Falling into All Three DeFi Traps at Once! Hacks, Bad Debt, and Liquidity Crises — A Million-Dollar Lesson 😭
GM,
I originally planned to skip publishing this week—honestly, my mood was terrible. But after thinking it through, since I’ve already paid what feels like a million-dollar tuition fee, I should at least share my firsthand experience of falling into a DeFi pit.
First, a quick reminder: if you currently have funds in any DeFi platform, I strongly suggest checking whether you can still withdraw them. Over the past two days, more than $200 million has vanished from the DeFi market—and the scale of losses is still growing.
It started when the well-known decentralized exchange Balancer V2 was hacked. Soon after, Stream Finance, a DeFi yield platform, suddenly announced $93 million in bad debt. At first, I thought it had nothing to do with me—I wasn’t a user of either Balancer or Stream Finance. But just two nights ago, when I tried to withdraw my stablecoins from a DeFi protocol to take shelter from the chaos, the screen showed that withdrawals were disabled. That’s when it hit me: I’d been caught in the mess too 😭
In this article, I’ll first explain where my funds were originally deposited, and then discuss the lessons I’ve learnedfrom this painful experience.
Runaway Funds
I’ve always considered myself a conservative investor in the crypto world. I stay away from high-risk trades and focus my energy on writing. Yet somehow, every once in a while, a portion of my funds decides to “run away from home.”
Let’s rewind to the FTX collapse in 2022. Back then, the assets I had on the exchange became stuck after the platform went bankrupt. Fortunately, the funds I had kept in my own wallet remained safe, which helped me survive that difficult period. Since then, I’ve made it a rule to self-custody as much as possible. I stake my ETH through Lido and deposit my U.S. dollar stablecoins into relatively simple lending protocols to earn yield.
This time, it was the latter that went wrong. I was using two DeFi yield services:
- Harvest Finance (yield aggregator)
- Euler Finance (lending platform)
While neither is the most famous DeFi protocol, it’s not as if I recklessly threw my money around. Harvest Finance once had Taiwanese developers contributing to the project, and I deposited USDC there. Euler Finance came recommended by the OKX Wallet, which was even offering a temporary rewards boost, so I placed USDT there. Everything seemed stable—yet now I can’t withdraw from either one 😂
Harvest Finance’s Autopilot vault automatically allocates funds across multiple lending platforms. It’s like handing your money to a fund manager: users pay a performance fee, and the manager continuously monitors where the highest yields are, reallocating funds in real time. This solves one of DeFi’s biggest headaches—constantly fluctuating interest ratesand occasional incentive campaigns that are impossible to keep up with manually. Leaving it to the Autopilot vault makes the process worry-free. The vault’s dashboard clearly shows how funds are distributed and where yields come from. The average annualized return hovered around 10%, which was modest but respectable.
Euler Finance was even simpler. I discovered it through a recommendation in the OKX Wallet, which not only integrated seamlessly with the platform but also had convenient deposit and withdrawal buttons built right in. On top of that, OKX had recently partnered with Euler to launch a subsidy campaign, offering yields of around 10%. Everything looked ordinary and safe—nothing that raised red flags. Yet now, the USDC and USDT I deposited in both of these applications are completely stuck. Why?
Bad Debt, Hacks, and Liquidity Crunch
Over the past two days, the DeFi world has been rocked by two massive “earthquakes,” which quickly triggered a market-wide tsunami.
First, the well-known decentralized exchange Balancer V2 was hacked, suffering losses of about $130 million. Shortly after, the DeFi yield platform Stream Finance abruptly announced $93 million in bad debt and immediately suspended redemptions for its yield-bearing stablecoin xUSD. At first, I thought I’d dodged both bullets and could finally breathe a sigh of relief—but I failed to realize that the risk had already begun to spread across the entire DeFi ecosystem.
One of DeFi’s defining features is its “composability”—like Lego blocks that can be stacked together. You can deposit stablecoins on Platform A to receive a deposit certificate, then use that certificate as collateral on Platform B to borrow other assets. The more layers you add, the more the underlying risk compounds. Once a single layer collapses, it can trigger a chain reaction—much like the subprime mortgage crisis that led to the financial meltdown years ago.
That’s exactly what’s happening now. Stream Finance’s xUSD, a yield-bearing stablecoin, promised that users could simply deposit U.S. dollars to mint xUSD and start earning yield. But few knew how Stream Finance was generating those returns, so most users avoided depositing directly. Since there was no direct interaction, it seemed safe to assume there was no exposure—right? Wrong.
Take Harvest Finance, for example, which I was using. Its Autopilot vault deposited my USDC into a lending market called Silo to generate yield. Silo, in turn, accepted xUSD as collateral from borrowers who took out my USDC. In other words, I was indirectly relying on the assumption that if a borrower defaulted, I could liquidate their xUSD collateral to recover my funds. But here’s the critical flaw—who guarantees that xUSD actually has value?
That’s where the domino fell. The day before yesterday, Stream Finance announced on social media that an “external manager” had informed them of $93 million in bad debt—in plain terms, the money was gone. Holders of xUSD suddenly couldn’t redeem it for U.S. dollars, and the value of xUSD collapsed overnight. But the worst part was still to come.
On Silo, the borrowers who had taken loans using xUSD as collateral now knew that their collateral was worthless—so naturally, they had no incentive to repay their loans. The bad debt then cascaded down the chain, ultimately hitting the people who had deposited funds into Silo to earn interest — people like me. The irony is that this group of users was the farthest from the epicenter, least aggressive in chasing high yields, and in many cases, had never even heard of Stream Finance. They were the innocent — or perhaps ignorant — bystanders who ended up footing the bill.
I originally thought I was just a Harvest Finance user. In reality, I was exposed to three layers of risk:
- Harvest Finance’s smart contract code
- Silo Finance’s collateral assets
- Stream Finance’s financial health
Harvest deposited my funds into Silo to generate yield, making me an indirect user of Silo. And since Silo accepted xUSD as collateral, I was implicitly trusting that Stream Finance would remain solvent. The returns from this setup weren’t particularly high—but the risks turned out to be enormous.
The Balancer situation followed a similar pattern. Regardless of how the hack happened, any lending protocol that accepted Balancer V2 tokens as collateral became contaminated by the exploit. Once the collateral’s value plummeted to zero, the ones left holding the bag were the lenders—those at the very end of the chain who had simply deposited funds to “earn interest.” As users rushed to withdraw whatever funds remained in the pools—while borrowers had no reason to repay—the system fell into a liquidity crunch. Lenders tried to withdraw their money, only to discover there was none left to withdraw.
A Million-Dollar Lesson
What can we learn from this incident? I’ve summarized it into three key takeaways.
The Two Sides of Composability
DeFi risk naturally spills over. The farther you are from the source, the safer you seem—but not necessarily the safer you are.
I wasn’t a user of Stream Finance, and before this incident, I had never even heard of the platform. Yet because DeFi assets are stacked layer upon layer, my funds unknowingly ended up at the tail end of the system—right where the bad debt landed. I thought I was miles away from the epicenter, but the truth is that financial systems are inherently interconnected. Without proper risk isolation in product design or regulation, any single failure can ripple outward to the ends of the earth.
Collateral Is the Core of Lending
When I used to participate in DeFi lending, I only looked at things like APY, platform reputation, and total value locked. For example, Aave and Morpho are both well-known lending protocols with substantial capital parked on them. But focusing only on those factors can still lead you straight into a pitfall.
Protocols like Morpho, or the ones I got burned by—Silo and Euler—don’t have a unified collateral standard across the entire platform. Instead, each lending pool or sub-market can decide for itself what assets it will accept as collateral. The upside is risk segregation, but the downside is that uninformed users can easily step on landmines. When choosing a lending market, APY determines how much yield you might earn, but collateral determines whether you’ll still have your principal.
Experience Is Bought with Money
Last week, I was invited by Taiwan’s Financial Supervisory Commission to give a talk on DeFi. I didn’t expect that just a week later, I’d be paying an expensive tuition fee to learn a real-world lesson of my own.
Losing money is, of course, frustrating—especially when the amount equals several years of income. But looking at it differently, maybe this is exactly why I’m qualified to stand on stage and share these experiences. Over the past few years, I’ve paid millions in “tuition” to the market for various reasons. But instead of quitting, I’ve chosen to turn those lessons into something valuable—to earn my tuition back through insight and experience.
Since tuition is inevitable, and schools haven’t started teaching these lessons yet, the market is the best teacher. Sometimes, though, I really wish I could tell my teacher: “Could the tuition fee be just a little cheaper next time?”
