DeFi: Assessing risks
DeFi risks
Decentralized Finance (DeFi) activities offer many opportunities within cryptocurrency, with varying degrees of risk.
You can learn what you can do to protect yourself and assess the safety of the protocols you interact with.
The unregulated and unstoppable nature of crypto means it has attracted the attention of many who wish to exploit it. Malicious actors and hackers are always looking for ways to exploit code, take advantage of careless or unaware users and overwhelm legitimate financial activity.
As an individual, there are some common vulnerabilities that you should be aware of if you wish to keep custody of your own crypto assets. Keeping your DeFi wallet and private keys safe is the first and most important lesson to learn. Don’t connect your wallet to suspicious or untrusted websites. If you’ve connected to a compromised smart contract or website, you should learn how to revoke access to such services so that you can cut off any further attempts to move crypto out of your wallet. Revoke.cash and Debank.com are trusted methods of checking permissions and revoking unwanted approvals.
Minting NFT projects is a target of interest for many bad actors. By sending fake minting links or exploiting a minting contract, hackers can trick you into giving up control of your wallet. In addition, some exploits have been found on NFT marketplaces causing expensive items to be sold at unreasonably low prices. If you suspect your wallet has been compromised, the safest action is to move the assets you wish to save out of the wallet and into a new, unused address.
One must also be very careful to enter the correct address if sending assets from one wallet or exchange to another, as those numbers and letters often get mistaken and confused. The best practice when sending funds and dealing with addresses is to triple-check that the address is correct, even if there is a “copy-paste” option.
Occasionally your public address might receive an airdrop of free tokens that you weren’t expecting. An unaware crypto user might assume he can sell these free tokens and get some free crypto: be very careful and do not interact with unknown tokens that appear in your wallet. It costs next to nothing for a hacker to send you tokens on Polygon or BSC, but it could cost you everything if those coins have a malicious contract that grants the coder full access to your wallet once you’ve moved or approved the airdropped tokens to be spent.
No project in DeFi is without risks. The best way for protocols to avoid major exploits is to undergo intense audits, both for vulnerabilities and insecurities in the code and design. Bug bounties can encourage white-hat (benevolent) hackers to test the code and get rewarded before anything can be exploited. If a black hat (malicious) hacker finds a way to exploit a protocol, perhaps minting an infinite number of tokens, or gaining control of a pool of funds, then the loss can be felt by the protocol, its treasury and its users. Such a project either falters and never returns to its previous state, or it takes measures to improve and “harden” its code. In the case of THORChain’s July 2021 exploits, various measures were taken to examine and fix the holes in the code, including funding ongoing audits by multiple firms and installing an “always on” security team. On open-sourced decentralized projects, many eyes are on the design to ensure economic risks are minimized.
