One reason for this is that “hackers have gotten smarter, gained more experience, and learned how to look for bugs,” according to the founder of a crypto auditing firm.
As new projects enter the market and hackers become more sophisticated, Decentralized Finance (DeFi) investors should brace themselves for another busy year of exploits and attacks.
HashEx, Beosin, and Apostro executives were interviewed for Drofa’s An Overview of DeFi Security in 2022 report, which was shared exclusively with Cointelegraph.
The executives were questioned about the reason for a significant increase in DeFi hacks last year, as well as whether this trend will continue into 2023.
While DeFi protocols will continue to strengthen and improve security, Tommy Deng, managing director of blockchain security firm Beosin, admitted that “there is no absolute security,” stating:
“As long as there is interest in the crypto market, the number of hackers will not decrease.”
Deng went on to say that many new DeFi projects “do not go through full security testing before going live.”
Furthermore, many projects are now investigating the use of cross-chain bridges, which were a popular target for exploiters last year, resulting in $1.4 billion stolen across six exploits in 2022.
The remarks echo those of blockchain security firm CertiK, which told Cointelegraph on January 3 that it does not “expect a respite in exploits, flash loans, or exit scams” in the coming year.
CertiK specifically mentioned the possibility of “further attempts from hackers targeting bridges in 2023,” citing historically high returns from attacks in 2022.
Dmitry Mishunin, the founder and CEO of crypto auditing firm HashEx, stated that “hackers have gotten smarter, gained more experience, and learned how to look for bugs.”
“The crypto industry is still relatively new, and everyone is growing with each other, so it’s difficult to get too far ahead of bad actors.”
He went on to say that the amount of value in some DeFi projects made the industry “very appealing” to malicious actors, and that the number of hacks “will only grow going forward.”
According to Mishuin, these attacks may spread beyond DeFi, with attackers targeting “crypto exchanges and banks” that enter the market with “more secure solutions for storing digital assets.”
Tim Ismiliaev, co-founder of smart contract security and auditing firm Apostro, is more optimistic, predicting that the space will “mature over the next five years, and new best practises for securing decentralised finance protocols will emerge.”
Interestingly, both Mishunin and Deng observed that many post-incident reports provided by blockchain security firms frequently fail to reach their intended audience — blockchain developers.
“The people who read such analyses are average investors who are concerned about their money. “Real blockchain developers are too busy coding to read stuff like that,” Mishunin explained.
Meanwhile, Deng stated that the reports are typically about “event-based vulnerabilities and related recommendations,” which does not always help other developers because they may still be vulnerable to other exploits.
However, he admitted that reports on “general vulnerabilities” in DeFi “tend to do a good job of ramping up protection.”
“The reentrancy vulnerabilities are now not as common as they used to be.”
