DeFi defenders locked in a high-stakes race with sophisticated attackers
There are many ways to make money in decentralized finance (DeFi). There are also a lot of ways to lose it. Aside from buying the wrong tokens at the wrong time or becoming the bag-holder for illiquid non-fungible tokens (NFTs), scams and hacks are common.
In the last three years, the tools we use to interact with DeFi, web wallets, platforms, and protocols, have become more user-friendly. But at the same time, phishing attempts, hacks, and frauds have increased. There’s an arms race underway, with DeFi’s defenders working to shore up their protocols against attackers. It’s a high-stakes battle, with the very future of DeFi at stake.
Hackers will continue hacking
There’s a common misconception that only new users fall prey to hackers. They make mistakes, clicking on phishing links or responding to scam messages. While beginners have fallen prey, the truth is that anyone can be a target. Even DeFi veterans can fall; all it takes is a moment’s inattention.
Web3 platforms that prompt users to sign a transaction to confirm wallet ownership are one such weak point. In many cases, it’s unclear what you’re signing or why. All it takes is a compromised Twitter account or a front-end code injection for a hacker to turn a reputable web3 platform into a honeypot.
Defenders will continue defending
DeFi proponents, including white hats, security researchers, and interface designers, have been fighting back, arming users with the tools to detect threats. Browser extensions have been developed that alert users to the permissions they’re granting every time they sign a transaction. These detect malicious signature requests effectively. However, pop-ups caused by these extra steps risk causing notification fatigue.
Other solutions seek to drill down into the smart contracts DeFi users interact with to determine whether they contain malicious code. Blockfence has developed an interface that warns web3 users of any hazards they’re unwittingly interacting with. Its protection layer combines complex analyses, machine learning algorithms, and accumulated community data to build a bigger picture of systemic risk. It’s recently seen success in saving unsuspecting users from an ETH Denver phishing website.
These solutions must be complemented by tools that can protect against other attack vectors. Bridges, vital conduits for moving money between blockchains, are weak points. Last year, $2b was lost to bridge exploits. The industry needs more robust solutions for moving assets cross-chain and identifying attacks before millions of dollars can be exfiltrated.
From white-hats hacking back to greater forensic tools for following and potentially freezing stolen funds, DeFi users are equipped. But until the annual amount of stolen crypto starts dropping, it’s hard to argue that the good guys are winning the battle. For all the progress made, DeFi remains vulnerable.
Disclosure: This content is provided by a third party. crypto.news does not endorse any product mentioned on this page. Users must do their own research before taking any actions related to the company.