DeFi 100 was an exit scam. The devs ended up taking the money and running.
There’s a couple important things to consider in DeFi when figuring out the relative risk of a protocol.
- Does a single person or a small group of people have the power to take all of the funds? These protocols are all code-driven, so the dev’s can only do what the code allows them to do. Most legitimate protocols have a “Security” section on their website that covers this. Some protocols are 100% trustless which means nobody can make any changes to the protocol or take funds, such as Uniswap. Some protocols use multisigs so that teams can make upgrades/fixes but it usually requires a group of 5-9 people to all sign off on the change. This helps decentralize some of the power and mitigate the risk of funds being stolen. There are some protocols where a single wallet has complete control over the protocol. That means a single person could unilaterally make changes to the protocol or steal users funds. This is obviously the most risky.
- A second factor is how long a protocol has been around. Typically these type of exit scams happen early on in a protocols life. Protocols that have been around for a long time, have an actual product that is actively used, and have build up trust with the community are safer, imo.
- Sometimes money isn’t lost via a scam, but rather poorly written code that is exploited. The majority of money lost is via exploits and not exit scams. Just like above, the longer a protocol has been running the less likely it is that it will be exploited since hackers would have likely already exploited it if they had found exploitable code.
In a nutshell, if someone wanted to either use or invest in a DeFi protocol it’s best to stick with protocols that 1) are either completely trustless or at least use a large multisig 2) have been around for a long time 3) have well known and trusted teams. Even then it’s not totally risk free, but the relative risk is significantly reduced.