If you are reading this text, you’ve probably already heard about Decentralised Finance (DeFi) or have used various protocols to trade or earn interest on your deposit.
And, while DeFi remains an intriguing sector to explore, it draws not just enthusiasts or developers, but also hackers and malicious actors.
In 2022, DeFi security continues to be a hot topic, with hackers stealing more than $3 billion this year alone.
A difficult year
At the time of writing, October leads the way in terms of total value stolen from DeFi protocols, with over $700 million taken from various protocols. The most notable exploits were the BNB bridge ($586 million), Mango Markets ($115 million) and almost $28M was stolen from smaller protocols (Moola Markets, Sovryn, Team Finance and TempleDAO).
Cross-chain bridges, according to Chainalysis, remain the most appealing target for hackers owing to the liquidity stored there. Even though value-vice bridge attacks account for more than half of all funds stolen in the DeFi sector, the sheer number of DeFi protocols being exploited regularly is troubling.
The current condition of DeFi security
Despite the frequent exploits of various DeFi protocols, the industry remains hopeful about DeFi’s progress. While new financial primitives and upgrades to the existing protocols, the security space is also advancing with new ways to protect both users and protocols.
Security audits and the organisations that provide them continue to dominate the industry – protocols desire a security check before launch, and both users and investors begin their due diligence with security audit reports. However, as the number of exploits grows, it becomes clear that security audits alone are insufficient to ensure the safety of the DeFi apps. That led to a rise of new security solutions:
- Gauntlet is a financial modelling software that uses agent-based simulation to optimise protocol parameters and capital efficiency. This enables protocols to respond quickly to market conditions and safeguard against possible default risks.
- Apostro is a risk management system that protects against various security threats such as oracle and market manipulation, bugs and poor code implementation and so on. Apostro does so by hindering or complicating the hacker’s attack by making it unprofitable.
- Chaos Labs is similar to Gauntlet in optimising capital efficiency and using agent and scenario-based simulations to battle-test the protocol against diverse market conditions.
Risk management tools, bug reward platforms, real-time monitoring, and the creation of numerous security solutions behind the scenes – all of this tells us about the steady development of this sector of DeFi. We’re still in the early phases, and the space itself is challenging, but never-ending progress gives us hope for the future of DeFi security.