Demystifying DeFi Security: With Greater Yield Comes Greater Risks

Even the most security-conscious crypto veterans are not immune to decentralized finance (DeFi) hacks, Lawrence Tan, Bybit's Spot business development director said in a keynote address titled DeFi Security: the Risks Behind the Yield and Mitigation at Paris Blockchain Week Summit on Wednesday.?

Tan himself narrowly dodged the PolyNework hack, having exited from liquidity mining in the protocol just two days before the hack cost victims $611M.

Is DeFi safe enough to handle large amounts of assets?

With retail and institutional investors flocking to DeFi in the past two years, it has become a main target for a new wave of hackers and exploiters. Almost 74% of blockchain security incidents were dApps and DeFi-related in 2021. In 2022, investors in the space have already lost $1.29B to DeFi hacks.?

Tan shared a detailed analysis of the largest DeFi hacks in recent history through a crash course on four common DeFi vulnerabilities: admin key compromises, coding flaws, rug pulls and economic exploits by flash loans.?

What can general users do to mitigate DeFi risks?

Tan says the simple due diligence in vetting your DeFi projects carefully pays off.?

“Consider open-source and audited projects by established teams with real names. Look for projects with higher popularity, larger TVLs and a good track record. If you are a beginner, you don’t need to rush into new projects even if it promises high yields,” Tan said.

“You need to do your own research. Don’t just listen to what someone tells you because it is your responsibility,” he said, adding that diversification and setting appropriate token allowance approval limits are also on the DeFi security checklist.?

Centralized exchanges: responsibilities in risk mitigation

While hacks often begin in the decentralized space, many hackers still rely on centralized crypto service providers to move or sell their exploited funds.

“Centralized exchanges are one of the most important gateways for users to enter the crypto world. They have a responsibility to help mitigate DeFi risks for the users and for the community. They can play very important roles in services and in education,” said Tan.

Stronger KYC and AML controls will help authorities track down bad actors and help customers recuperate losses. Service providers dealing with risk-on assets should also invest more in anti-phishing efforts and safety education, he elaborated. Bybit has been actively helping the public understand DeFi and the associated risks through Bybit Learn, a publicly available online learning platform for all crypto users.

Further, he added that service providers, project teams, investors and authorities can all benefit from pioneering new blockchain capabilities or platforms — for instance, devising a KYC-compliant alternative public blockchain.?

“Chaos is very common at the early stages. It happens to most innovations in human history. The industry will learn from failures and disasters. As an ecosystem, the industry will improve itself, and this is how we move forward. So chaos is not a pit. Chaos is a ladder,” he concluded.

As an early adopter of crypto technologies and a DeFi advocate, Tan brings a decade of blockchain experience to the Master Stage at Europe’s flagship event in blockchain, crypto and NFT.?

#BybitxPBWS #PBWS2022