Investors in decentralized finance (DeFi) should prepare for another 365 days of opportunities and threats as new projects launch and cybercriminals become more skilled and advanced.
According to Drofa’s “An Overview of DeFi Security in 2022” report that was obtained by Cointelegraph, leaders in blockchain security and auditing at firms, such as HashEx, Beosin, and Apostro, have voiced out their opinion.
The report delves into the reasons behind the surge in DeFi hacks in 2021, and asks whether this trend is likely to persist throughout 2023.
Tommy Deng, managing director of blockchain security firm Beosin, said while DeFi protocols continue to enhance and bolster their security measures, it is acknowledged that “complete security cannot be guaranteed”. He added, “As long as there is interest in the crypto market, the number of hackers will not decrease.”
Also, he explained that a lot of new DeFi projects do not undergo thorough security assessments before being released to the public, and that many of them are now implementing cross-chain bridges, which have been a popular target for attackers in the past, leading to the theft of $1.4 billion in six separate incidents.
Deng’s statement also aligns with the comments made by blockchain security firm CertiK; He does not expect a decline in the number of exploits, flash loans, or exit scams in the upcoming year.
CertiK specifically highlighted the potential for hackers to continue targeting bridges in 2023, citing the high returns from such attacks in 2022.
In addition to that, the CEO of crypto-auditing firm HashEx, Dmitry Mishunin, said that that hackers have become more skilled, experienced, and are now able to search for vulnerabilities.
He explained, “The crypto industry is still relatively new, and everyone is growing with each other, so it’s difficult to get too far ahead of bad actors.”
In fact, the large sums of money involved in certain DeFi projects have made the sector particularly alluring to hackers, and the number of attacks are expected to increase in the future.
He also stated that these attacks may expand beyond DeFi, as attackers may target crypto-exchanges and banks that provide more secure options for digital asset storage.
Co-Founder Tim Ismiliaev at Apostro, a smart contract security and auditing company, gave a more optimistic perspective, as he believes that over the next half a decade, the DeFi space will become more developed, and new methods for ensuring the security of decentralized finance protocols will be established.
Nevertheless, both Mishunin and Deng agreed that many of the after-incident reports that security firms issue regarding blockchain security often miss the intended audience, which is typically blockchain developers.
Mishunin stated that mostly regular investors who are worried about their money read such reports, but developers who are busy coding and do not have the time to go through them.
Deng added that the reports focus on specific vulnerabilities and the corresponding recommendations, and so they do not aid developers who might be susceptible to different types of exploits. He acknowledged, however, that reports on general vulnerabilities in DeFi protocols have proven effective in increasing protection.