The perfect storm: DeFi hacks will advance the crypto sector moving forward

Published at: Aug. 17, 2021

The rise of decentralized finance, or DeFi, could be paving the way toward a fully decentralized financial ecosystem. Yet, given the innovative nature of DeFi, the sector remains in constant development and is therefore prone to a number of vulnerabilities. 

Unsurprisingly, one of the biggest challenges currently facing the DeFi sector is security threats. This has become apparent as more DeFi hacks continue to wreak havoc across the crypto community. Most recently, the largest DeFi hack within the crypto industry took place. The Poly Network hack resulted in over $600 million dollars removed, and then returned, from Binance Chain, Ethereum and the Polygon Network.

To further put this in perspective, crypto intelligence firm CipherTrace revealed in their latest “Cryptocurrency Crime and Anti-Money Laundering” report that DeFi hacks totaled $361 million by July 2021, accounting for three-quarters of the total hack volume of the entire crypto industry for this year. This represents a 2.7 times increase from 2020. Moreover, DeFi-related fraud accounted for 54% of major crypto fraud volume at the time CipherTrace’s report was published. This is considerably higher compared to last year’s total, which was only 3%.

DeFi hacks necessary to help sector mature

While unfortunate, some in the crypto industry believe that DeFi-related crime will actually advance decentralized finance moving forward.

For instance, chief financial analyst of CipherTrace John Jefferies told Cointelegraph that the recent hacks and fraud will help DeFi in the short term: “If an anonymous hacker can steal millions of dollars from unnamable victims, then it’s clear this sector needs more effective security controls."

Specifically speaking, Jefferies explained that DeFi crimes will spark an acceleration of Know Your Customer, or KYC, legislation in respect to decentralized exchanges, or DEXs. This is extremely important to regulators given the fact that DeFi protocols are accessible without KYC processes.

A recent report from Merkle Science — a predictive risk and intelligence platform — elaborates on the dangers of no KYC, noting, “anyone sitting in any country may access DeFi protocols without the need to go through KYC — unintentionally providing bad actors access to financial services for illicit activity.” The report further states that “the lack of KYC also means that users often need to over-collateralize to access services such as loans.”

Given the “decentralized” nature of DeFi, KYC and Anti-Money Laundering (AML), regulations are not enabled. Unlike centralized exchanges (CEXs), DeFi protocols aspire to create an alternative to traditional financial systems by replacing intermediaries with smart contracts, or self-sufficient code embedded in blockchain networks. As such, DEXs do not have ownership over users’ funds at any point, potentially eliminating the need for KYC or AML.

Although this is the case, some would argue that DeFi protocols are not actually decentralized. Lior Lamesh, co-Founder and CEO of GK8 — a cybersecurity company — told Cointelegraph that although DeFi is supposed to be decentralized, it’s not because the smart contract owner (the individual who uploaded the DeFi protocol to the blockchain) has control over the network. According to Lamesh, this creates even bigger security issues: “By compromising the smart contract owner's private key, the whole economy of the protocol can be destroyed right away. It is worse than hacking a single DeFi user, as this means hacking all DeFi users at once.”

Jefferies further stated that most DEXs are only decentralized in name, pointing out that many are centralized in nature. He believes this will facilitate the eventual cleanup of DEXs with KYC and AML policies:

“I believe regulators are supportive of DeFi and the goals of DeFi and the ability to have this new programmable money created with code. There are lots of people in the U.S Government that see DeFi as true innovation and I hope the industry gets to a point where we have the on and off ramps cleaned up so DeFi can thrive.”

However, this may be easier said than done. According to DappRadar, the total value locked in DeFi over the past year exceeds $108 billion. The rise of DeFi is forcing regulatory bodies to implement guidance against money laundering, terrorism financing and other illicit activity. The best example of this can be seen in the latest Financial Action Task Force, or FATF, updated guidance for virtual assets and virtual asset service providers (VASPs).

Yet, Merkle Science’s latest report notes that the way in which DeFi platforms are structured, making it improbable for these ecosystems to identify intermediaries who would be responsible for AML and KYC compliance. The document further states that the challenges faced by centralized VASPs in regards to the updated Travel Rule will be even more difficult for the DeFi ecosystem to comply with since this guidance wasn’t created with DeFi in mind. Jefferies explained that the FATF has been discussing ways of classifying DEXs as VASPs, but this consultation will not be finalized until October this year, so the Travel Rule may or may not apply to DEXs.

Given the long-term challenges related to implementing DeFi regulations, others in the industry believe that the rise of DeFi hacks will serve as an immediate wake-up call for better security protocols.

Mitchell Amador, CEO and founder of Immunefi — a bug bounty platform for DeFi protocols — told Cointelegraph that regulations will have no impact on the future of DeFi. Rather, better security procedures will be necessary for reducing DeFi-related crime. “You will still see hacks occur, but these will become much more difficult,” Amador said.

According to Amador, the latest Poly Network hack demonstrates that DeFi is still a new and experimental technology, one that comes with great risks in managing financial assets. As such, Amador noted that it shouldn’t come as a surprise that there are bugs in the smart contract's code, yet, these vulnerabilities must be prevented moving forward:

“One key lesson here is that bug bounties are a must-have, otherwise hackers will continue hacking into these systems. We saw that the Poly Network hacker gave the stolen funds back, but why wasn’t there an incentive for him in the first place?”

Amador added that the DeFi hacks happening now are stimulating for security: “The number of people finding vulnerabilities in code is increasing and new security projects are developing. This is really the silver lining here. I’m optimistic that crypto and DeFi will be much safer in 12 months from now.”

DeFi must slow down development cycles?

While DeFi hacks may be impossible to prevent, it’s clear that these vulnerabilities will result in a stronger crypto ecosystem moving forward. This may come in the form of better regulations, tighter security protocols, or both.

In the meantime, Amador believes that one thing is certain — DeFi builders must slow down development cycles: “Code bases are nascent or not well reviewed and therefore rushed to market." As a result, he believes there is very little time for DeFi projects to run tests, get code reviewed or even think like an actual hacker: “Once we slow down development cycles to review code, we should see a dramatic drop in hacks, especially in new protocols.”

A lack of regulation, developing security audit processes and speed of innovation are challenges that the DeFi space must overcome moving forward. In particular, the speed of innovation is important since the DeFi space is still maturing and the risks associated with these protocols must be accessed carefully. 

While these factors must be taken into serious consideration, Amador pointed out that the fast-paced nature of the cryptocurrency sector may create challenges when it comes to slowing down development: “Crypto moves so fast, so I’m not sure how realistic this is. But if you have a great team, you can oftentimes resist pressure and take time to build things correctly. This will ultimately save time with security hassles down the road.”

Tags
Related Posts
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022
Ethereum advances with standards for smart contract security audits
The Ethereum ecosystem continues to witness a flurry of activity that has individuals and organizations deploying token contracts, adding liquidity to pools and deploying smart contracts to support a wide range of business models. While notable, this growth has also been riddled with security exploits, leaving decentralized finance (DeFi) protocols vulnerable to hacks and scams. For instance, recent findings from crypto intelligence firm Chainalysis show that crypto-related hacks have increased by 58.3% from the beginning of the year through July 2022. The report further notes that $1.9 billion has been lost to hacks during this timeframe — a figure that …
Adoption / Aug. 22, 2022
Poly Network hacker appears ready to return stolen funds
Following a massive $600-million exploit of cross-chain protocol Poly Network, the Poly Network hacker has claimed his willingness to return the stolen cryptocurrency funds. At about 4:00 am UTC on Wednesday, the hacker sent an Ethereum transaction to themselves, stating that they were “ready to return the fund” in an embedded transaction message. In a subsequent message, the hacker asked for a multisig wallet address to return the funds to Poly Network. “Failed to contact the poly. I need a secured multisig wallet from you,” the hacker noted. Poly Network’s Twitter account posted an update on Wednesday, providing three separate …
Decentralization / Aug. 11, 2021
The radical need for updating blockchain security protocols
Decentralized finance (DeFi) is here to stay with over $100 billion in total value locked (TVL), highlighting the evidence of faith in these new financial tools. This investment will continue to increase, but it appears that with each new record in TVL, there is another network attack being reported with astronomical losses. Crypto crime dropped 57% in 2020, but DeFi hacks surged, costing companies and investors billions of U.S. dollars. In March alone, there were several attacks within just a five-day period, with Paid Network losing $180 million. Later in May, PancakeBunny lost more than $200 million in a flash …
Decentralization / June 25, 2021
What DeFi needs to do next to keep institutional players interested
The last few months’ frenzy of institutional money flowing into Bitcoin (BTC) has seen crypto hitting the headlines — at the least as a novelty asset, at the most as a must-have. There is undoubtedly a trend in the market toward greater awareness and acceptance of digital assets as a new investable asset class. A June 2020 report by Fidelity Digital Assets found that 80% of institutions in the United States and Europe have at least an interest in investing in crypto, while more than a third have already invested in some form of digital asset, with Bitcoin being the …
Decentralization / Feb. 27, 2021