Why DeFi Should Expect More Hacks This Year: Blockchain Security Leaders
Decentralized finance investors (DeFi) should brace themselves for another big year of exploits and attacks as new projects enter the market and hackers become more sophisticated.
Executives from blockchain security and auditing firms HashEx, Beosin and Apostro were interviewed for Drofas An overview of DeFi security in 2022 the report is shared exclusively with Cointelegraph.
The executives were asked about the reason behind a significant increase in DeFi hacks last year, and were asked if this will continue through 2023.
Tommy Deng, CEO of blockchain security firm Beosin, said that while DeFi protocols will continue to strengthen and improve security, he also admitted that “there is no absolute security,” saying:
“As long as there is interest in the crypto market, the number of hackers will not decrease.”
Deng added that many new DeFi projects “don’t go through full security testing before going live.”
Additionally, a significant amount of projects are now exploring the use of cross-chain bridges, which were a major target for exploiters last year, leading to $1.4 billion stolen across six businesses in 2022.
The comments echo blockchain security firm CertiK, which told Cointelegraph on Jan. 3 that it does not “anticipate a respite in exploits, flash loans or foreclosure scams” in the coming year.
In particular, CertiK noted the likelihood of “further attempts by hackers targeting bridges in 2023” citing the historically high yield from attacks in 2022.
Founder and CEO of crypto auditing firm HashEx, Dmitry Mishunin, said “hackers have gotten smarter, gained more experience and learned how to look for bugs.”
“The crypto industry is still relatively new and everyone is growing with each other, so it’s hard to get too far ahead of bad actors.”
He added the amount of value in some DeFi projects made the industry “very attractive” to malicious actors, and that the number of hacks “is only going to grow going forward.”
Mishuin said these attacks could even spread beyond DeFi, with attackers targeting “crypto exchanges and banks” entering the market offering “more secure solutions for storing digital assets.”
Related: Crypto’s recovery requires more aggressive solutions to fraud
However, co-founder of smart contract security and audit firm Apostro, Tim Ismiliaev, offered more hope, as he expects the space to “maturate over the next five years, and new best practices for securing decentralized financial protocols will emerge.”
Extend; did not read
Interestingly, both Mishunin and Deng noted that many of the post-incident reports provided by blockchain security firms often do not reach their target audience – blockchain developers.
“The people who read such analyzes are average investors who are worried about their money. Actual blockchain developers are too busy coding; they don’t have time to read such things,” Mishunin said.
Meanwhile, Deng said the reports are usually about “event-based vulnerabilities and related recommendations,” so it doesn’t often help other developers, as they may still be vulnerable to other exploits.
However, he admitted that reports of “general vulnerabilities” in DeFi “tend to do a good job of increasing protection.”
“Reentrancy vulnerabilities are now not as common as they used to be.”