the insider

Report by Drofa Comms: What’s the State of DeFi Security in 2022 and How to Improve it?

Drofa Comms started the new year by launching our own in-depth report publications. To conduct the studies, we’ll be partnering with experts and firms operating in the market getting the full scope of views on the issue under research.

The year 2022 was officially the most notorious for DeFi security breaches, so the first exclusive report titled “An Overview on DeFi Security in 2022” looks into the current state of things in the decentralised market and studies the reasons behind these gruesome statistics. To get a wholesome picture of the events, we partnered with security expert firms – HashEx, Beosin, and Apostro, who gave their angles on the sector.

According to the blockchain analytics firm Chainalysis, since the emergence of the DeFi market, it has attracted more and more attention from hackers every year. According to Certik, there were various attacks on the decentralised finance market worth $2.546 billion from January to October 2022.

Let’s see what were things like before. In 2021, for example, a blockchain security company, Peckshield, reported $1.55 billion stolen from the DeFi sector which is noticeably less than in 2022. It’s also worth mentioning that only in the first quarter of 2022 almost $1.3 billion was lost to hackers – and that definitely is a catastrophe considering the 2021 numbers.

Rugpulls and flash loan attacks are the most popular incidents of embezzlement, but not the biggest in terms of the amount of money. The most lucrative attacks have been those aimed at cross-chain bridges. The two largest cross-chain bridge exploits in the first quarter of 2022 are the $624 million Ronin Network exploit, which was an advanced phishing attack, as well as an attack on Solanа Wormhole, which is valued at $326 million.

Attacks on cross-chain bridges are becoming more and more popular because they contain a lot of liquidity, which attracts hackers, and also have a rather complex system of interaction between interfaces and smart contracts, which makes it hard to provide full-service protection.

To better understand the real picture and get a deeper insight into the issue, we posed five questions to three industry experts from HashEx, a DeFi security and analytics company, Beosin, a Web3 security firm, and a risk management platform, Apostro.

In regards to why the tendency is that scary, the experts saw several possibilities for it. They’ve concluded that, on the one hand, hackers got smarter, gaining more experience in their search for vulnerabilities, and the DeFi sector became very attractive to them because of the amount of money put into DeFi firms. And it’s not just that – many newly emerged projects don’t go through complete security testing before going live which makes them an easy target for bad actors.

So, what’s next? There’s no one opinion among the DeFi security experts in regards to what the future may bring. Some say that the sector will mature in the next five years lowering the risks the decentralised market brings. Others stay on a more cautious side stating that the number of hacks is only going to grow going forward bringing more uncertainty about the foreseeable future.

In light of the scary tendency above, the most relevant question to ask our experts was – what should DeFi companies do to increase their security level? And there are quite a few measures they might undertake. Among them are introducing a secure development process to ensure a higher level of security when the protocol is implemented; testing thoroughly their security before going live; hiring firms that specialise in conducting formal verifications and real-time monitoring; and educating the tech team on decentralisation.

The main message of our panel of experts is that the DeFi market is evolving and growing, and the amount of exploits is growing along with this market, but the top companies and experts in the field are also developing every day, which should ultimately lead to a decrease in the number of stolen funds in the future, and increase investor confidence in the industry.

The full report is available below.

We’d like to thank the following for their participation in preparing this material:

Dmitry Mishunin, Founder and CEO of HashEx;

Tommy Deng, Managing Director of Beosin;

Tim Ismiliaev, Co-founder of Apostro.