According to Chainalysis research in May, DeFi protocols are the chief targets of cryptocurrency hacks in 2022. The research reveals that DeFi has increasingly experienced attacks since 2020, exponentially growing from last year’s figure of $1.55 billion and less than $500 million in 2020.
Malicious attackers are having a field time attacking Decentralized finance (DeFi) because it is mainly run by smart contracts, which could leave a tiny gap of exploitation in buggy lines of codes. Moreover, DeFi heists are mostly untraceable, so the attackers are incentivized to attack DeFi protocols more than other cryptocurrency sectors like CEXs.
According to Certik, hackers have stolen $2.18 billion in hacks and scams, with over $395 million in June. The most recent being a $100 million hack on Harmony’s Horizon bridge last week, linked to the famous North Korean attackers (Lazarus Group) who stole $622 million from Axie Infinity. The increasing rate of these attacks is worrying, and it reduces the adoption of DeFi into mainstream finance and, by extension, Web 3.0.
Are there any solutions in sight?
Initially, when these scams began, DeFi protocols began to audit their smart contracts and codes via reputable third parties to detect points of vulnerability. Indeed, this initially reduced the hacks and provided a safety net. However, the increasing number in 2022 is concerning, especially since a whopping 30 percent of code attacks on DeFi protocols in 2021 occurred on audited platforms.
Of course, audits help to reduce the chances of vulnerability. However, they aren’t a foolproof method of avoiding malicious attacks. So, away from audits, what are the possible solutions to reduce these attacks to the minimum?
DeFi protocols should invest more in cybersecurity
According to chainalysis research, security breaches (which aren’t code exploits) accounted for over 40% of attacks in 2020, over 25% of attacks in 2021, and over 50% of attacks in 2022 Q1 are attributed to security breaches.
The increasing number of this stat makes it obvious that DeFi protocols aren’t investing enough in security. The unregulated nature of DeFi makes it a breeding ground for attackers; hence, DeFi security investment should be a lot bigger, securing the network by anticipating attackers via existing patterns. DeFi developers shouldn’t put all their focus on their algorithm only to ignore security because if the protocol is breached, trust is gone, and users will be wary of committing funds into the protocol, making the sophisticated algorithm subfunctional.
DeFi Protocols should organize lucrative bug bounties
Despite the increase in security audit platforms, code breaches have steadily increased over the years. According to chainalysis, code breaches accounted for only 12 percent of the attacks in 2020; however, that number increased to nearly 40 percent in 2021 and about 45 percent in Q1 2022. Hence, it is obvious that code audits cannot sufficiently prevent these attacks.
In addition to performing independent audits, DeFi protocols can organize highly rewarding bug bounties to detect vulnerabilities from many sources. It is important to keep the rewards high, so that bounty hunters will be incentivized to remain honest.
DeFi protocols should not “blindly” copy open-source code
The blockchain is open-sourced; hence, many projects copy the source code of projects, adding only a few changes. However, many times, these codes are filled with numerous bugs. Hence, it is important for developers not to blindly copy codes; however, they should put the code through several internal and independent audits to ensure it is as risk-free as possible.
As far as blockchain and DeFi is concerned, everyone is responsible for their security. You can hardly sue anybody for your losses, and the best you would get is some hopeful “compensation.” Hence, it is important that you take security precautions as a crypto user, some of which include:
- Always ensure that you invest in audited protocols
- Ensure to diversify your investments; it is ill-advised to put all your investment in a single protocol.
- Don’t randomly click on links in discord/telegram community channels; the channel could be hacked anytime.
- Revoke smart contract calls you are no longer using.
For every groundbreaking technology, there will be malicious attackers looking to make illicit profits from loopholes and oversights. However, until DeFi security is much tighter, the responsibility of reducing the impacts rests on both developers and users. Therefore, DeFi protocols must invest big into cybersecurity, and individual investors must follow necessary security protocols.