How to protect DeFi assets from hackers

The hype is on and raging as the DeFi industry continues to reach new highs in its capitalization, reaching $ 85.03 billion at the end of March 2021. While the DeFi market is booming, a darker aspect industry is also reaping the benefits of the capitalization shattering. The security of DeFi networks is being called into question as the volumes of funds passing through the platforms increase. A series of recent attacks has again raised the question of the need for better safeguards for decentralized financial solutions.

First hacks and breaches

DeFi’s security woes began to surface in April 2020, when popular lending platforms Uniswap and were subjected to a series of massive hacker attacks that deprived them of more than 25 million dollars in funds. Subsequent analysis revealed that attackers were able to exploit a weakness previously identified by OpenZeppelin, a security company specializing in decentralized infrastructure.

A year later, the problem resurfaced, when in February 2021, the bZx platform used for trading and margin lending was brutalized by two major breaches. The ingenious ploy applied by the hackers involved the manipulation of oracles to steal user funds through the use of leveraged loans.

Such a reach of digital world hackers into the real world as part of their attack strategies signals a dangerous trend in the evolving threats facing DeFi.

The weakest link

As prosaic as it may sound, human error is largely to blame in virtually every attack on decentralized platforms, as hackers simply need to find a weakness to hang on to – a weakness provided by hackers. careless users or a poor security audit.

A single source of failure is out of the question in blockchain networks, which operate on a peer-to-peer principle, unlike client-server networks. But that doesn’t make them immune, as hackers look to inattentive users as the source of failure, or the underlying infrastructure, looking for weaknesses that could lead to network backdoors or a failure. direct access to an active administrator account.

The Deloitte Global Blockchain Survey, published in 2019, highlights the vulnerabilities of decentralized networks, as 53% of organizations surveyed said blockchain is of critical importance, while 83% saw applications for the technology in their business. But, 50% of the same respondents said privacy issues are still critical because blockchain transparency is a double-edged sword.

The 2019 Cost of a data breach report IBM, said the average cost of a data breach in the United States alone rose from $ 3.54 million in 2006 to $ 8.19 million in 2019, a 130% increase in 14 years, highlighting the increasing skills of attackers and the backwardness of network security. .

The solutions

Blockchain and DeFi platforms could take many paths to strengthen security measures.

Among the most obvious are extensive pre-launch testing, which would involve using a test network to refine the code, rather than making it publicly public from the get-go. The testnet would allow the project to conduct more rigorous testing using fake currencies and rely on a progressive version of the platform to rule out the possibility of missed gaps.

Many project development teams also don’t tap into a significant resource at their disposal – users, many of whom are skilled programmers. Offering rewards to users for identifying code weaknesses is a great alternative to hiring expensive security companies, and a powerful incentive for the community to get involved and trust the project.

Another resource available to the project is the comprehensive set of metric monitoring tools that can be used to detect suspicious activity. Sudden spikes in any of the values ​​of the borrowed mutual funds may indicate the approach of a cascading effect or an impending hacker attack. Large transactions, repeated requests, or the frequency of operations for a specific user account can be indications of suspicious activity. All of these operations, especially with stable coins, could be a sign of large withdrawals.

Having monitoring protocols in place or pre-launch testing is only half the problem, as having strong software solutions in place is the first line of security for DeFi. One of the solutions to rely on is the implementation of succinct and non-interactive knowledge arguments to zero knowledge – zk-SNARKS which employs parties acting as provers and verifiers without any interaction to ensure the veracity of possession of related information. The more advanced zk-ConSNARKS protocols are more energy efficient and attract the attention of companies and funds with large sums of money.

One of the major projects offering such solutions is Razé network, which provides a substrate-based cross-chain privacy protocol for the Polkadot ecosystem. The software’s built-in privacy layer provides full end-to-end anonymity for DeFi platforms and resources on Web3.0. Raze leverages the zkSNARKs applied to the Zether framework to create decentralized second-layer modules completely anonymously which are then imported as substrate-based smart contracts.

Such solutions are in line with the main objective of the Raze network of ensuring the operability of inter-chain payment and trading systems preserving confidentiality while ensuring transparency and user confidentiality. Building on its native logic of turning core platform tokens into private tokens at a 1 to 1 ratio, Raze offers anonymity and three functions – Mint, Transfer and Redeem to ensure smooth transactions and uninterrupted.

Catching up with industry progress

After nearly ten years of operating online, blockchain networks still lag behind when it comes to security. Such a state of affairs is unacceptable in an era of growing interest in the technology and its potential large-scale application by global industries. For the moment, players in the DeFi sector should rely on existing security solutions such as those of the Raze network and redouble their efforts to develop new ones.

Disclaimer: This article is educational and does not represent financial advice. Please consult your financial advisor before purchasing digital assets.

See more Benzinga

© 2021 Benzinga does not provide investment advice. All rights reserved.

About Stephen Arrington

Check Also

IPOE Stock: Practice Patience with Hedosophia Holdings Corp. V

In early March 2021, I wrote another article on Social Capital Hedosophia Holdings, the company …

Leave a Reply

Your email address will not be published.