Decentralized finance (DeFi) projects are blockchain-based ecosystems with distributed ledgers interacting for common goals. Digital assets undergo trading on the platforms to facilitate value exchange between users on different networks. Value exchange across the platforms depends on unique protocols that determine the compatibility of the assets. Despite the progress over the years, the DeFi projects are under continuous hacking attacks that define the present risk of such entities. The theft of up to $625 million worth of crypto assets from the Ronin Network underlines the consequences of the existing risks. Some elements make the projects susceptible to attacks. Smart Contract Bugs Smart contracts facilitate trading activities where the execution of trade terms occurs to the satisfaction of terms by both parties. The contracts facilitate the transfer of value in digital assets across user wallets to prevent fraud against creators. However, hackers exploit bugs in the exchange protocols to manipulate and jeopardize the transactions. Damaged exchange protocols give the hacker freedom to change the value of the digital assets. The hacker then spends a few tokens buying the creator’s assets at a low value causing losses to targeted users. Security Limits in Cross-Chain Bridges Cross-chain bridges exist in the form of protocols that allow the transfer of crypto coins from one platform to the next. For example, a bridge will facilitate the transition of BTC on the Bitcoin network to ETH on the Ethereum network. The bridge helps create a Wrapped BTC (WBTC), which is compatible with the Ethereum platform. The hacker exploits the bridge by providing at least 51% consensus to revert the value exchange attempt. The hacker’s coin then goes on with the exchange at the expense of the legitimate user’s token. Open Source Project Codes DeFi projects operate on open-source algorithms that are accessible to the public. People with malicious intent will go through the codes and determine the potential existence of bugs. Successful identification of bugs before the developer removes them exposes the project to targeted attacks. Hackers identify infiltration points where the protocol will execute differently than anticipated by introducing new boundary conditions. DeFi projects are largely in experimental phases, and their underlying codes contain hidden vulnerabilities. The incorporation of the problematic codes into new projects carries the risk forward, leaving them susceptible as well. Nodes Susceptible to Attacks Hackers target different user nodes on DeFi platforms with the intention of acquiring their private keys. Once in possession of keys, their transactions are disguised as the content owners, helping them steal assets and tokens. They then withdraw user tokens to different digital wallets without the owners’ awareness. The responsibility of users over their private keys means that they must store them where they’re inaccessible. Reduced Decentralization on DeFi Ecosystems Different DeFi projects define their consensus validation protocols which reduce the decentralized effect of blockchain technology. The projects require majority nodes to offer validation but are still at risk when ‘the majority’ is a small number due to the members on the platform. The transactions on the platforms will be quicker because of the few nodes that must be in consensus to form a majority vote. However, the fast transactions come at the expense of increasing risks to the users’ assets. The hacker can gang several nodes to create a false majority validation vote that allows their fraudulent transfers. The ability of the hackers to create a fake majority gives them the power to determine protocol outcomes to their benefit. Irreversible Transactions without Consequences to Hackers The aspect of irreversible transactions over the crypto-based DeFi projects means that value transferred to a hacker’s wallet is irretrievable. Different networks address the problem by refunding the network users, but the problem is persistent. The recent developments regarding the spike in crypto thefts do not provide a clear picture of the perpetrators. No users are facing the consequences of the theft of digital assets. Thus the network could be vulnerable to future attacks. Author’s Take The rapid growth of DeFi projects trading with each other and enabling value exchange is a step in the right direction. However, the security risks discussed herein remain a reality that needs a speedy resolution. Despite the crypto networks shielding their clients against permanent value loss through compensation, there must be a permanent solution. The current conditions with the theft cases going on could make users cautious when investing in DeFi projects.
The post Why are DeFi Projects Still Susceptible to Hacking? first appeared on Cryptoknowmics-Crypto News and Media Platform.
The post Why are DeFi Projects Still Susceptible to Hacking? appeared first on Cryptoknowmics-Crypto News and Media Platform.
- Coinsmart. Europe’s Best Bitcoin and Crypto Exchange.
- Platoblockchain. Web3 Metaverse Intelligence. Knowledge Amplified. FREE ACCESS.
- CryptoHawk. Altcoin Radar. Free Trial.
- Source: https://www.cryptoknowmics.com/news/why-are-defi-projects-still-susceptible-to-hacking/?utm_source=rss&utm_medium=rss&utm_campaign=why-are-defi-projects-still-susceptible-to-hacking
- "
- acquiring
- across
- activities
- address
- algorithms
- Assets
- awareness
- benefit
- Bitcoin
- Block
- blockchain
- blockchain technology
- blockchain-based
- BRIDGE
- BTC
- bugs
- Buying
- cases
- change
- clients
- Coin
- Coins
- come
- Common
- compatibility
- Compensation
- Consensus
- content
- contract
- contracts
- could
- creators
- Cross-Chain
- crypto
- Current
- Decentralization
- decentralized
- DeFi
- Despite
- Developer
- developments
- different
- digital
- Digital Assets
- digital wallets
- Display
- distributed
- distributed ledgers
- Ecosystems
- effect
- elements
- enabling
- entities
- ETH
- ethereum
- ethereum network
- example
- exchange
- execution
- Exploit
- facing
- fake
- FAST
- finance
- First
- form
- Forward
- fraud
- Freedom
- future
- Gang
- Goals
- going
- Growth
- hacker
- hackers
- hacking
- helping
- helps
- HTTPS
- Identification
- identify
- increasing
- intent
- Intention
- introducing
- investing
- keys
- Majority
- Media
- Members
- million
- network
- networks
- news
- nodes
- number
- offer
- open
- open source
- Other
- owners
- People
- permanent
- picture
- platform
- Platforms
- possession
- potential
- power
- present
- private
- Private Keys
- Problem
- project
- projects
- protocol
- protocols
- provide
- providing
- public
- Reality
- reduce
- require
- responsibility
- Risk
- risks
- RONIN
- satisfaction
- security
- small
- smart
- smart contract
- Smart Contracts
- solution
- some
- store
- successful
- Target
- Technology
- theft
- Through
- token
- Tokens
- trade
- Trading
- Transactions
- transfer
- transferred
- transfers
- transition
- unique
- users
- validation
- value
- Vote
- Vulnerabilities
- Vulnerable
- Wallet
- Wallets
- wBTC
- withdraw
- without
- worth
- years
