DefiYieldCalculator.com
← back

Crypto Risk Management

This is part 1 of what will be a 2 part series on how to manage risk in crypto. Part 1 will focus on those risks that are specific to crypto speculation only, then part 2 will provide an introduction to portfolio management theory from our forefathers in tradfi.

How Do You Mitigate Risk in Crypto?

As we all know - crypto is the wild west. Even those with a more skeptical attitude are regularly surprised by the speed, viciousness and magnitude of the blowups which occur on a regular basis (both to the downside and to the upside). While we will look at some techniques for mitigating the downside risks associated with crypto speculation, the key thing to remember is this - no model or checklist can adequately capture all the risks associated with speculating on even just one particular cryptocurrency, let alone a whole basket of them.

If you learn one thing from this article, let it be this - that cryptocurrency speculation is a dangerous business, and while you may think you've covered everything, you must remember that there are always unknown unknowns!

Crypto Risk Management Factors

Before we even think about what cryptocurrency we might choose to buy (or not), we need to have a realistic idea of the risks associated with ALL cryptocurrencies.

Private Key Loss/Theft

This is a massive source of risk that is ever-present in crypto, unlike any other are of speculation. The one thing that every single person to ever lose or expose their private key has in common is that they didn't think it would happen to them. Reading this right now, you probably don't believe it could happen to you. But how sure are you of that really?

Crypto Opsec

If the computer you use to access your crypto stopped working and none of the data was recoverable, could you recover your crypto? Have you practiced for this outcome such that you are 100% sure? What if your hardware wallet suddenly gave up the ghost? YOU ARE AT LEAST USING A HARDWARE WALLET AREN'T YOU!?

What if someone got into your house while you weren't there and turned the place inside out looking for your seed phrase - are you 100% confident they COULDN'T find it?

If a criminal had identified you as having significant crypto holdings and came to your door with a wrench, would you be able to defend yourself and your holdings?

If a group of criminals engineered a coordinated social attack for you specifically, would you be able to identify and avoid bogus permission requests?

If the answer to any of these questions is less than an emphatic yes, don't even dream of putting any meaningful money into crypto. These are just the most obvious examples of how people are duped or forced into giving up the keys to the kingdom. For now your time is better spent educating yourself on basic opsec and your money is considerably safer in tradfi.

No one wants to hear this advice, as everyone in crypto has the feeling that they're late, and that they need to move fast to make up the ground they've lost on everyone else. You must be stronger than your monkey mind, hold yourself back and take the slow road - this is the only way to mitigate the risk of a bottom 0-10% outcome, where you lose every cent you ever put into any crypto.

Smart Contract Risk

This topic gets a lot of publicity, and rightly so given the number of high profile hacks that continue to occur on a monthly basis. While reputable smart contract audit companies do help identify and stop bugs before contracts hit production, unfortunately at this stage there is no such thing as a sure thing.

While the first wave of defi protocols (such as MakerDAO, Aave and Uniswap) have now been battle-tested over several years, nothing exactly qualifies as Lindy to the same extent as Bitcoin (allegedly) does.

Again, it is prudent to consider both known and unknown risks here - while your favourite project might been signed off by one or more of the top auditing firms, that can only provide partial assurances that the protocol will behave as expected. Every high-profile hack ever to have occurred came as a surprise to the token holders of the project. Remember - there are unscrupulous people in the world who would gladly fork a successful project, introduce some subtle, fatal flaw to the code, then execute a rug-pull and act surprised when the token crashes to zero.

Centralisation / 'Key Man' Risks

The Blockchain Scalability Trilemma posits that with 'simple' techniques, it is very hard to deliver a blockchain that is all three of:

  1. Scalable (high TPS, low cost)
  2. Secure (resistant to 51% attacks etc)
  3. Decentralised (not subject to the control of any one person/group/organisation)

This last property is also an important consideration when thinking about a specific token - wherever there is a single point of failure, there is risk with regards to the price of that token. The Andre Cronje debacle illustrated this to devastating effect for proponents of the Fantom Ecosystem earlier this year.

Unknown Unknowns

While I've listed all the crypto-specific risk factors I can think of here, I want to return to what I said at the start of the article - these risks discussed are known. We can take measures to minimise them, and that is of course the right thing to do. That said, minimising the risk is not the same as eliminating the risk.

Like probably all of you, I believe that my opsec is good enough that I can sleep soundly at night. But it could be better. Perhaps I could raise the probability I never expose my private keys to anyone who shouldn't have it from 99.9% to 99.95% if I researched the matter more thoroughly and gave it my best effort. What I know for sure though, is no matter how good a process you put in place, the number can never reach 100%.

Also... Did I mention there are unknown unknowns? Even if literally perfect opsec could exist, we generally only take care to defend ourselves from:

  1. Things we view as likely, a subset of..
  2. Things we view as possible, a subset of..
  3. Things we can imagine, a subset of..
  4. Things that could occur.

What this means in practise is that, while we can and should mitigate the risks associated with holding crypto, we cannot ignore the fact that a total, catastrophic loss is always possible. We should therefore only speculate with money we can afford to lose, and not let our enthusiasm for a new, better financial system blind us to the possibility that we should be one of those unfortunate enough to lose it all.

GL out there!

← back