With hundreds of billions of dollars of total value locked into the decentralised finance (DeFi) market, this burgeoning sector is rapidly becoming an attractive target for cyber criminals and hackers.
According to a CertiK State of DeFi Security Report released earlier this year, more than $1.3 billion was lost across 44 DeFi hacks due to centralisation issues alone. In practice, even a relatively small coding mistake or error in the business logic can be exploited by hackers to compromise entire smart contracts.
For contracts controlled by a private key, mismanagement can result in substantial financial damages. The DeFi protocol bZx is one example of this with hackers being able to exploit the contract and steal more than $55 million.
Countless examples exist where ingenious criminals have been able to use a tiny weakness to drain tens of millions of dollars from pools. A missing line of code allowed a hacker to re-initialise a liquidity pool, become the operator themselves and then steal the staked tokens in one project.
In some cases, the risk to DeFi projects can be internal as developers can purposely create a scam crypto project, accept investors money and then drain funds and abandon the project.
Potential solution?
While there may be inherent risks to DeFi projects, potential investors would benefit by undertaking a comprehensive review of any project they intend to invest in to help ensure that risky projects are not selected.
Beyond calculating key business fundamentals, including yield rates and total value locked in, the reputation of the project and the team behind it can go a long way to uncover issues.
If any of the current team members of a project were connected to scams in the past, this would raise red flags that would need to be investigated more deeply.
As concerns grow that DeFi is being held back from achieving its growth potential due to security risks concerning new users, regulators are looking for ways to better protect crypto consumers. A range of European and international government and regulatory bodies are actively investigating ways in which further regulation could be introduced in the future.
There’s no question that as DeFi becomes an even bigger part of the financial system that regulation may soon follow. Last month, Birgit Rodolphe, an official at German financial regulator BaFin called for new DeFi regulations, pointing to the risks that hacks and fraud pose to customers of projects in these markets.
Despite the high-profile nature of many DeFi hacks, investors on the whole still view the innovation found in this sector to be worth the risks. As a majority of DeFi platforms that were exploited last year were not audited, it may be beneficial for platforms to consider if undergoing an audit would help uncover unknown weaknesses.
Many advocates of DeFi are against imposing Know Your Customer (KYC) on the sector, as they believe this would simply force such decentralised solutions to become centralised. But, for some regulators, KYC and anti-money laundering tools could become a significant force in the sector.
Written by Finbarr Toesland, Editorial Contributor, VC Innovations
The conversation continues at FTT DeFi, 12th July 2022 at County Hall, London. For more insights and experiences focused on digital identity, check out the Future Identity community.