How To Protect DeFi Assets From Hackers
The hype is on and raging as the DeFi sector continues to top new heights in its capitalization, reaching $85.03 billion in late March of 2021. Though the DeFi market is booming, a more shadowy aspect of the industry is also reaping the rewards of bursting capitalization. The security of DeFi networks is in question as the volumes of funds crossing through the platforms are increasing. A slew of recent attacks has once again raised the issue of the need for better protective measures for decentralized financial solutions.
First Hacks and Breaches
The woes of DeFi on the security level started to surface in April of 2020, when the popular Uniswap and Lendf.me lending platforms were subjected to a series of massive hacker attacks that stripped them of over $25 million in funds. Subsequent analysis revealed the attackers were able to exploit a weakness that was identified earlier by OpenZeppelin – a security firm specializing in decentralized infrastructures.
A year later, the issue resurfaced, when in February of 2021, the bZx platform used for margin trading and lending operations was brutalized by two major breaches. The ingenious scheme applied by the hackers involved manipulation of the oracles to steal the users’ funds through the use of leveraged loans.
Such outreach of the hackers from the digital into the real world in their scope of attack strategies signals a dangerous trend in the evolution of threats facing DeFi.
The Weak Link
Prosaic as it may seem, human error is largely at fault in virtually all of the attacks on decentralized platforms, as the hackers merely need to find some weakness to latch onto – a weakness provided by careless users or poor security auditing.
A single source of failure is out of the question in blockchain networks, which operate on a peer-to-peer principle, unlike client-server networks. But that does not make them immune, as the hackers turn to inattentive users as the source of failure, or the underlying infrastructure, seeking for weaknesses that could lead to network back-doors or direct access to an active administrator account.
The Deloitte Global Blockchain Survey, issued in 2019, highlights the vulnerabilities of decentralized networks, as 53% of organizations surveyed stated that blockchain is of critical importance, while 83% saw applications for the technology in their business. But, 50% of the same respondents stated that privacy-related issues are still critical, as blockchain transparency is a double-edged blade.
The 2019 Cost of a Data Breach Report from IBM, stated that the cost of an average data breach in the US alone has grown from $3.54 million in 2006 to $8.19 million in 2019 – a 130% increase over 14 years, highlighting the growing skills of the attackers and the lagging of network security.
There are numerous avenues that blockchain and DeFi platforms could take to bolster security measures.
Among the most obvious is extensive pre-launch testing, which would involve using a testnet for refining the code, rather than openly making it public from the get-go. The testnet would allow the project to conduct more rigorous trial runs using fake currencies and rely on a phased release of the platform to exclude the possibility of missed loopholes.
Many project development teams also do not leverage an important resource at their disposal – the users, many of whom are skilled programmers. Offering rewards to users for identifying weaknesses in the code is an excellent alternative to hiring costly security firms, and a powerful incentive for the community to get involved and trust the project.
Another resource at the disposal of the project is the full set of metric monitoring tools that can be used to detect suspicious activities. Sudden spikes in any of the values of pool funds borrowed can indicate the approach of a cascade effect, or an impending hacker attack. Large transactions, repeating requests or the frequency of operations from a specific user account could be indications of suspicious activities. All such operations, especially with stablecoins, could be signs of large withdrawals.
Having monitoring protocols in place or pre-launch testing are only half the matter, as having solid software solutions in place is the front line of security for DeFi. One of the solutions to rely on is the implementation of Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge – zk-SNARKS that employs parties acting as Provers and Verifiers without any interaction to ensure the truthfulness of possession of related information. More advanced zk-ConSNARKS protocols are more power-efficient and are attracting the attention of enterprises and funds operating large sums.
One of the major projects offering such solutions is Raze Network, which provides a Substrate-based, cross-chain privacy protocol for the Polkadot ecosystem. The incorporated privacy layer of the software provides complete end-to-end anonymity for both DeFi platforms and resources on Web3.0. Raze relies on zkSNARKs applied to the Zether framework for creating second-layer decentralized modules in fully anonymous fashion that are then imported as substrate-based smart contracts.
Such solutions are in line with the Raze Network’s core goal of ensuring the operability of cross-chain privacy-preserving payment and trading systems while ensuring transparency and user privacy. By relying on its native logic of turning base platform tokens into private tokens at a 1 to 1 ratio, Raze provides anonymity and three functions – Mint, Transfer and Redeem for ensuring smooth and uninterrupted transactions.
Catching Up With Industry Progress
After almost ten years of operation in the open online, blockchain networks are still lagging behind in security. Such a state of affairs is unacceptable at a time of growing interest towards the technology and its potential application on a massive scale by global industries. DeFi sector players should start relying on existing security solutions like those of the Raze Network for the time being and redouble efforts at developing new ones.
Disclaimer: This article is educational and does not represent financial advice. Please consult your financial advisor before purchasing any digital assets.
© 2021 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.