Tokenomics is a crypto-native term that refers to the creation, management, and interaction of tokens with holders and their respective ecosystems. It is complex and interdisciplinary, combining elements of economics, finance, and many other fields, with significant variations among different token mechanisms based on the unique characteristics of each ecosystem.
Typically, the tokenomics models in Web3 include the following elements:
Token Issuance: The total supply of tokens and the mechanism for their creation (e.g. mining, staking, or a token sale).
Token Use Cases: The purpose of the token (e.g. payment, voting, authentication).
Token Distribution: How tokens are distributed among participants (e.g. allocation to the founding team, early investors, and community).
Token Incentives: The way tokens are used to incentivize desired behavior (e.g. staking, voting).
The risks related to the design of the tokenomics model are usually not covered in security audits. Once these risks materialize, they can result in unexpected financial losses, as observed in the recent collapse of numerous projects due to tokenomics design flaws or inadequate risk management. The cumulative losses from these failures are estimated to be an amount in billions of dollars.
In 2022, CertiK conducted investigations into several prominent tokenomics-related incidents, including Terra, Celsius Network, Beanstalk, Fortress, Axie Infinity, Solend, and Babylon Finance. These widely reported incidents have caused over $790 million in direct asset losses and have affected billions of dollars worth of other assets. There are numerous less-known projects that have suffered losses or gone bankrupt as a result.
There are three distinct categories of risk:
The risk associated with the model structure originates from the project's design. The tokenomics model is arguably one of the most important aspects of any blockchain project. Inadequate preparation for these risks can lead to significant problems that can endanger the long-term viability of the project. The following table outlines several examples of projects that failed due to issues related to the model structure.
Terra's ecosystem, which included LUNA – the reserve asset backing the UST stablecoin –, was unable to maintain the UST-dollar peg.
UST relied on arbitrageurs to maintain its peg to the US dollar
Terra, the issuer of the stablecoin UST, collapsed in May of 2022 due to spiraling losses related to its token design. The value of the UST stablecoin was pegged to the US dollar. It relied on the minting and burning of collateral token LUNA (through the central platform Terra Station) to adjust its value in the case of deviations. There was an overreliance on arbitrageurs to maintain the peg of the stablecoin UST to the US dollar.
The sharp price drop of UST depegging from its $1 peg (which arbitrageurs could not correct) induced widespread panic in the market and caused the project, originally valued at $60 billion, to lose nearly all value in a matter of days. The prices of both LUNA and UST eventually dropped by more than 99%. Risk analysis and stress testing related to the risk of depegging and the behavior of stakeholders such as arbitrageurs could have helped to prepare for the risk of the inevitable event.
Unsustainable rewards offered to users without consideration of adverse market conditions.
Celsius users were offered high yields of up to 17% APY
Celsius Network was a decentralized lending and borrowing platform that allowed users to earn returns on their crypto assets. In June 2022, Celsius Network filed for bankruptcy and impacted more than 600,000 accounts that held assets valued at $4.2 billion. The collapse of Terra played a role in the platform's failure, but another root cause was the unsustainable staking rewards offered by the platform. Under extreme market conditions, the project was unable to maintain the excessive rewards passed down to the users, highlighting the importance of proper risk parameter management for the long-term success of the project.
The attacker was able to manipulate the governance mechanism.
Beanstalk proposal to migrate user balances to recover network after hack
Beanstalk is a permissionless fiat stablecoin protocol that uses credit rather than collateral to issue its native stablecoin. An attacker took advantage of a flash loan to amplify their governance power, passing a malicious proposal and ultimately draining $182 million from the protocol. An attack of a similar nature took place on another decentralized lending and stablecoin platform named Fortress. By manipulating the price of its governance token, the attacker successfully passed a malicious proposal, draining approximately $3 million from the Fortress protocol. These exploits reveal that vulnerabilities in governance models are often overlooked.
External factors, which are beyond the control of the project team or community, may also pose risks to the project. Being aware of potential risks and monitoring changes in the environment can provide the necessary flexibility to respond effectively to unexpected events and take appropriate action. Babylon Finance is a project that was impacted by such unexpected external factors.
Significant loss of value as a result of the Rari/FEI hack.
Babylon’s founder addresses the impact of Rari hack on his project
Babylon Finance suffered a loss of $3.4 million and shut down in September 2022 due to a chain reaction caused by a dependency issue known as the Rari/FEI hack. Following the hack, user withdrawals led to a drop in over 75% of the project’s total value locked (TVL). Its $10 million lending market on the Fuse pools of Rari was lost since the value of its native token BABL lost so much value that it could no longer be used as collateral. The failure of projects like Babylon is not due to internal issues but rather to reliance on external platforms that fail. By monitoring and analyzing external accounts and markets, projects can make timely responses and judgments to such risks.
Participant behavior risks refer to the potential for the actions of key players or the behaviors of key components in the ecosystem to negatively impact the demand and value of a cryptocurrency or token. By understanding how different scenarios impact the behavior of different components of a project, the team can be better prepared for potential challenges and mitigate the risk of negative behaviors. The following are projects that suffered losses that could have been limited and reduced with better management and observation of users and components within the ecosystem.
Lack of proper monitoring and management of token offerings in low liquidity isolated pools.
The attacker manipulated isolated pools which are low liquidity and high-risk sandboxes
Solend is a lending project that leverages the scalability of the Solana platform for delivering innovative financial solutions. The Solend incident on November 2, 2022 occurred when an attacker manipulated the price of stablecoin USDH on a particular liquidity pool that was mainly used for the USDH price feed. The attacker was able to inflate the price of USDH from $1 to $8, whereby the attacker was able to borrow other tokens in multiple isolated pools using USDH as collateral. The exploit resulted in a loss of around 41,000 SOL ($1.26 million). Although part of the issue was the price oracle’s reliance on a low-relevance liquidity pool, the fact that USDH was present in numerous isolated pools was a major contributing factor in the exploit. Proper monitoring and management of tokens in various liquidity pools would have alerted the team of such vulnerabilities and could have helped to reduce the profitability of such attacks.
2022 saw a number of significant incidents related to tokenomics, highlighting the need for improved risk management practices within the market. While security audits are undoubtedly critical, these events serve as a powerful reminder of the importance of tokenomics analysis and that risk management cannot be overstated in today's rapidly growing and evolving crypto market. As we look ahead to the future, it's clear that tokenomics will continue to play a vital role in shaping the direction of the crypto industry. The community must remain engaged and committed to working together to build a better future for all.
Please stay tuned for our future blog posts, where we explore how tokenomics analysis and responsible risk management can help build a more secure and stable environment for all participants.