To its proponents, decentralized finance (DeFi) is what the financial space has been yearning for. It’s the pathway to financial inclusion and freedom that the traditional systems have failed to offer. Yet for all the good that it’s worth, DeFi has an Achilles heel; it’s prone to exploits.
DeFi exploits are as common as they come. And the last one month best explains this. According to data presented by tradingplatforms.com, DeFi projects lost a whopping $438. 85 million to theft. In contrast, the projects recovered a paltry $75,000.
Defi’s strength is its weakness
Sharing her thoughts on the data, tradingplatforms.com’s Edith Reads said, “DeFi’s greatest attribute is also its major drawback. It’s core principle, decentralization, which renders it so innovative also makes it vulnerable to scams and theft. Implementing regulatory rules set for centralized systems in the scene is a daunting task.”
Two major DeFi heists characterize this period. First of these is the Wormhole exploit of 3rd February 2022. The attackers siphoned 120,000 wrapped Ethereum worth $320M. Wormhole is a communication bridge linking Solana to other blockchains.
The second one involved Qubit Finance. The platform is a cross-chain bridge linking the Binance Smart Chain and Ethereum. Here the hackers made away with over 77 thousand ETH valued at $80M.
Mitigating DeFi risks
Leading DeFi systems claim to improve security by contracting independent code reviews. This helps in identifying flaws and plugging them. They also advocate for the safekeeping of keys and passwords for accessing user wallets.
However, critics have expressed concerns that the DeFi market removes third-party control of users’ assets. These intermediaries assist in discovering and stopping scams in traditional finance.
Rather than a provider holding your digital assets, a smart contract holds them. Transactions here are “trustless,” which means that the parties to trade don’t have to know or trust one other.
Neither do they have to depend on an intermediary like a bank or agency. They rely on the blockchain because it is immutable, permanent, and unchangeable.
Many DeFi platforms run by rules requiring a simple majority from anonymous token holders to alter the protocol. This action can take a week or more and, when a vulnerability occurs, allows cybercriminals to drain cash readily.
That’s because no one can patch the bug until it’s fixed. It also implies that there’s no individual responsibility and often no way to stop even recognized scammers.