Decentralized Finance.
To understand how DeFi works, we must first delve into what’s behind it. DeFi uses blockchain, which connects users without a central server and can transfer data and assets securely, under the users' own watch. Transactions are regulated under "smart contracts", computer programs that also use blockchain and run automatically when the parameters the parties set in advance are met.They use blockchain to store and transfer digital assets and smart contracts to make sure the parties keep their end of the bargain.
DeFi app users looking for a return on investment in tokens can program a smart contract to sell cryptocurrency at a certain price. And users who want to buy tokens can prepare a smart contract to automatically acquire them when they reach the desired value. In both cases, transactions are automatic and there’s no middleman.
The most popular method of crypto theft is the infiltration of crypto-exchange security systems. Centralised cryptocurrency exchanges often act as custodians and hold the private keys on behalf of the users who purchase and trade tokens on the exchange. Even though users can access their exchange their own accounts using logins and passwords, what they see is a representation of the tokens held on their behalf – the exchange’s wallet actually holds the tokens and private keys.This custodial structure has advantages such as speed of transactions, customer support, insurance and the ability to deposit and withdraw fiat currency. However, the central control over private keys and user accounts and passwords has proven to be a major cybersecurity risk.
Since DeFi apps have an open code, anyone with Internet can use it, create and offer services (like lending), and combine existing services. DeFi software and systems are available to the public free of charge and can even be copied, enhanced or adapted to user needs. As a decentralized financial ecosystem, it’s not regulated. Under the traditional financial system, personal details can be checked to review loan applicants' indebtedness and other aspects. In blockchain, however, a public key that holds no personal information is the "identifier". This can make preventing fraud and other financial crimes tricky.
Security is an important factor to be considered. On DeFi platforms, users safeguard their own assets via access keys and authentication to sign in to apps. Because no entity can provide or restate their personal details if they're stolen, users could lose all their assets. The most common DeFi cybersecurity risks are “key management compromises” (e.g. by individual users or by admins/developers at projects and exchanges), coding mistakes, misuse of third-party protocols, and business logic errors. Exploits still happen frequently by hackers who take advantage of these vulnerabilities.
Servers storing private keys for cryptowallets are also a prime target for cybercriminals, the researchers warn. In several instances, wallets were swiped with stolen keys, the report says, sometimes with devastating losses; one wallet had a balance of about $60 million, for instance. Financial loss could have been avoided by auditing the companies’ underlying servers and adding technical and organizational measures (such as multisignature wallets) with zero-trust and least-privilege principles, the report states.
DeFi averaged five attacks per week last year, with most of the them (51%) coming from the exploitation of "smart contracts" bugs, the analysts found. Smart contracts are essentially records of transactions, stored on the blockchain. Other top DeFi attack vectors include cryptowallets, protocol design flaws, and so-called "rug-pull" scams (where investors are lured to a new cryptocurrency project that is then abandoned, leaving targets with a worthless currency). But taken together, 80% of all events were caused by the use (and re-use) of buggy code.
🛑DISCLAIMER: I am not a financial advisor. All contents discussed on this blogpost are solely my personal views for education/entertainment purposes only . Do your own research and due diligence.