The Bank for International Settlements (BIS) — an international organization aiming to support central banks’ pursuit of monetary and financial stability — has warned that decentralized finance (DeFi) poses risks and its “decentralization is an illusion.”

In a quarterly review released Monday, the BIS said non-bank financial intermediaries (NBFIs) are on the rise, and they can make the financial system more efficient but also more unstable.

Despite its potential, DeFi currently has few real-economy uses and for the most part, merely supports “speculation and arbitrage” for now, according to the BIS.

The BIS also said that regulatory challenges may appear insurmountable in the case of DeFi, which is designed to avoid central oversight and rulemaking. The organization’s experts found that DeFi’s decentralization is an illusion, and pivotal entities — typically, application developers — are ultimately in control.

“With appropriate adjustments to legal systems, these entities, as well as DeFi’s links with the traditional system, could become the natural entry points for the regulation that is needed to address money laundering and other abuses as well as to achieve financial stability goals,” the BIS wrote, adding that given DeFi’s characteristics, these efforts will require international coordination.

See related article: DeFi explained: The guide to decentralized finance

“No less importantly, DeFi will need to be properly regulated,” the BIS said. “Public authorities would need to interface with DeFi’s inherent governance structures, so as to ensure sufficient financial stability safeguards as well as to enhance trust by addressing investor protection issues and illegal activities.”

Notably, the BIS pointed out that the growth of DeFi poses financial stability concerns. One is leverage-driven procyclicality, which arises from changes in collateral value and fluctuations in the associated margins.

Another concern applies more specifically to one of DeFi’s main building blocks — stablecoins. “If the attendant risks are not well managed, stablecoins are prone to runs, which would compromise their ability to transfer funds within the DeFi ecosystem,” the BIS said.

See related article: What are stablecoins, and why are some governments so afraid of them?

To address the issues, the BIS suggested that established regulatory principles can serve as a compass, as the main challenges in DeFi resemble those in traditional finance.

“From a systemic perspective, policy measures should lead DeFi participants to internalize costs arising from the procyclicality of leverage,” the BIS said. “To address the run-risk in stablecoins and the associated possibility of wider contagion, policymakers can draw on precepts in bank regulation and supervision, on current initiatives in securities regulation about strengthening investment funds’ prudential framework, and on international risk management standards for payment infrastructures.”

The BIS went on to say that with suitable regulation to ensure safeguards and enhance trust, “DeFi could yet play an important role in the financial system.”

Indeed, there’s also DeFi’s vulnerability to huge hacks. The DeFi space has witnessed a number of hackers’ attacks over the past few months, with the Poly Network exploit being the most prominent.

In August, Poly Network suffered a US$600 million hack, though the hacker later returned the stolen assets. In the same month, Japanese crypto exchange Liquid suffered a loss of over US$90 million in an attack, which siphoned Bitcoin, Ethereum, Tron and XRP tokens from the exchange. Liquid obtained a US$120 million loan from fellow exchange FTX to cover losses.

In October, DeFi platform Cream Finance suffered a flash-loan attack and lost about US$130 million worth of tokens. Almost at the same time, DeFi trading platform BXH also suffered a US$139 million exploit.

Just last week, BadgerDAO, a decentralized autonomous organization (DAO) focused on bringing Bitcoin to DeFi, suffered an exploit that was estimated to result in losses of US$120 million.

DeFi protocol MonoX also saw an attack last week, causing a total loss of US$31 million.