DeFi

Defi builders must choose their deck wisely

Published

8 months ago

on

Disclosure: The views and opinions expressed herein belong solely to the author and do not represent the views and opinions of crypto.news editorial.

Last November, DEX aggregator KyberSwap was hacked for $47 million, causing its protocol to fail and losing funds from its liquidity providers. In a strange turn of events, the mysterious hacker made an unprecedented demand to release the stolen funds only if the entire management team resigned and named him CEO. Unsurprisingly, this request was denied and the hacker began transferring the stolen funds to Ethereum using the Synapse protocol.

KyberSwap barely survived the incident and was forced to cut half of its workforce, with its entire value frozen. abandoned by 68 percent. As with all challenge hacks, this one is unfortunate, but there is a positive side.

Compared to the early days of crypto winter, the value lost in defi hacks fell by 64% in 2023, with the median loss per hack decreasing by 7.5%, according to On-Chain Analysis data. Of course, this is a positive development and a testament to the overall advancement of the challenge space and its security advancements. Bridges – blockchain protocols promoting interoperability between chains – have contributed to Defi’s expanded capabilities by releasing isolated “islands” of liquidity, allowing assets to flow more freely.

The value lost in challenge hacks | Source: On-Chain Analysis

Bridges also drive innovation by allowing developers to explore new ways to use cross-chain capabilities. We can see this through the creation of new financial products, improved scalability, improved privacy features, easier collaboration measures and flexible risk management.

Despite the decrease in security vulnerabilities and the rise of bridge-based challenge innovation, blockchain interoperability is still quite limited. Rather than fostering universal interoperability, each protocol or cross-chain bridge represents a link between two blockchain networks, meaning that true interoperability would require a complex network of many protocols connecting each blockchain to each other.

This presents its own set of security challenges. Despite the decline in hacks, the challenge space is still invaded by hackers looking for potential flaws in a protocol or a smart contract vulnerability to exploit. Since most bridges rely on smart contracts, you can expect hackers to continue testing them, whether it’s a centralized exchange, a layer 2 chain, or an entire of oracles hosted by a third-party server.

The inherent security challenges, especially on unregulated bridges, are almost impossible to completely eliminate, as most bridges interact with external systems, making them vulnerable to hacking or manipulation. Users transferring assets between disparate blockchain networks via a trust or no trust bridge serious safety concerns must be weighed.

Generally speaking, trust bridges like Binance Bridge offer simplicity and compliance at the expense of centralization through a third-party entity. Trustless bridges, on the other hand, prioritize decentralization, security, and permissionless access, but their reliance on smart contracts provides hackers with a clear attack vector.

However, both types of bridges can and have been operated. Additionally, the general lack of KYC and AML protocols among most bridges makes them a hackers’ best friend when they need to launder stolen funds. Since bridges are the closest and most accessible mechanism for removing barriers between isolated blockchains, defi developers and users should proceed with caution when using a cross-chain protocol.

The choice between trustless and trusted bridges depends on the specific use case, requirements, and tradeoffs that developers or users favor or are willing to accept. An average Web3 user looking to transfer funds from one wallet to another may opt for a trusted bridge due to its simplicity, speed, and lower gas fees. However, a dApp developer may prefer a trustless bridge to maintain full control over their assets in a decentralized environment.

The security factor is often taken for granted when trying to connect assets. While trustless and trustless bridges may adhere to varying degrees of compliance and risk mitigation (or eliminate them altogether), using a bridge with a robust compliance layer certainly has its merits.

Let’s revisit the KyberSwap hack to better understand the possible implications of these security risks.

Analyzing the on-chain data, it is evident that if the Synapse protocol had deployed a compliance layer, the hacker would never have been able to funnel the assets to an Ethereum-based wallet and escape. A risk mitigation platform with an end-to-end compliance module can be applied to any dApp or protocol and reject potentially problematic transactions such as the transfer of millions of stolen funds.

Risk mitigation is no longer a “bonus feature” that projects can now set aside. As regulators consider more comprehensive laws, compliance will become increasingly important, especially as traditional financial institutions continue to flirt with providing defi services to their customer base.

It is important to note that adding a layer of compliance to any decentralized protocol is not about censorship or opposition to crypto’s core ethics of financial freedom and cutting out middlemen. Rather, it is solely about protecting user assets from misappropriation by criminals, terrorist supporters, and other malicious actors.

As the crypto world strives for wider adoption, the need for compliance mechanisms is more vital than ever. With attack vectors constantly evolving, hackers and thieves will continue to threaten the integrity of the entire industry and undermine the goal of mainstream adoption.

Although bridges do not enable universal interoperability across the broad blockchain ecosystem, good compliance can reduce risks for users and developers and safeguard Defi’s progress. Therefore, developers would do well to consider a bridge’s compliance standards when engaging in cross-chain transactions.

Guy Empty

Guy Empty is the co-founder and CTO of Kima, a blockchain-based decentralized money transfer protocol. Guy’s experience includes more than two and a half decades of development leadership with positions at Yahoo, ADP, BMC, Blue Cross/Blue Shield and Fisker Automotive. Additionally, Guy has co-founded three startups and held consulting positions in deep-tech and web3 projects. Over the past few years, he has honed his expertise in the areas of fintech and blockchain. Guy’s past entrepreneurial efforts include Amodello, the first AR home design app in 2010, and ExPOS, a data analytics tool for the hospitality industry in 2012.

Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version