The adoption of Web3 seems inevitable, but so does the increase in security problems and hacks. What are the main factors behind this? The high rate of innovation in the cryptocurrency world and the frequent software updates in the multi-chain world seem to inevitably introduce more vulnerabilities. We need a real-time monitoring infrastructure to prevent and respond quickly to exploits.
“An effective monitoring infrastructure in the hands of the community acts as a powerful deterrent to bad actors”, Nikos Andrikogiannopoulos, CEO of Metrika, recently told The Armchair Trader. “Similar to fire and weather alarms, which mobilize communities, evacuate threatened areas and activate volunteer rescue teams, blockchain communities need processes and tools to deal with emergencies.”
Disruptive technologies are volatile and thus carry significant risks and great rewards. Most developers in the blockchain space are learning on the fly, as they come from conventional technology stacks and improve their skills. Education will become a driving force for better and safer programming.
DeFi needs good management
“We all have to remember that technology is not born but develops,” he explained Daniel Keller, Co-founder of Flux. “As adoption grows, you will see a strong push from leaders, driven by the institutional demands of their customer base. Defi needs to feel like legacy finance but operate as a decentralized network, and for that to happen we need to be good stewards of speed and security best practices.
Andrea MorfillKomainu’s Chief Information Security Officer believes that as the industry matures, we will continue to see hacks.
“The first indications with Nomad were that it was run by opportunistic ‘looters,’ but in the past the cross bridges have been targeted by nation state threat actors with meticulous planning and precise execution,” he said. “The drivers are different, but the results, inevitably, are the same … loss of assets.”
Nomad’s hack is yet another crosschain vulnerability. We saw several of them last year. But will investors want to know what causes them and why they happen? This is also a concern for regulators and institutional investors as they anticipate greater participation of institutional players in the cryptocurrency space.
The bridges between the chains are complicated. Frequent software updates to supported protocols and the bridge protocol itself can introduce bugs and allow exploits. In Nomad’s case, a bug in the software update allowed for a type of transaction that would normally only be allowed to fund holders. This bug allowed anyone who wanted to copy and paste the transaction type, change the recipient address, and download the funds.
Blockchain was created to do one thing, to allow movement without a trusted third party. Most current decentralized engagement models (Defi) use a hybrid of centralized and decentralized technology, thus increasing the risk of malicious third-party exploits and actors.
“Cross-chain operability will continue to grow at profound levels, with a focus on security and decentralization; however, you need to pay attention to safety and not just the speed of development as we push Defi products to the masses. Keller told Flux.
Simply put, after looking at the smart contract, it appears that there were gaps in the processing of any transaction received.
Sign up for more stories like this, at 8:00 on weekdays, for free!
Most decentralized finance is a refugee from conventional finance, focusing on building an inheritance-based system on Defi. When these leaders, developers, and teams focus on iteration, they look to mechanics and development for quick and easy access; security tends to be an afterthought.
“It might not be popular opinion, developers need to move away from programming frameworks like Solidity and others towards secure frameworks like PACT on the Kadena Network,” Keller said. “The problems related to Ethereum and these breaches should indicate the need for further development of smart contract security with more secure implementations on products such as Flux and Zelcore.”
Not a new phenomenon, the security issues with cross-chain bridges have been responsible for some of the biggest dollar hacks this year. In terms of prevention, an industrial set of smart contract models known to be secure, smart contract auditing and secure software development cycles would be a step in the right direction.
“We need real-time analysis and monitoring, as well as stricter testing and higher software quality standards at the source, in line with left-shift principles,” said Andrikogiannopoulos. “Many of the analyzes we see in exploits today are forensic and fraud detection analyzes after the exploit has occurred. We need real-time analysis and anomaly monitoring before they occur. Many of these exploits start with small experiments. , often on TestNet, and are then fully deployed on MainNet Real-time detection can trigger alerts on suspicious activity before these exploits go “into production.”
For example, in the case of Nomad, imagine you see a zero hashed transaction running after a software update that has never been seen before. This would trigger an alert. Furthermore, after an exploit becomes active, alerting the entire community in real time and promptly notifying all members would allow for a quick community response i.e. freezing of exploited funds, coordination with validators to suspend network activity while a hotfix is being released is in preparation.
This type of operational governance in emergency crisis response is now more ad hoc and relies on community goodwill and the heroic actions of the protocol team and responding individuals. More tools and infrastructures are needed in this direction to give the whole community a standardized response to emergencies.
Is the final responsibility the end user or the protocol?
The protocol is responsible for identifying exploits and carrying out the necessary checks, procedures, workarounds, and code protection. Over and over again, we’ve seen that more audits are still not enough to promise hack-proof protocols, mainly because more of this code is iterative and first-time developed.
Retail investors are responsible for considering these risks before using any conventional or Defi-based product. It’s still the Wild West out there – high returns aren’t achieved without associated risk, and only you can personally understand your risk assessment. While it’s sad, hearing stories of people losing their life savings shouldn’t happen, and a deeper level of education is needed for Defi to truly thrive.
Ultimately, protocols that have been proven safe will have credibility with those who experience these kinds of incidents, but retail investors should do their research and understand the risks, promises of high% APY returns or air launches. they are not uncommon, but the wrong choices can result in the loss of investor investments (if it sounds too good to be true, it probably is).
Protocol teams are ultimately responsible for the security associated with the software versions of their protocol. Protocol teams often hire several external software security audit firms and also set rewards to ensure all vulnerabilities are discovered before release.
Cryptocurrency markets are not regulated like futures markets
Despite best practices in software development and release cycles, it’s unclear where the financial responsibility lies around exploits. Unlike banks where deposits are guaranteed up to $ 250,000 by Federal Deposit Insurance, cryptocurrencies are not regulated to the same depth; regulation in these areas is actively developed by the CFTC and the SEC.
Until the crypto space reaches this level of maturity, the ultimate financial responsibility rests with consumers who have chosen to make their first investments in the nascent crypto world. Greater awareness of the risks of cryptocurrencies would be very beneficial to the cryptocurrency investing community.
“Furthermore, cross-chain operability is the holy grail of blockchain technology, not only for DeFi but also for other conventional technology sectors such as EMR, supply chain, physical assets, etc.” Keller said. “Understanding that we are at the beginning of the adoption cycle allows us to be innovators and disruptors, but with innovation comes the inherent risk. The weaknesses will now provide a stronger infrastructure for the blockchain delivery framework to many users.
Komainu’s Morfill adds, “As the market matures, securely developed and updated protocols with real utility will provide the credibility and security investors seek.