What are the lessons for cryptocurrency investors?

The introduction of Web3 seems inevitable, but so does the increase in security issues and hacks. What are the main factors behind this? The high rate of innovation in the crypto world and the frequent software updates in the multi-chain world seem to inevitably introduce more vulnerabilities. We must have a real-time monitoring infrastructure to prevent and respond quickly to exploits.

“An effective monitoring infrastructure in the hands of the community acts as a strong deterrent to bad actors,” Nikos Andrikogiannopoulos, CEO of Metrika, recently told The Armchair Trader. “Similar to fire and weather alerts, which mobilize communities, evacuate threatened areas, and activate volunteer rescue teams, blockchain communities need processes and tools to deal with emergencies.”

Disruptive technologies are fleeting and with them come significant risks and great rewards. Most developers in the blockchain space learn on the fly as they come from conventional technology stacks and upgrade their skills. Education will become a driving force for better and safer programming.


DeFi needs good governance

“We must all remember that technology is not born, but rather developed,” explained Daniel Keller, Co-founder of Flux. “As adoption grows, you’ll see a strong push from leaders, driven by institutional demands for their customer base. Defi needs to feel like legacy economy but act like a decentralized network, and for that to happen we need to be good stewards of speed and security best practice.

Andrew Morfillchief information security officer at Komainu, believes that as the industry matures, we will continue to see hacks.

“Early indications with Nomad were that it was driven by opportunistic ‘raiders’, but cross-chain bridges have previously been targeted by nation-state threat actors with careful planning and precise execution,” he said. “The drivers are different, but the results are inevitably the same … loss of assets.”

The Nomad hack is another crosschain vulnerability. We saw quite a few last year. But investors want to know what causes them and why do they occur? This is also a concern for regulators and institutional investors as they envision greater participation by institutional players in the cryptocurrency space.

Bridges between chains are complicated. Frequent software updates to supported protocols and the bridge protocol itself can introduce bugs and allow exploits. In the case of Nomad, a bug in the software update enabled a type of transaction that would normally only be allowed to owners of the funds. This bug allowed anyone who wanted to copy and paste the transaction type to change the recipient address and dump the money.

Blockchain was created to do one thing, enable movement without a trusted third party. Most current decentralized fiduciary (Defi) models use a hybrid of centralized and decentralized technology, so there is an increased risk of exploitation and malicious third-party actors.

“Cross-chain operations will continue to grow at deep levels with a focus on security and decentralization; however, security and not just speed of development must be emphasized as we push Defi products to the masses,” Keller told Flux.

In short, after looking at the smart contract, it appears that there were holes in the processing of every transaction received.

Subscribe for more stories like this, at 8 on weekdays – free!

Most decentralized finance is a refugee from conventional finance, focusing on building a legacy-based system on Defi. When these managers, developers and teams focus on iteration, they look to mechanics and development for fast and rapid access; security tends to be an afterthought.

“It may not be a popular opinion, developers need to move away from programming frameworks like Solidity and more towards secure frameworks like PACT on the Kadena network,” Keller said. “The issues surrounding Ethereum and these breaches should point to the need for further development of smart contract security with more secure implementations on products like Flux and Zelcore.”

It’s not a new phenomenon, security issues with cross-chain bridges have been responsible for some of the biggest dollar hacks this year. In terms of prevention, an industry set of standard smart contract models known to be secure, smart contract auditing and secure software development cycles would be a step in the right direction.

“We need real-time analytics and monitoring, as well as more rigorous testing and higher software quality standards at the source, consistent with left-shift principles,” Andrikogiannopoulos said. “Much of the analysis we see in exploits today is forensic and fraud detection analysis after the exploit has occurred. We need real-time analytics and monitoring of anomalies before they happen. Many of these exploits start with small experiments, often in the TestNet, and is then fully deployed on the MainNet Real-time detection can trigger alerts on suspicious activity before these exploits go “in production”.

For example, in the case of Nomad, imagine seeing a zero-hash transaction running after the software upgrade that was never seen before. This would trigger a warning. In addition, after an exploit goes live, alerting the entire community in real time and immediately notifying all members will allow for rapid community response, i.e. freezing leveraged funds, coordinating with validators to suspend network activity while a hotfix is ​​released is being prepared .

This type of operational management in response to emergency crises is now more ad hoc and relies on the goodwill of the community and the heroic actions of the protocol team and responders. There must be more tools and infrastructure in this direction to provide the whole society with a standardized response to emergency situations.

Is the end user or the protocol ultimately responsible?

Protocol is responsible for identifying exploits and performing the necessary audits, procedures, solutions and code protection. Time and time again, we’ve seen that multiple revisions are still not enough to promise hack-proof protocols, primarily because more of this code is iterative and developed for the first time.

Retail investors are responsible for considering these risks before using a conventional or Defi-based product. It’s still the Wild West out there – high returns don’t come without associated risk, and only you personally can understand your risk assessment. Although sad, hearing stories of people losing their life savings just shouldn’t happen and a deeper level of education is needed for Defi to truly flourish.

Ultimately, protocols that are proven to be safe will have credibility with those who experience these types of events, but retail investors should do their research and understand the risks, promises of high %APY returns or airdrops. Unusual moves are not uncommon, but the wrong choices can result in the loss of investors’ investments (if it sounds too good to be true, it probably is).

Protocol teams are ultimately responsible for the security associated with the software versions of their protocol. Protocol teams often hire multiple outside software security auditing firms and also set up bounties to ensure all vulnerabilities are discovered before release.

Cryptocurrency markets are not regulated like futures markets

Despite best practices in software development and release cycles, it is unclear where the financial responsibility lies around exploits. Unlike banks, where deposits are insured up to $250,000 by the Federal Deposit Insurance, crypto is not regulated in the same depth; regulation in these areas is being actively developed by the CFTC and SEC.

Until the crypto space reaches this level of maturity, the ultimate financial responsibility rests with consumers who have chosen to make early investments in the nascent crypto world. Greater awareness of crypto risks would be very beneficial to the crypto investment community.

“Furthermore, cross-chain interoperability is the holy grail of blockchain technology, not only for DeFi, but also for other conventional technology sectors such as EMR, supply chain, physical assets, etc.,” Keller said. “The understanding that we are very early in the adoption cycle allows us to be innovators and disruptors, but with innovation comes inherent risk. The weak points will now provide a more robust infrastructure for the blockchain delivery framework for many users.”

Komainus Morfill adds: “As the market matures, securely developed and updated protocols with real utility will provide the credibility and security that investors seek.


Leave a Comment