DeFi needs to solve its security woes. Here’s how that could happen

By some measures, crypto is a safer place today than during the heady days of the previous bull market.

Thefts from hacks and exploits this year are about a third below losses from the same period in 2022, which remains a record year, according to blockchain intelligence firm TRM Labs.

Despite that progress, there’s a long way to go if many a DeFi proponent’s dream of competing with traditional finance is to materialise.

“We have a system that’s built on confusion, with loads of money inside of it,” Ogle, a pseudonymous whitehat hacker and founder of the Glue blockchain, told DL News. “It’s a bad combo.”

DeFi’s complexity, coupled with a developer tendency to solve issues by making things more convoluted, means it’s “no surprise” thousands of users end up getting their money stolen, Ogle said.

Protocols holding billions of dollars of crypto are lucrative targets for hackers. Users are often just a click away from having their crypto drained by a malicious link without ever realising it.

And when things go wrong, users are often left in the lurch.

It doesn’t have to be that way, Ogle said.

“The entire internet is run on the back of open-source software and it’s all fine,” Ogle noted. “It’s just battle tested and it’s been iterated, and they don’t change things too much.”

Plugging the gaps

Boosting DeFi protocol security would help prepare it for mass adoption.

The biggest problems come about when projects neglect security priorities and fail to adhere to best practices, Ivan Domaretskyi, product manager at Hacken Extractor, a blockchain attack detection platform, told DL News.

The way he sees it, there are two big gaps: a lack of audits and real-time monitoring protection.

According to Hacken’s research, only 4 out of 41 projects that were hacked in the second quarter had undergone relevant audits.

Additionally, Hacken estimates only 5% of projects use some form of monitoring to detect hacks and respond to them in real time.

If more projects implemented real-time monitoring, Domaretskyi said, they could prevent many incidents from happening.

There are also emerging methods to improve security, in addition to existing solutions.

Many DeFi hacks involve the same exploit, just on different protocols, Ogle said.

Reentrancy, a type of vulnerability that allows an attacker to interact with a smart contract more times than should be possible, is still impacting DeFi protocols, despite it being identified as a problem as far back as 2016.

A DeFi consortium

It’s these kinds of solutions that traditional finance players will adopt as standards as they move into crypto, Ogle said.

“There will probably be a consortium of banks to agree that this is the way that things are,” Ogle added.

Consortiums are already starting to emerge in the public sector.

In October, the UK’s financial regulatory body joined the Monetary Authority of Singapore’s DeFi regulation consortium called Project Guardian.

There will still be a fringe that doesn’t obey the rules, Ogle said, but most activity will converge around mainstream protocols that have been battle tested.

“I can’t see why blockchain will be any different than every other technology that’s ever come out, and that’s typically how it works.”

Tim Craig is a DeFi Correspondent at DL News. Got a tip? Email him at tim@dlnews.com.