Decentralized finance (DeFi) investors should brace themselves for another year of exploits and attacks as new projects enter the market and hackers become more sophisticated.
Executives from blockchain security and auditing firms HashEx, Beosin and Apostro were interviewed for Drofa’s DeFi Security Overview In 2022 a report shared exclusively with Cointelegraph.
The executives were asked about the reason for the significant increase DeFi hacks last year, and asked if this will continue until 2023.
Tommy Deng, managing director of blockchain security company Beosin, said that while the DeFi protocol will continue to strengthen and improve security, he also admitted that “there is no such thing as absolute security,” he said:
“As long as there is interest in the crypto market, the number of hackers will not decrease.”
Deng added that many new DeFi projects “don’t go through full security testing before going live.”
In addition, many projects are currently exploring its use cross bridgewhich was the main target of exploiters last year, leading to $1.4 billion stolen through six exploits in 2022.
The comment describes the blockchain security company CertiK, which told Cointelegraph on January 3 who do not “anticipate respite in exploitation, flash loans or exit scams” in the coming year.
In particular, CertiK noted the possibility of “further attempts by hackers targeting bridges in 2023” citing the high yield of attacks in 2022.
The founder and CEO of auditing company Crypto HashEx, Dmitry Mishunin, said that “hackers have become smarter, gained more experience, and learned to find bugs.”
“The crypto industry is still relatively new, and everyone is growing, so it’s very difficult to stay ahead of bad actors.”
He added that the amount of value in some DeFi projects makes the industry “very attractive” to bad actors, and that the number of hacks “will only grow.”
Mishuin said the attack may spread outside of DeFi, with attackers targeting “crypto exchanges and banks” entering the market that offer “more secure solutions for storing digital assets.”
related: Crypto recovery requires a more aggressive solution to fraud
The founder of smart contract security and auditing firm Apostro, Tim Ismiliaev gave a more hopeful outlook, but he expected the space to “maturing in the next five years, and new best practices for securing decentralized financial protocols will emerge.”
very long; did not read
Interestingly, Mishunin and Deng note that many post-incident reports provided by blockchain security companies often fail to reach their target audience – blockchain developers.
“The people who read the analysis are average investors who are concerned about money. Real blockchain developers are too busy coding; they don’t have time to read like that,” said Mishunin.
Meanwhile, Deng said that these reports are mostly about “event-based vulnerabilities and related recommendations,” so they don’t often help other developers because they may be vulnerable to other exploits.
However, he acknowledged that reports of “common vulnerabilities” in DeFi “tend to do a good job of protecting protections.”
“Vulnerability of reentrancy is not as common now as it used to be.”
