Investors in decentralized finance (DeFi) should brace for another big year of exploits and attacks, as new projects enter the market and hackers become more sophisticated.
Executives from blockchain security and auditing firms HashEx, Beosin, and Apostro were interviewed for Drofa’s report. “An Overview of DeFi Security In 2022” Exclusively shared with Cointelegraph.
Executives were asked for the reason for a significant increase in DeFi hacks last year, and asked if this will continue until 2023.
Tommy Deng, CEO of blockchain security company Beosin, stated that while DeFi protocols will continue to strengthen and improve security, he also conceded that “there is no such thing as absolute security”:
“As long as there is interest in the cryptocurrency market, the number of hackers will not decrease.”
Deng added that many new DeFi projects “do not go through full security testing before launching.”
Additionally, a significant number of projects are now exploring the use of cross-chain bridges, which were a top target for hackers last year, leading to $1.4 billion stolen through six exploits by 2022.
The comments mirror those of blockchain security firm CertiK, which told Cointelegraph on Jan. 3 that it does not “expect to see any letup from exploits, flash loans or exit scams” in 2023.
In particular, CertiK noted the likelihood of “new hacking attempts targeting bridges in 2023,” citing the historically high attack yields in 2022.
The founder and CEO of crypto auditing firm HashEx, Dmitry Mishunin, said that “hackers have gotten smarter, gained more experience and learned to hunt for bugs.”
“The cryptocurrency industry is still relatively new and everyone is growing together, so it’s hard to get too far ahead of bad actors.”
He added that the amount of value in some DeFi projects makes the industry “very attractive” to malicious parties, and that the number of hacks is “only going to grow in the future.”
Mishuin said these attacks can even extend outside of DeFi, with attackers targeting “cryptocurrency exchanges and banks” that enter the market by offering “more secure solutions for storing digital assets.”
However, co-founder of smart contract auditing and security firm Apostro, Tim Ismiliaev, was more hopeful, expecting the industry to “mature in the next five years and new best practices for securing DeFi protocols will emerge.”
Very long; I’m not going to read
Interestingly, both Mishunin and Deng noted that many of the post-incident reports provided by blockchain security firms often do not reach their target audience: blockchain network developers.
“People reading these reviews are average investors worried about their money. Real blockchain network developers are too busy programming; they don’t have time to read stuff like that,” Mishunin says.
Meanwhile, Deng said that the reports are usually about “point vulnerabilities and related recommendations,” so they often don’t help other developers, as they might still be vulnerable to other exploits.
He admitted, however, that reports of “general vulnerabilities” in DeFi “tend to do a good job of increasing protection.”
“Reentrancy vulnerabilities are no longer as common as they used to be.”
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.