In the face of this DeFi epidemic, prevention is the only protective measure.
Original title: “DeFi hacking epidemic accelerates spreading, and it has caused US$45 million in losses in 30 days”
Written by: rekt
Compilation: Porridge Overnight
This is an epidemic that only affects the weak in DeFi. Once infected, there is no cure. The only protective measure is prevention. If you want your agreement to survive the winter, then you must allow your code to be thoroughly reviewed. The original text comes from rekt.
Stay at home and wear a mask. The DeFi hacker pandemic is spreading faster.
Now is the dark period of weak code, and developers need to lock their protocols.
Greed is contagious, and hacker attacks have brought compelling prizes. In just 24 hours, we heard about two more attacks.
- Cheese Bank-hackers took away 3.3 million US dollars through the flash loan AMM oracle attack;
- Origin Protocol-Hackers stole 8 million U.S. dollars through flash loans and fake token reentry.
In the past 30 days, we have seen more than $45 million in user funds lost due to insecure agreements. In addition to the recent attacks, we have also seen the Harvest incident (loss of approximately US$25 million)> Value DeFi incident (loss of approximately US$7 million)> Akropolis incident (loss of approximately US$2 million).
In epidemiology, the basic infection number or “R number” refers to the expected number of cases directly caused by one case in a population where all individuals are susceptible to infection.
The R number in cryptocurrencies refers to the number of protocols currently being attacked through lightning loans and fake tokens.
Since every publicity of a hacking attack is a repetition of the next capable programmer who is willing to take the risk, we are seeing the R number grow day by day.
Although every hacking attack will attract people’s attention and some will even appreciate their professional skills, we should remember not to beautify this behavior. Here, any comparison with “Robin Hood” is off topic.
We can hold the view that flash loans are good for the industry without promoting greed and theft. Having said that, greed is not without benefits.
Would the bank be safe if there were no robbers?
People say that greed is the core of the capitalist system, but it has brought us a vaccine…
If, as some people say, hackers are only trying to expose weak code and educate it, then it is better for them to return all the funds in the end rather than relying on personal judgment to decide who to return.
We can also think that maybe developers are also a little greedy, they can wait and thoroughly review their code before release, instead of gamble with users’ funds.
On the other hand, if there is no punishment for junk code, then developers will become top predators, and the cycle will continue.
All parties involved in these attacks have a certain degree of responsibility. The responsibility varies, but the motivation is the same.
Greed is human nature, and it is a key concept in DeFi games.
And each individual involved in these unfortunate events has shown their greed through different actions.
- Miners hope to make a profit and bet on untested code. Greed is manifested in their impatience, but early birds have been well rewarded in the past, so the results they want are not without precedent.
- Developers expect to get the most benefit from newly released code. Greedy developers are blinded by their expectations and skip the basic security review steps when they put the code on the market.
- Hackers-apex predators are not immune to greed, but they can use advanced knowledge to weaponize their greed. If you work hard to acquire knowledge so that you can take money in this way, you will refund millions of dollars. Funds?
Although greed cannot be cured, we must remember that greed can also create positive things, and we can take steps to protect ourselves from negative influences.
Auditing is not cheap, but these costs are small compared to the loss of funds or reputation due to hacking.
The winter of DeFi is here, and there may be more casualties in the next few months.
Although immunity is never 100% guaranteed, we can take steps to reduce the possibility of infection.
The R value will change based on our behavior, and developers must immediately lock the agreement.
This is an epidemic that only affects the weak. Once infected, there is no cure.
The only protection measure is prevention. If you want your agreement to survive the winter, then you must allow your code to be thoroughly reviewed.
Audit your code, wash your hands, and stop being attacked.
Source link: rekt.ghost.io
