Fatskills
Practice. Master. Repeat.
Study Guide: CAIA Level II Study Guide: Emerging Topics — Digital Assets: Bitcoin, Web 3.0, and DeFi
Source: https://www.fatskills.com/caia/chapter/caia-level-ii-study-guide-emerging-topics-digital-assets-bitcoin-web-30-and-defi

CAIA Level II Study Guide: Emerging Topics — Digital Assets: Bitcoin, Web 3.0, and DeFi

By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.

⏱️ ~8 min read

CAIA Level II Study Guide: Emerging Topics — Digital Assets: Bitcoin, Web 3.0, and DeFi


What Is It?

  1. What is this topic?
    Digital assets (Bitcoin, Ethereum), Web 3.0 (decentralized internet), and DeFi (decentralized finance) represent blockchain-based innovations disrupting traditional finance, governance, and digital infrastructure.

  2. How is it tested, applied, or used?
    CAIA tests valuation frameworks, risk factors, regulatory challenges, and portfolio integration. Real-world use includes asset tokenization, smart contracts, and decentralized trading.


Why Does the Exam Ask This?

CAIA assesses whether candidates can: - Evaluate digital asset risks (volatility, custody, smart contract failures). - Apply traditional finance concepts (discounted cash flow, portfolio theory) to decentralized systems. - Interpret regulatory and compliance implications (SEC vs. CFTC jurisdiction, AML/KYC in DeFi). - Assess operational risks (oracles, governance attacks, bridge hacks). - Compare digital assets to traditional alternatives (commodities, equities, hedge funds).


What Do I Need to Know First?

  1. Blockchain basics (distributed ledger, consensus mechanisms, public vs. private chains).
  2. Traditional portfolio theory (Sharpe ratio, diversification, risk-adjusted returns).
  3. Regulatory frameworks (Howey Test, SEC vs. CFTC roles, FATF Travel Rule).
  4. Smart contract fundamentals (immutability, gas fees, code vulnerabilities).
  5. Basic cryptography (public/private keys, hashing, digital signatures).

Topic Snapshot

Digital assets are a Level II focus because CAIA treats them as an alternative investment class requiring specialized due diligence. Unlike traditional assets, they introduce new risk dimensions (technological, regulatory, liquidity) and novel valuation challenges (no cash flows, network effects). The exam tests practical integration into portfolios, compliance awareness, and risk management in decentralized systems.


Exam / Job / Audit Weighting

  • Frequency: ~10-15% of Level II (growing trend).
  • Difficulty Rating: Intermediate (conceptual + applied).
  • Question Type:
  • MCQs (definitions, risk factors, regulatory distinctions).
  • Short-answer (compare DeFi to TradFi, explain smart contract risks).
  • Case studies (portfolio allocation, audit findings, regulatory breaches).
  • Calculations (tokenomics, staking yields, impermanent loss).

Difficulty Level

Intermediate


Must-Know Rules, Formulas, Standards, or Principles

  1. Token Valuation Framework (Metcalfe’s Law + Stock-to-Flow)
  2. Metcalfe’s Law: Value ∝ N² (N = active users).
  3. Stock-to-Flow (S2F): Value ∝ Scarcity (e.g., Bitcoin’s halving cycles).
  4. Limitation: Both models are backward-looking and ignore regulatory shocks.

  5. DeFi Risk Triad (Smart Contract + Oracle + Governance Risks)

  6. Smart contract risk: Code exploits (e.g., reentrancy attacks).
  7. Oracle risk: Manipulated price feeds (e.g., flash loan attacks).
  8. Governance risk: 51% attacks, whale dominance (e.g., MakerDAO’s USDC dependency).

  9. Regulatory Bright Lines (SEC vs. CFTC Jurisdiction)

  10. SEC: Tokens = securities if they pass the Howey Test (investment contract + expectation of profit from others’ efforts).
  11. CFTC: Tokens = commodities if used for utility (e.g., Ethereum gas fees) or hedging.
  12. Exception: Stablecoins (e.g., USDC) may be securities if yield-bearing.

Misconceptions

  1. "Bitcoin is anonymous."
  2. Reality: Bitcoin is pseudonymous; transactions are traceable via blockchain forensics (e.g., Chainalysis).

  3. "DeFi is unregulated."

  4. Reality: DeFi faces indirect regulation (e.g., FATF’s Travel Rule, OFAC sanctions on Tornado Cash).

  5. "Smart contracts are legally binding."

  6. Reality: Enforceability depends on jurisdiction (e.g., Wyoming recognizes DAO LLCs; most countries don’t).

  7. "Staking yields are risk-free."

  8. Reality: Risks include slashing (validator penalties), protocol hacks, and regulatory crackdowns (e.g., SEC vs. Kraken staking).

  9. "Web 3.0 = Metaverse."

  10. Reality: Web 3.0 is decentralized infrastructure (blockchain, DAOs); the Metaverse is a user experience layer (VR, gaming).

Common Mistakes

  1. Ignoring custody risks (e.g., assuming cold storage is 100% safe—see FTX’s "custody illusion").
  2. Overlooking impermanent loss in liquidity pools (e.g., providing ETH/USDC liquidity during ETH’s 50% rally).
  3. Misclassifying tokens (e.g., calling all utility tokens "commodities" without applying the Howey Test).
  4. Assuming DeFi is "trustless" (e.g., relying on unaudited oracles or admin keys).
  5. Valuing tokens like equities (e.g., applying P/E ratios to Bitcoin, which has no earnings).

The Common Trap

Assuming digital assets are "uncorrelated" with traditional markets. - Trap: During macro shocks (e.g., COVID-19, 2022 rate hikes), Bitcoin and DeFi tokens correlate with risk assets (e.g., NASDAQ, high-yield bonds). - Why it happens: Learners focus on narrative ("digital gold") over empirical data. - Fix: Always check rolling 90-day correlations (e.g., BTC vs. S&P 500) before claiming diversification benefits.


Terms to Remember

  1. Layer 1 (L1): Base blockchain (e.g., Bitcoin, Ethereum).
  2. Layer 2 (L2): Scaling solutions (e.g., Arbitrum, Optimism) that process transactions off-chain.
  3. TVL (Total Value Locked): Sum of assets deposited in DeFi protocols (proxy for adoption).
  4. MEV (Maximal Extractable Value): Profit extracted by miners/validators via transaction reordering (e.g., front-running).
  5. DAO (Decentralized Autonomous Organization): Governance structure where token holders vote on protocol changes.

Step-by-Step Process

1. Analyzing a Digital Asset for Portfolio Inclusion

  1. Classify the asset (security/commodity/utility? Apply Howey Test).
  2. Assess custody (self-custody vs. third-party; cold/hot wallet risks).
  3. Evaluate liquidity (24h volume, order book depth, slippage).
  4. Model risks (volatility, smart contract audits, regulatory exposure).
  5. Compare to benchmarks (e.g., Bitcoin vs. gold; DeFi vs. hedge funds).
  6. Stress-test (macro shocks, exchange hacks, regulatory bans).

2. Auditing a DeFi Protocol

  1. Review smart contracts (audit reports, bug bounties, upgradeability).
  2. Check oracles (data sources, manipulation resistance, decentralization).
  3. Assess governance (voting power concentration, admin keys, DAO proposals).
  4. Test for MEV (front-running, sandwich attacks, flash loan risks).
  5. Verify compliance (KYC/AML, OFAC sanctions, jurisdiction-specific rules).

Exam Answer Builder

1-Mark Question (Definition/Recall)

  • What it tests: Key term recall.
  • Example: "Which of the following best describes a ‘flash loan’ in DeFi?"
  • A) A loan collateralized by NFTs
  • B) A loan repaid within the same transaction block
  • C) A loan issued by a DAO
  • D) A loan with a fixed 1-year term
  • Key Tip: Flash loans are uncollateralized and must be repaid in the same block (used for arbitrage/attacks).

Correct Answer: B


3-Mark Question (Application)

  • What it tests: Risk assessment.
  • Example: "A hedge fund is considering allocating 5% to Ethereum. Identify three key risks and explain how the fund could mitigate each."
  • Key Tip:
  • Smart contract risk → Use audited protocols (e.g., Aave, Compound).
  • Regulatory risk → Avoid yield-bearing tokens (e.g., stETH) if SEC scrutiny is high.
  • Liquidity risk → Limit position size to avoid slippage during sell-offs.

5-Mark Question (Case Study)

  • What it tests: Portfolio integration + compliance.
  • Example: "A family office wants to add Bitcoin to its 60/40 portfolio. The CIO is concerned about volatility and custody. Propose a risk-managed allocation strategy and justify your approach."
  • Key Tip:
  • Allocation: 1-3% (avoid concentration risk).
  • Custody: Multi-sig cold storage (e.g., Ledger + Fireblocks).
  • Hedging: Use Bitcoin futures (CME) or options (Deribit) to cap downside.
  • Compliance: Document AML/KYC for on/off-ramps (e.g., Coinbase Prime).
  • Benchmark: Compare to Bitcoin’s Sharpe ratio vs. gold/equities.

Multi-Step Calculation (Tokenomics)

  • What it tests: Valuation + economics.
  • Example: *"A new DeFi protocol has a native token with the following parameters:
  • Total supply: 100M tokens
  • Circulating supply: 20M tokens
  • Annual inflation: 5%
  • Staking yield: 12%
  • TVL: $500M Calculate the fully diluted valuation (FDV) and assess whether the staking yield is sustainable."*
  • Key Tip:
  • FDV = Price × Total Supply (e.g., if price = $10, FDV = $1B).
  • Sustainability check: Compare staking yield to protocol revenue (e.g., if revenue = $10M/year, 12% yield on $200M staked = $24M → unsustainable).

This vs That

Bitcoin Ethereum
Purpose: Digital gold, store of value. Purpose: Smart contracts, DeFi, Web 3.0.
Consensus: Proof-of-Work (PoW). Consensus: Proof-of-Stake (PoS) (post-Merge).
Monetary Policy: Fixed supply (21M BTC). Monetary Policy: Inflationary (issuance adjusts to staking demand).
Regulatory View: Commodity (CFTC). Regulatory View: Commodity (CFTC) but SEC may treat ETH as a security in some cases.
Risk: 51% attacks (theoretical), custody. Risk: Smart contract bugs, MEV, governance attacks.

Time-Saver Hack

Use the "3-2-1 Rule" to quickly assess a DeFi protocol: 1. 3 Risks: Smart contract, oracle, governance. 2. 2 Metrics: TVL (growth/decline), audit history (e.g., CertiK, OpenZeppelin). 3. 1 Question: "Who controls the admin keys?" (If centralized, it’s not truly DeFi).


Mini Scenarios

1. Basic Scenario

Context: A client asks, "Should I buy Bitcoin or Ethereum for long-term holding?" - What to notice: Purpose (store of value vs. utility), regulatory risk (SEC scrutiny on ETH), and inflation (BTC’s fixed supply vs. ETH’s dynamic issuance).

2. Applied Scenario

Context: A DeFi protocol’s TVL drops 30% in a week after a hack. The team proposes a governance vote to "socialize losses" by minting new tokens. - What to notice: Governance risk (whale control), smart contract risk (audit failure), and regulatory risk (SEC may view this as a security violation).

3. Tricky Scenario

Context: A fund holds 10% in a "yield-bearing" stablecoin (e.g., USDC staked in Aave). The SEC sues the issuer for selling unregistered securities. - What to notice: Regulatory arbitrage (DeFi vs. TradFi), custody risk (who holds the private keys?), and counterparty risk (Aave’s reliance on USDC).


Diagnostic MCQ Bank

Easy

Question: Which of the following is not a characteristic of Bitcoin? A) Fixed supply of 21 million coins B) Proof-of-Stake consensus mechanism C) Decentralized ledger D) Pseudonymous transactions Correct Answer: B Explanation: Bitcoin uses Proof-of-Work (PoW), not PoS. PoS is used by Ethereum post-Merge. Trap Option: A (Bitcoin’s fixed supply is a key feature, but PoS is the correct exclusion).


Medium

Question: A DeFi protocol offers 20% APY on staked tokens. Which risk is most likely to explain this high yield? A) Low TVL and illiquidity B) Overcollateralization by borrowers C) Centralized admin keys D) Regulatory approval in multiple jurisdictions Correct Answer: A Explanation: High yields often compensate for low liquidity (small TVL = higher risk of impermanent loss or rug pulls). Trap Option: C (centralized keys are a risk but don’t directly explain high yields).


Hard

Question: A hedge fund wants to add a privacy-focused digital asset to its portfolio. Which of the following is the least compliant option under FATF’s Travel Rule? A) Monero (XMR) B) Zcash (ZEC) with shielded transactions C) Bitcoin (BTC) with CoinJoin D) USDC (regulated stablecoin) Correct Answer: A Explanation: Monero is untraceable, making it non-compliant with FATF’s Travel Rule (requires sender/recipient info). Zcash’s shielded transactions can be audited; CoinJoin is traceable. Trap Option: B (Zcash’s shielded transactions are controversial but not outright banned like Monero).


Real-World Patterns

  1. Audit Findings:
  2. Smart contract bugs (e.g., Poly Network $600M hack due to a single line of code).
  3. Oracle manipulation (e.g., bZx flash loan attacks).
  4. Governance attacks (e.g., Beanstalk’s $182M exploit via governance vote).

  5. Portfolio Integration:

  6. Institutional adoption (e.g., BlackRock’s Bitcoin ETF, MicroStrategy’s BTC treasury).
  7. DeFi yield strategies (e.g., staking, liquidity mining, delta-neutral farming).

  8. Regulatory Actions:

  9. SEC vs. Ripple (XRP as a security).
  10. OFAC sanctions on Tornado Cash (DeFi mixer).
  11. MiCA (EU) framework (licensing for crypto firms).

30-Second Cheat Sheet

  1. Bitcoin = digital gold (store of value, PoW, fixed supply).
  2. Ethereum = smart contract platform (PoS, DeFi hub, regulatory gray area).
  3. DeFi risks: Smart contracts, oracles, governance, MEV.
  4. Regulatory bright line: Howey Test (SEC) vs. utility (CFTC).
  5. Valuation: Metcalfe’s Law (network effects) + Stock-to-Flow (scarcity).

Related Concepts

  1. Tokenization of Real Assets (e.g.,


ADVERTISEMENT