that hackers are targeting the trendy DeFi sector to exploit infant projects in an unregulated industry. The study revealed that while hacks, thefts and frauds in the crypto space have declined in general, crimes in the DeFi sector have risen in 2020.
In the two years following the 2017 crypto boom, cryptocurrency exchanges were hackers’ primary victims. In 2020, skyrocketing investment and media hype around DeFi prompted cyber criminals to change their focus, moving into DeFi and resulting in more than a dozen incidents over the last few months.
So far this year, $100 million has been stolen from DeFi projects, with DeFi accounting for half of all hacks and thefts in the second half of the year. In 2019, the number of crimes in DeFi was ‘virtually negligible’, said the report.
The overall decline in crypto-related crimes reflect the mature stage that the market is reaching, boasting more structurally robust platforms. One sign of the crypto market’s increased standing is the flood of institutional investors entering the space. Tighter regulations on digital assets are also providing better security and protection for users.
On the other hand, DeFi as an industry is in its infancy, meaning that many projects are still vulnerable to hacks, as well as presenting security flaws due to unstable protocols.
DeFi Hacks in 2020
Some of the most relevant attacks have been the hack on SharkTron, a DeFi platform featuring liquidity mining on Tron, that wiped out $260 million of users’ assets, and the $25 million-hack of Lendf.me, a decentralised lending platform.
bZx, a DeFi project focused on margin trading and lending, has suffered no less than three attacks throughout 2020. In the two attacks that took place in February, hackers managed to steal almost a million dollars. The third breach in September, saw thieves pocket $8 million from assets in the platform. The culprits were eventually tracked down; bZx retrieved the funds and committed to enhance its security.
Concerns about DeFi security have already been expressed by voices in the crypto space. Brian Kerr, CEO of DeFi lending platform Kava Labs, told Cointelegraph he believed that Ethereum was not the best blockchain to build DeFi services on because its architecture would not be capable of addressing the security demands of the DeFi sector.
Clem Chambers, CEO of ADVFN and blockchain company Online Blockchain (OBC) believes that, in the same way that traditional banking became more resilient to robbers and hacks, the crypto space will follow suit in tightening its security.
“DeFi projects are more at risk because they are newer and less seasoned technology. Because of that, they are likely to have weaknesses and flaws that can be exploited,” he says.
“The increased risk in DeFi is one of the reasons that makes the opportunity for profit in DeFi so attractive, as is the case in projects that pay high interest due to risks,” says Chambers, mentioning BlockFi. “Always with investment, risk equals rewards.”
Chambers had previously said that “there is a fortune to be made in DeFi” but investors must be cautious about how to expose their assets in this market. The message for those venturing into DeFi is to be aware of the risks, research the best projects in the area and take a careful approach.
What aspects of DeFi projects need to be improved?
If we are to increase security in DeFi projects, vulnerabilities in the structure of smart contracts need to be addressed, along with introducing enhanced security mechanisms.
Jan Muyldermans, Co-founder of AntumID, a blockchain security platform, highlights it is important that “DeFi cannot make the same mistakes we’ve seen in crypto trading platforms.”
One of the main vulnerabilities in online platforms is lack of robust authentication methods: “Login with username and passwords is a bad thing. These projects need, at the minimum, a good two factor authentication.”
But, he warns about the lack of security in SMS authentication, like Microsoft recently urged users to avoid, suggesting replacing it with app-based authenticators and security keys that will be uniquely generated each time the user tries to log in, decreasing the chance of hacking.
A second point in security refers to identity checks and transparency: “Another important thing is identity verification. To meet the legislation of various countries, you will need to check the real identity of users. This needs to be a government-issued identity and should not be stored in a central server. This process has to be done in a very decentralised and transparent way.”
With these security checks in place, DeFi has the potential to challenge traditional players in finance: “If you have strong authentication and identity verification we can prove to the world that DeFi is the future because it is indeed secure. We can address the questions from banks that accuse crypto of not being safe. With the right tools and the right approach, crypto and DeFi can do a lot more than the banks can,” concluded Jan Muyldermans.
AntumID develops blockchain-powered security solutions for online multipurpose platforms to safeguard against cybercrime, hacking and frauds.
Check out previous Cassiopeia posts on DeFi projects
DeFi is an evolving concept. Let us know your questions about the topic. Contact us via social media or at firstname.lastname@example.org
Be sure to follow us on social media @cassiopeia_ltd to keep up with more news and updates in this exciting sector, and don’t forget to subscribe to our channel to hear about further upcoming interviews on FinancialFox.