Counterparty Risks in Crypto
Aside from price risk, counterparty risk is the biggest risk of investing in crypto. Losing your digital assets due to an exchange being hacked, or your borrower blowing up, have become frequent threats in crypto. PWC estimates that over $ 2 billion of digital assets have been lost due to hacking events in 2022 alone. Although crypto is a nascent and fast-growing business ripe with lucrative opportunities, the field is also fraught with risks.
Although traditional investors give little thought to counterparty risks in the equity, bond, and commodity markets given regulatory comfort and government backing, e.g. SIPC. Although large blow-ups do occur, with famous examples being the Lehman Bros and Bear Stearns demises in 2008, these occurrences are infrequent and government agencies stepped in. Yet in crypto, these blow-ups are a monthly occurrence.
- $600m. Ronin 2022
- $600m. Poly Network 2022
- $500m. Coincheck 2018
- $500m. Mt Gox 2014
- $300m. Wormhole. 2022
- $300m. KuCoin 2020
- $180m. Beanstalk 2022
- $80m. Qubit 2022
- $80m. Fei 2022
- $60m. Zaif 2018
- $60m. Ethereum DAO 2016
- $55m. Upbit. 2018
- $52m. Cashio 2022
- $40m. Binance. 2019
- $37m. IRA Financial 2022
- $35m. Crypto.com 2022
There are so many counterparties in crypto at this time. These hacks were on a mix of types of counterparties, including centralized and decentralized exchanges, defi protocols, defi bridges, lenders/ borrowers, stablecoins and others.
The following will review each type of counterparty.
Centralized exchanges are the oldest type of counterparties. Many have been around since 2013; others were started in 2018. The largest of these are very profitable, thus the credit quality is high. Although hacks do happen, they have been happening with much less frequency since 2019. There are rating services that help investors evaluate these exchanges such as CryptoCompare. Some of the largest and most profitable exchanges, so called “Tier 1” include:
There are many other “Tier 1” exchanges. There are dozens of “Tier 2” and hundreds of Tier 3 and unrated exchanges, all varying in quality.
Some of the desirable criteria used by investors to evaluate the counterparty risk of exchanges include:
- High credit quality, e.g., degree of profitability, strong cash flows with EBITDA of $100m to over $ 1 bn per year and strong balance sheets
- Track record of avoiding hacks
- If there has been a hack, a track record of covering customer losses out of their own pocket
- Top management which is open, transparent, and communicative, especially during crisis, with an attitude of service and helpfulness
- Top management which places a priority on the safekeeping of customer assets and investing in cyber security technology
- Tech team with a strong cyber security track record
- Security audits
- Use of custodians
- 95% of coins being held in cold wallets
- Secure system for management of private keys of hot and cold storage systems with back-ups and contingency plans
- Diversification of key holders and their backups
At this point, most crypto fund managers know how to evaluate and manage the counterparty risk of centralized exchanges. Some of the risk mitigation guidelines include the following:
- Diversify counterparty risk, e.g., no more than 10% per counterparty
- Deal only with top-tier exchanges with the highest credit quality and track record of covering customer losses, if any
Decentralized Finance or Defi is a whole new ballgame. It has grown from nowhere to hundreds of billions of dollars at its peak before the Terra Luna crisis. Although it has presented major opportunities for investors to earn a high yield, it is also fraught with technology risks. It has a poor track record of cyber security risk: see the long list of big hacks such as those mentioned above, e. g. Ethereum DAO, Ronin, Wormhole. Poly Network.
Some of the biggest counterparties in this category include the following defi networks:
- Ethereum DAO
- Maker DAO
Some of the favorable characteristics of the most security defi protocols include:
- Long track records, e.g. since the beginning of defi 3- 5 years ago
- Track record of no hacks
- Highest Total Value Locked (TVL)
- Good VC investor backing
- Tech team with a solid track record from other protocols
- Top management with experience in other protocols
- Top management which is open and transparent.
Many of these traits are shared with those of centralized exchanges.
Cross-chain bridges represent another major area of vulnerability. Bridges exist to facilitate the movement of assets across chains such as from Ethereum to Solana for example. Bridges are vulnerable as they are very new and have a central point of storage, a particularly juicy target for hackers. Chainalysis estimates that $ 2 billion has been stolen across 13 cross-chain bridge hacks, which account for nearly 70% of stolen crypto in 2022 thus far.
The killer applications of blockchain and crypto are lending and borrowing. Given low interest rates in the macro economy, yields for traditional fixed income investors have been extremely low for a long period of time. This has led to the huge growth of the industry of lending and borrowing in the crypto space, promising very high interest rates. Witness the growth of platforms like Voyager, from start-up to a peak of $ 10 b of AUM, offering yields of 7% or more to investors. Or the growth of Celsius from start-up to $ 20 b in aum, offering similar yields. On the other side, these lenders/ borrowers offered loans to investors using bitcoin, ether, and other crypto as collateral.
Some of the largest lending/ borrowing platforms included (some no longer exist):
- Salt Lending
Many of these lenders, along with their investors and consumers, have lost money during the recent Terra Luna crisis. The meltdown of UST and Luna set off a domino effect: the next was 3 Arrows Capital, then Celsius, then Voyager, Blockfi, Vauld, Babel, and many others. The causes were as old as time: lenders lending out short term but borrowing long term. Lenders are lending out to high credit quality and borrowing from low credit quality. Lenders are re-hypothecating collateral and investing in high-risk ventures. Over leverage. There was nothing new with the reasons for failure, but these issues are often hidden from the public during an over-exuberant market of skyrocketing prices. Until a crisis hits, and all becomes exposed. As Warren Buffett says, “When the tide goes out, we can see who is swimming naked.”
Risk mitigation by savvy crypto fund managers engaging in lending includes the following:
- Credit quality
- Collateral management; auto liquidation terms
- Collateral quality
- Credit quality of the borrowers of the lenders
- Long track records, e.g. since the beginning of defi 3-5 years ago
- Track record of no hacks
- Highest Total Value Locked (TVL)
- Good VC investor backing
- Tech team with good track record from other protocols
- Top management good track record from other protocols
- Top management which is open, transparent, accessible, communicative.
Stablecoins have grown from nothing in 2016 to well over $ 100 billion currently. The reason for the growth is simple. The lack of banks willing to serve crypto companies forces these companies to find an alternative to fiat currency. In 2016, most of the largest exchanges could not get a stable and reliable bank account so they turned to Tether as an alternative to USD. A consumer could convert their fiat to Tether and then move USDT quickly and efficiently to an exchange without a traditional bank. A user could retreat to USDT like he would retreat to cash during times of instability or go back to USDT and transfer to another exchange and eventually back to USD fiat.
Another reason for stablecoins is to avoid the high volatility of BTC or another crypto. Stablecoins are pegged to USD and are supposed to be stable. Some of the biggest stablecoins include:
- Terra Luna
- Maker DAO
- True USD
- Gemini Dollar
The biggest risk of stablecoins is the de-pegging of the coin from its $1.00 value. This could come about from the value of its collateral decreasing or the formula or algorithm setting the value below $1. This was the case with Terra Luna, an algorithmic stablecoin which failed. The algorithm worked only in a narrow band but failed at its extremes in May 2022.
The value of Tether has fluctuated based on speculation and rumors that the reserves backing Tether were not sufficient to back 100% of the stablecoins. For example, during 2017, Tether dipped well below its $1.00 peg to as low as $0.88 briefly on rumors that it had insufficient reserves. It also dipped to as low as $0.95 after the Terra Luna crisis in May 2022, again on rumors of insufficient reserves. Tether has been a controversial stable coin as top management of Tether has not been open and transparent about its reserves and has not disclosed audited financial statements or disclosed a complete financial picture of its reserves. On the other hand, it was required to disclose its financial statements to the NY Attorney General during an investigation, which resulted in a settlement of $18 m and Tether agreed to provide quarterly transparency reports to the NY AG. This provided some assurances to the market that Tether had satisfied one regulator concerning the adequacy of its reserves which backs the stablecoin. Since that time, Tether has remained true to its peg. Also, Tether has agreed to produce audits and attestations by a top 15 audit firm. Recently, Tether announced a switch from commercial paper to US Treasuries.
Tether’s primary competitor, Circle has been more open and transparent about its reserves backing its stablecoin called USDC. It has reserves consisting of cash and short-dated US government obligations held in custody by US Bank and BNY Mellon and managed by BlackRock and US Bankcorp. Its financial statements are audited by Grant Thornton.
Risk mitigation measures when dealing with stable coins include and same items as managing counterparty risks of the other types of counterparties, for example
- Monitoring carefully the “de-pegging ratio” or the value of the stable coin relative to its $1.00 peg
- Not having more exposure to a stablecoin that cannot be liquidated instantly during a crisis
- Diversification among stablecoins
- Use of stablecoins only when necessary and using USD or cash equivalents instead
- Having access to the top management of the issuer of the stablecoin for communications and expedited redemptions at the $1.00 value
- Deep understanding of the algorithm or formula specifying the value of the stablecoin; stress testing the algorithm in extreme circumstances
- Track record of maintaining value during crisis periods and stress tests
OTC desks are becoming more and more important in the crypto landscape as large players want to get access to liquidity, and investors outside of the exchanges. Some of the largest OTC desks include:
- Genesis, a subsidiary of DCG
- Cumberland, a subsidiary of DRW
- Falcon X
Despite being large and financially strong players, there are counterparty risks if any of the counterparties of the OTC desks default. For example, 3 Arrows Capital was a borrower of Genesis, which suffered a $1 b loss when its borrower defaulted. However, DCG, the parent company of Genesis, provided additional capital to Genesis to shore up its balance sheet.
Risk mitigation measures when dealing with OTC desks include and same items as managing counterparty risks of the other types of counterparties, for example”
- Working only with the largest and financially strong OTC desks
- Working with OTC desk with a track record of honoring all obligations with no defaults
- Diversification among OTC desks and other counterparties
- Top management which is open, transparent, accessible, communicative
In traditional finance, it’s business 101 to obtain and review the financial statements of your counterparties. However, in crypto, most companies are closely and privately held and thus financial statements are often not available. How do you conduct a credit analysis without this basic and fundamental analysis?
In many cases, the trading volumes and trading fees are public. The volumes may be inflated, but a good analyst can discount the figures to make a ballpark guestimate. From the financial statements of public companies, one can estimate industry gross margins, which range from 50 to 80%. Using this rough analysis, we consider companies with over $100 m of annual cash flow as “Tier 1” counterparties. Some have substantially greater cash flows. With this financial strength, the companies have the resources to invest in technology and people to protect customer assets. Further, they would have the financial resources to cover customer losses out of their own pockets. They have the motivation to keep customers happy in order to keep the business alive and well and continue to produce a healthy income stream.
There is a need for independent rating agencies, such as Moody’s or Standard & Poors which rate bonds for their credit quality, to evaluate crypto exchanges. This is not coming anytime soon, as the crypto companies are not public and their financial statements are not readily available. In the meantime, we have companies such as CryptoCompare which use public information to rate of central and decentralized exchanges. (https://www.cryptocompare.com/external/research/exchange-ranking/)
Some have inquired about insurance against hacks in the crypto space. It is our general experience that such hacking insurance is not common and where it is present, it is quite expensive, e.g. 5% per annum of assets covered. Policies are also quite limited and restricted as to the types of losses potentially covered. The most common type of insurance emerging are insurance to cover bugs in smart contract codes. Nexus Mutual is one example of an insurance company providing such coverage.
It is important to evaluate smart contracts and their underlying code for vulnerabilities. Most of the large defi protocols have had audits of their codes by experts and professionals in the space. But this is not sufficient. Some of the hacks have occurred on smart contracts which have been audited by the best auditing firms. It's important to be able to read the code in Solidity, the main programming language of smart contracts, and apply common sense judgement to the logic. It's analogous to reading the instruction manual before you operate your new device. It's also important to stick with the smart contracts with the longest track records against hacks and proven codes without bugs and flaws.
The crypto market is nascent and fast-growing. The good news is that it provides a constant source of new opportunities and new ways to make money. The bad news is that there are always new risks and new ways to lose money. When new emergencies surface, investors often say, “I never thought that would happen”. New risks are constantly emerging along with new profit opportunities. The biggest risk is the unknown. As Ben Edgington, a core Ethereum developer once said: “In crypto every day is drama, every week is an adventure.” To become a successful crypto investment manager, one has to be always on one’s toes and always vigilant. Investors should invest with a team who has stress-tested risk management and is capable of trading opportunistically and profiting in all market environments over long periods of time.
At Pythagoras, we have an 8-year track record of market neutral and arbitrage trading in the crypto markets, producing 17% net annualized returns with a Sharpe ratio of nearly 3.0. We have a battle-tested team which has survived and thrived over 3 crypto winters of 2014- 2016, 2018-2020 and 2022. We have profited handsomely during the crypto bull markets of 2017, 2021, and 2022. While dozens of our arbitrage strategies have gradually been arbbed out over time, the Pythagoras team has not been arbbed out but rather continuously pivoted, adapted and evolved with each paradigm shift in the crypto market.
Last Updated: Oct 1, 2022