled Value(PCV) & held a governance vote where TRIBE holders voted overwhelmingly to reimburse all victims of the hack. They were applauded for this exemplary & ethical move. Sam says he sang their graces.

Then weeks went by and there was no repayment. Then in May/June 2022, the crypto markets took their infamous downturn. In the middle of all this, FEI emerges with another governance proposal saying: "Let's do the repayment vote over again, the last one didn't count." This is what pissed off the community. When a prior vote was overwhelmingly passed to reimburse the hack victims, they ignored it saying “it was just an off-chain temperature check type vote. It wasn’t a final on-chain vote. And so they decide to reconsider the reimbursement of the victims and guess what, as you might expect, the vote does not pass this time. That means, the repayment of victims is off the table now.

Coinchange Take: It appears like TribeDAO wanted to repay Rari hack victims at first. However the crypto market collapsed and situation changed and there is a speculation that TribeDAO wants to distribute majority of the protocol accrued value to the team and VCs backing it. It remains to be seen what the actual outcome ends up being. The lesson we can learn from this is that not every DAO is decentralized just because they name it a DAO. And Not every DAO is Autonomous either as the name suggests Decentralized Autonomous Organization. When Coinchange assess protocol risks, we check if their governance is on-chain or off-chain and we look at the distribution of governance tokens so that we can paint the true picture of their governance process. 

Acala Network Hack Analysis by Coinchange 

On Monday, August 15, 2022 The Acala hack saw over 1 billion aUSD stablecoins minted from thin air. aUSD stablecoin depegged by over 99% over that weekend and forced the Acala team to pause the hacker’s wallet, which is raising concerns about its true decentralization.

What is ACALA? Acala is a cross-chain decentralized finance (DeFi) hub that issues the aUSD stablecoin based on the Polkadot blockchain. AUSD is a crypto-backed decentralized stablecoin which Acala calls censorship-resistant stablecoin. A new iBTC-aUSD liquidity pool that launched on Aug 13th contained a software bug. That bug resulted in those error mints of aUSD which were transferred to the wallet addresses of a number of iBTC/aUSD LP contributors when they claimed their iBTC/aUSD LP Rewards. This resulted in 1.2 billion aUSD being minted without collateral. This event crashed the U.S. dollar-pegged stablecoin to $0.01, and in response, the Acala team froze the newly minted tokens by placing the network in maintenance mode.

If we look at the price chart here, aUSD started depegging around Aug 13th 2022, dropped to around 70 cents, then went back up to almost 1 dollar and then fully depegged to 1 cent. So that’s the bad news.

The good news? 99%+ of the erroneously minted aUSD remained on Acala parachain, and only a small proportion was transferred out from Acala parachain. The 99% was immediately locked from further leaving the system and a governance vote was passed to burn these 1B+ aUSD with 95% voting in favor of burning.

Acala Prococolr read more

As of August 24th, aUSD is floating around 70 cents on the dollar.

Coinchange take: So what do we learn from this and how can Coinchange mitigate such risks? One thing is clear that even if protocols themselves are audited, there can still be bugs that go undetected in the smart contracts of newly launched pools within the protocol. At coinchange we check the extent of audit coverage and we flag the sections of the protocol that have not been audited. Another metric we look at is how long the pool has been active for and how many transactions have occurred in that pool till date. This tells us the maturity and robustness of the smart contract. In this case, the iBTC/aUSD pool was launched 2 days before this incident happened and as such would not have passed requirements in the Risk Framework. Besides, Coinchange doesn’t interact with Polkadot Ecosystem yet, as they are still in their early stages. 

This concludes our 3-2-1 Q&A Blog. We’ll see you in the next one, two weeks from now. Meanwhile, kick back and earn passive income using Coinchange. Sign up today!

Stay informed - Subscribe today!

Receive monthly news and insights in your inbox. Don't miss out!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.