Exploits and hacks in DeFi are beginning to become a new reality. In October alone, we’ve witnessed about 11 major hacks totalling nearly looted from DeFi protocols. On the 11th of October, the Mango market, a Solana-based lending, trading, and portfolio management platform, was hacked and drained . Sequel to that, we’ve witnessed several cases of exploits and hacks from blockchain systems like BNB, terra, Ronin network, Nomad bridge, Elrond, and so many others. $718 million $117 million The list goes on and on, and it is unarguable that security in DeFi remains a significant issue and might as well be categorized as one of the biggest controversies of the decade. Blockchain technology is a relatively new industry, and many say that the landscape needs more time to operate on a more sophisticated ground. However, if the insecurity issues persist at this current pace, there might be nothing left of the market to improve. DeFi Security; A Brief Overview As a new technology still in its infancy, the crypto market is subject to vulnerabilities. And with the large number of funds being invested in DeFi, it is almost natural that the landscape is a common target for hackers and attacks. In a cross-bridge exploit that happened on the 6th of October, 2022. The BNB chain witnessed an attack that led to being drained from the chain. However, the network claimed to have minimized the loss to $100 million by shutting down the system. The incident adds to the list of significant DeFi attacks over the past and present years, which can sum up to more than $2 billion in losses. $570 million Cryptocurrencies and DeFi have been repeatedly exploited by attackers, and malicious occurrences seem to rise. Other recent attacks in 2022 include the Mango market attack, Temple DAO, the QANplatform’s Eth and BSC bridge, and many others. These listed platforms lost over , , and , respectively. Most of these incidents are believed to stem from compromised private keys, smart contract vulnerabilities, wrong liquidity pool estimates, rug pulls, and other weaknesses that can be easily exploited. $100 million $2.3 million $1.89 million Major Security Risks In DeFi Although we’ve seen several DeFi security issues lately, most of these attacks fall under the same umbrella. Below, we’ll discuss some of the major security risks in the decentralized finance system. Inaccurate Liquidity Pull Calculations This stands as one of the most common means of exploitation on DeFi. Staking, being one of the most common DeFi features on protocols, could be a point of entry in cases of incorrect liquidity pool calculations. Ideally, staking allows users to earn incentives when tokens are staked for a certain period. Liquidity pools are programmed to use the pool’s existing data on stakers to determine the overall value of available tokens rather than external oracles. Hackers have found ways to exploit this by tampering with the balance of the pool and gaining access to the pool’s value. Rug pulls Rug pulls are a common means of extortion and exploitation in the DeFi market. Since decentralized finance is a system that thrives on decentralization and anonymity, we’ve seen project creators, developers or even individuals exploit this by draining money from protocols. Compromised private keys Blockchain systems enable users to have access or hold their private keys rather than have it handled by a third party like in centralized finances. Compromised private keys are a common cause of security issues in DeF and are an easy entry point for attackers looking to exploit the system. A private key could be easily exploited through a compromised metamask interface, poor key generation practices, or a user’s seed phrase. Coding Error There have been a lot of high-profile theft cases in the DeFi system that resulted from a breach in the network’s code. One of the most common was the famous 2016 DAO attack, where $50 million worth of DAO tokens were stolen due to an error in the network’s smart contract. Another similar case was the from a user’s wallet in 2017 due to an error in the code. $30 million ether stolen Best Practices For Enhancing DeFi Security There is no single solution to enhancing DeFi security, and given that the system is relatively new, there are probably even more loopholes yet to be discovered. However, there are existing basic security practices that most DeFi networks could look to in fortifying their networks and preparing against possible attacks. The first on the list would be to improve smart contracts to prevent vulnerabilities. Other possible case practices are careful research on DeFi projects, streamlining all significant network interactions through official channels, using exploitation-resistant oracles for full network coverage, e.t.c. Lastly, there are certain risks that the founders or developers of a network do not have control over, like a compromised private key, and with this, we can say that users also play a crucial part in the network’s security. Final thoughts As it has been said earlier, there are no golden rules to security in DeFi. Therefore the aforementioned are basic rules of thumb. There is barely a complete list to address all issues of DeFi vulnerability. Also, with more money going into DeFi, there is a higher susceptibility to more attacks. Ultimately, securing a DeFi protocol would require us to understand existing loopholes fully. In addition to the factors mentioned above, a thorough security audit can help understand external and internal threats in any DeFi system.
