While presenting significant opportunities for investors, the decentralized finance (DeFi) market continues to face substantial security challenges, especially during periods of increased market activity. In this regard, the cumulative total losses associated with the DeFi landscape to date — emanating from security breaches like access control issues, rug pulls, and reentrancy attacks — have crossed the $77 billion mark, with a significant portion of these events occurring during periods of market exuberance.
In fact, during 2022 alone, DeFi security losses rose by 47.4%, reaching $3.64 billion, thus highlighting the critical need for enhanced cybersecurity measures, especially during bullish market conditions when the sector experiences increased activity and exposure to nefarious elements.
Market risk-related dynamics to consider
Whenever the crypto market sees an uptick in investor activity, the DeFi sector experiences a rise in new projects and capital inflow. This, in turn, leads to accelerated development timelines, which typically come at the cost of security oversights. Moreover, the fear of missing out (FOMO) can make investors vulnerable to scams, as has been the case with several NFT projects and fraudulent airdrops.
A notable incident of this nature occurred earlier this year when a total of 1,354 fake NFTs — pretending to be part of airdrops from projects like ApeCoin, Polygon, and Uniswap — on the Polygon network led users to lose funds in excess of $1.2 million. Another such incident was associated with the Uniswap ecosystem, where fake airdrops promised 400 Uniswap tokens, each worth around $2,000. According to DappRadar, the scheme resulted in approximately $8 million in cumulative losses.
To counter these risks, Christian Seifert, researcher-in-residence for decentralized monitoring network Forta, believes that any DeFi platform actively handling user funds needs to adopt future-ready security strategies such as regular audits, real-time monitoring, incident response protocols, etc. Emphasizing the importance of these proactive measures, Seifert added:
“What’s key here is applying a multifaceted, comprehensive security approach, which undeniably lessens the risk factor. Nevertheless, a glaring void exists in the industry today when it comes to effectively tackling an ongoing attack quickly enough to stifle it or structuring the protocol to minimize the damage if an attack proves successful.”
He also noted that Forta is capable of monitoring transactions across multiple Ethereum Virtual Machine (EVM) compatible chains while scaling its network capacity to match spikes in activity during any market condition.
Best practices to employ
When asked about the ideal practices DeFi platforms and smart contract developers need to adopt to avoid common security pitfalls during a bull run, Seifert noted that it is important to utilize techniques like threat modeling/audits, monitoring/incident response mechanisms, and bug bounties to maximize the safety of one’s funds. ”Scams are very difficult to spot. Users should be utilizing security products, like Forta’s Metamask Snap plugin, to protect themselves,” he noted.
Technically speaking, the plugin can assess a transaction for any associated risks before it is signed and sent to the mempool. In fact, earlier in November, a user revealed that they almost lost $10,000 in funds due to a scam. However, by using the plugin, they could stop the perpetrators in their tracks and protect their assets.
Equally important is that users engage only with reputable DeFi platforms. In this regard, thorough research and the use of aggregators like DappRadar are essential for verifying a project’s legitimacy. Similarly, regularly checking and revoking unnecessary dApp access to wallets is a critical practice. Using tools like Revoke Cash can be helpful for such purposes.
Lastly, investors must stay alert to avoid phishing scams, refrain from clicking random links or crypto-related ads, and never share their seed phrases with anyone.
Navigating the future
As the DeFi realm continues to evolve, organizations like Forta seem to be at the forefront of the sector’s continued expansion, especially during bullish markets. Seifert notes that Forta’s approach focuses on developing user-friendly, plug-and-play solutions to streamline integration and facilitate widespread adoption. Key to their strategy is enhancing threat prevention, expanding from protecting end-users against attacks to fortifying smart contract security.
Moreover, Forta is committed to educating the blockchain community about emerging cybersecurity risks. Through resources like the Forta blog, the firm provides valuable insights into the ever-changing cybersecurity landscape. These efforts are crucial in empowering users and developers alike to navigate the complex and dynamic world of DeFi security, ensuring a safer future for investors across the globe.