State of the security in DeFi: problems and solutions

0
880

If you landed on this page, you probably already know what Decentralised Finance (DeFi) is or have even used some protocols to trade or get yield on your deposit. 

And while DeFi continues to be one fascinating field to look into, it attracts not only hype or developers but also cybercriminals. 

The state of DeFi security continues to be a topic of discussion in 2022, with hackers having grossed over $3 billion this year alone. 

A rough year

At the moment of writing, the month of October takes a win in terms of overall value stolen from DeFi protocols – over $700 million from various protocols. The most prominent exploits include the BNB bridge ($586 million), $115M was lost in Mango Markets exploit, and almost $28M was drained from Moola Markets, Sovryn, Team Finance and TempleDAO collectively.

According to Chainalysis, cross-chain bridges remain the most tempting target for hackers due to the liquidity locked there. Although value-vice bridge hacks account for more than half of funds stolen in the DeFi space, the sheer number of DeFi protocols being exploited daily is concerning.

The state of DeFi security

Despite the waves of security incidents happening here and there in the DeFi space, the industry is still optimistic about DeFi development. While new financial primitives or improved protocol versions are being released to the world, the security space is also moving forward with new solutions for safeguarding both users and protocols.

Security audits and firms providing them continue to dominate the space – protocols want to have a security check before launch, and both users and investors alike start their due diligence from security audit reports. However, with the number of exploits, it is becoming more apparent that security audits alone are not enough to guarantee the safety of the DeFi application, and new solutions come to life:

  • Gauntlet – a financial modelling platform that leverages agent-based simulation to tune protocol parameters and improve capital efficiency. That allows protocols to react to market changes and propose improvements with lower risks of default.
  • Apostro is a risk management protocol guarding against various security threats, including code bugs, oracle or market manipulation. Generally speaking, Apostro prevents or complicates the exploit for the hacker by making it unprofitable.
  • Chaos Labs is similar to Gauntlet – they use the agent and scenario-based simulations to optimise capital efficiency and battle-test the protocol against different market conditions with various simulations.

The security solutions space is on the rise – risk management tools, bug bounty platforms, real-time monitoring, and the development of various new primitives behind the scenes. We’re still in the early stages of the quite complicated space, and neverending progress brings optimism in the future of DeFi security. (Fabulouseyebrowthreading)